TonyJWe would like to start reselling nodes to companies and provide them with administrator access to their machine group only, and so they can only see their own admin account/role, and not see any other groups/accounts/roles on the KServer.
This would look something like this:
Bob Hope is the IT guy at a company called Unitech.
We create an admin role called Unitech.
We create an admin account called BobHope.
We assign BobHope to the Unitech admin role.
We create a machine group called UnitechMachines.
We give the Unitech admin role access only to the UnitechMachines machine group.
We give Bob his username and password, and when he logs in he can only access his own machine group (and any subgroups underneath it). This is all working fine.
However, on Bob's Dashboard under Tasks -- Assigned to: dropdown, and the Messages - to: dropdown, Bob can select the other admin accounts that we have created (for ourselves, other customers, etc.).
How can I restrict BobHope's access so he cannot assign tasks or send messages to users outside his own Admin Role?
And is there any other place where Bob may "see" other admin accounts, roles, machine groups, etc. that I should be aware of?
Something to watch out for is the line between hosting K agents to IT Departments, and providing services where they have the ability to log in to your system.
The Kaseya license agreement stipulates that it will not be used in an Application Service Provider fashion. Only a couple companies like SecureMyCompany (now Cloud Services Depot) and Virtual Administrator have entered into special agreements with Kaseya to offer Kaseya in an ASP fashion. Offering hosted Kaseya agents to others is a breach of the license and some people have been shut off for doing so.
The fine line I referred to is the difference between offering hosted Kaseya vs. you deliver services to that customer. If you are delivering services to that customer (e.g. "I'll be responsible for patching your environment and triaging monitoring alarms" etc) then offering them access to log in (e.g. they want to run their own reports, you escalate alarms you triage to their internal staff, etc) is within the software license agreement.
I'm not sure which side of the line any of you fall on, but I just wanted to make sure everyone was aware. If you have any questions about your situation, feel free to raise them to your Account Manager.
Director - IT Service Provider Sales - North America
Bothell, WA, USA
Wow, from 2009, and no information on how to make this happen within the service agreement?
I think the problem with Bob's account is that "LegacyPoster" Tony gave Bob Master Admin access or that he used the same role for Bob that other users where part of.
Kaseya has a hidden ability to separate access in the VSA by partitioning however this is not available to Kaseya's standard customer base.