Technicians and Access Rights System¶
In our system, technicians are operators who connect to remote devices. A technician can be not only the account owner but also other subordinate operators assigned to your team. Learn how to create additional technicians, manage them, and delegate access rights to devices and other features.
Technicians¶
Every publicly registered account on our platform automatically has a team and is considered its owner. By default, the team is empty, and in the Team section you will see an informational page about this:
If your team is not empty, the Technicians tab will display a list of them:
Adding a Technician¶
You can add a technician by sending an invitation email.
Enter the new technician’s address in the Invite a Technician window and send the invitation.
The user will receive an email with the following message:
After clicking the Join the Team button in the email, the user will be prompted to create a subordinate account within your team:
Once registration is complete, this technician will be linked to your team.
Self-Hosted version
In the Self-Hosted version, you can create technician accounts without sending email invitations — manually, by specifying a login and password for the new account.
Login via Single Sign-On (SAML)
You can configure single sign-on for subordinate technicians through your authentication provider. Learn more in the Connecting with SAML SSO guide.
Management¶
You can manage a technician’s account immediately after sending the invitation. The management window will open automatically. You can also open it later from the list by clicking the row in the technicians table.
State¶
A technician’s account can have two sequential, non-editable states:
-
Invitation, marked in the list with the icon — this state remains until the subordinate account is registered by the email owner. In this state, you can already configure the future technician, including assigning access rights to devices, but they cannot participate in any processes yet.
-
Activated technician, marked with the icon — this is the working state of the account, with access to all functions configured within your team. The status is set after the registration process is completed.
You can filter the list of technicians by this state using the Show invitations only filter:
There is also a service record with the Team Owner state, marked with the icon , but it cannot be edited.
Status¶
For an activated account, you can set two statuses:
- Active — the normal working status without limitations, marked with the green icon
- Disabled — a disabled status that temporarily removes the technician from team processes. It is marked with the icon , or with the icon if the status was set automatically due to exceeding the limits of your subscription plan. A technician with this status cannot log in or use the system.
You can filter the list of technicians by status using the corresponding filter:
Profile¶
You can change the technician’s status and personal details in the Profile tab of the technician editing window:
Security¶
In the team settings under Settings, in the Technicians section, you can configure security settings for all technician accounts in your team:
Detailed Guide
Learn more about all security settings for technicians in the Team Settings guide.
Two-factor authentication¶
If two-factor authentication was enabled for a technician’s account and access to authentication codes was lost, you can reset the requirement to enter a one-time code using the Reset two-factor authorization button in the Profile tab of the technician editing window:
Audit¶
All technician activities are logged by the system, and you can review them in the Settings section on the Audit Log tab by filtering the logs by the technician’s login.
For quick access to the log with filtering by the technician, you can use the Audit Log button in the technician editing window:
Detailed Guide
Learn more about logged events in the Remote Access Logging guide.
Departments¶
Technician accounts can be grouped into departments, allowing you to assign access rights to an entire group instead of configuring each technician individually. A technician can belong to multiple departments at the same time.
You can add a technician to a department either in the technician editing window or in the department creation/editing window.
Importing technicians from LDAP
You can import users from your Active Directory as technicians for your team. Learn more in the Integration with Active Directory guide.
Access Rights¶
You can assign access rights to devices or other system sections for individual technicians or entire departments. The interface for editing rights is the same for both technicians and departments and is available in their respective editing windows.
Access to devices¶
You can edit the list of assigned devices in the Access to Devices tab. You can grant access rights to individual devices or whole device groups.
In the Add access to device window, select the device and the role that the technician will use when working with the device.
You can assign access rights to individual devices or to device groups.
Device grouping
Read more about managing device groups in the Device Grouping guide.
Access to sections¶
In addition to device access, you can grant access to other system sections in the Access to Sections tab:
In the Add access to section window, select the section and the role that will be used by the technician when working with this section.
The sections available for delegation are Quick Support and Team. You can learn which functions of these sections can be delegated in the roles(#roles) section.
Inheritance¶
Access rights inherited by a technician from departments are marked with the icon . If both the technician and the department have different roles for the same device or group, the roles complement each other, meaning they are combined.
Roles¶
Roles define the set of functions available to a technician when working with devices and sections to which they have access rights. Throughout the system, roles are indicated with the icon .
Role Manager¶
A special manager is available for managing roles.
