Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Feature request for on-demand support user role #6511

Open
demkr opened this issue Nov 8, 2024 · 1 comment
Open

Feature request for on-demand support user role #6511

demkr opened this issue Nov 8, 2024 · 1 comment
Labels
enhancement

Comments

@demkr
Copy link

demkr commented Nov 8, 2024

First of all, I would like to thank you for this great tool that I use regularly. It is very useful for my daily remote management tasks. One limitation that I constantly encounter is, however, the more dynamic assignment of user rights..

I have created many users that are not administrators, but users that are limited to specific devices or device groups. If I set the server permission "No new devices" for the user and the rights for that user for a specific device group, that user can add all types of agents and/or create invitation links for all types of agents in that specific device group.

What I would like to achieve is that I can add permission to a user to only create an invitation link under a specific device group, but not to add an agent. And that under the invitation links they can only create a link for the assistant client and not for agent client.

This way I could set up a user whose role would be strictly on-demand support for clients that are outside of our organization. These are, for example, customers who occasionally need our help, but their policy does not allow us to have our agents installed on their system. I am also not keen on having our agent installed on customers outside our organization in the first place.
@demkr
Copy link
Author

demkr commented Nov 8, 2024
edited
Loading

I may have found a solution to this. I created a limited user with partial server permissions, so I put a check mark at "No new devices". Then as an administrator I created a device group that is used only for on-demand support. For this user I added the control permission to this group. Then I enabled agent invite codes and activated it under this group. I predefined the agents as MeshCentral Assistant.

Now the limited user can click on the "Invite codes" option, but everything is disabled from any modification. There is only a notification for Installation type that says Background and interactive. At first I thought it would be an agent installation, but when I clicked on the link and entered the code, it was a link to download the assistant. The best part is that the user cannot change anything. Neither the codes nor the agent installations and this setting is as set by the admin.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
enhancement
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@demkr