Here you can create, edit, and delete roles. The left side of the builder displays a list of existing roles. When you select a role, the right side shows the contents of that role as a list of permissions.
Purpose¶
The purpose depends on what the role is intended for. Three options are available:
- Devices and Groups – for managing devices in Permanent Access.
- Invitations – for working with Quick Support invitations.
- Administration – for managing other technicians and system administration functions.
The purpose is selected when creating a new role. For existing roles, the purpose cannot be changed.
Permissions¶
Permissions define the functions allowed for a specific role. They depend on the chosen purpose.
The table below lists all possible permissions for each purpose.
| Name | Description |
|---|---|
| Actions | Available connection modes to the device |
Screen View | Allows connecting to the device’s screen in view-only mode |
Screen Control | Allows controlling the device’s screen using the mouse and keyboard |
File Manager | Allows access to the device’s file system |
Terminal Mode | Allows terminal-mode access to the device |
Wake Up | Allows waking the device via Wake-on-LAN |
Reboot | Allows rebooting the remote device |
Lock/Unlock | Allows locking the remote OS account |
| Session options | Features available during a remote session |
Calls | Allows making calls |
Black Screen and Input Lock | Allows blocking the screen and input devices |
Chat | Allows sending text messages |
Sync Clipboard | Allows syncing the clipboard |
| Other options | Other system functions applicable to devices |
Screen Preview | Allows screen video preview in the device list |
Connection History | Allows access to connection history |
Software Inventory | Allows access to installed software information |
Modify Notifications | Allows managing notifications |
Video Recording Delete | Allows deleting video recordings |
Device Modify | Allows editing device properties |
Device Delete | Allows deleting devices |
| Name | Description |
|---|---|
| Access to Invitations | Which invitations are accessible |
Own Invitations | Allows access only to one’s own invitations |
All Invitations | Allows access to all team invitations |
| Actions | Available connection modes |
Screen View | Allows connecting in screen view mode |
Screen Control | Allows controlling the screen using mouse and keyboard |
File Manager | Allows access to the file system |
Terminal Mode | Allows terminal-mode connection |
| Session options | Features available during a connection |
Calls | Allows making calls |
Chat | Allows sending text messages |
Reboot | Allows rebooting the device |
Installation Request | Allows sending a request to install the agent application |
Sync Clipboard | Allows syncing the clipboard |
| Other options | Other functions |
Screen Preview | Allows screen video preview in the list |
Video Recording Delete | Allows deleting session recordings |
| Name | Description |
|---|---|
| Administrator functions | Administration features |
Audit Log | Allows access to team-wide audit logs |
Technicians and Team Settings | Allows managing technicians and team settings |
Branding Settings | Allows access to branding settings |
Billing Settings | Allows managing billing |
| Other | Other features |
Permanent Access | Grants access to the Permanent Access section. Normally this section appears if the user has rights to at least one device or group, but in some cases it may not be visible. This permission explicitly enables access to this section, for example to add a new device. |
System roles¶
In the role list, you may notice system roles labeled System. These roles were created automatically to maintain compatibility between the new permission system and the previous version. They include sets of commonly used permissions previously assigned manually. You cannot delete or modify these roles, but you can use them just like your own custom roles.
Below is the list of system roles with descriptions of their permissions.
| Name | Description |
|---|---|
| Devices and Groups | Designed for working with devices in Permanent Access |
Full device access (System) | A role with full permissions. |
Only device connection (System) | A role with connection-only permissions. |
| Invitations | Designed for working with invitations in Quick Support |
All invitations (System) | Grants access to all team invitations. |
Own invitations (System) | Grants access only to personal invitations. |
| Administration | Designed for administrative tasks. |
Team administrator (System) | Allows managing technician accounts and Team Settings. |
Branding administrator (System) | Allows managing Branding settings. |
Billing administrator (System) | Allows managing billing settings. |
Auditor (System) | Allows access to audit logs. |
| Other | Additional administrative permissions. |
Devices list (System) | Grants access to the Permanent Access section. This section is normally available if the user has rights to at least one device or group, but may be hidden in some cases. This permission explicitly enables access to the section, for example to add a new device. |
Deleting a role¶
When deleting a custom role, all access rights associated with that role are deleted as well.
Attention
Always check for access rights that depend on the role you are deleting to avoid accidentally removing access to devices or system sections for other technicians.