New Feature Release - Multi-Customer Permissions

Today we are significantly expanding our support for how customer permissions are handled within Syncro. Previously, you were relegated to assigning your security groups to allow for access to all customers, or a single customer (for co-managed IT scenarios.)

With this new release, you can now include any number of customers in your security groups, allowing you to granularly control what customer records your employees can and cannot see on a per-employee basis.

You can watch the video below to learn more.

1 Like

This is awesome. However any idea why permissions go from 189 down to only 32 possible permissions? Seems to cut out a lot of features that techs use. Maybe I did something wrong…
image

1 Like

This is how it’s always been with Single Customer users, and now multi-customer users, which is an extension of that. A lot of permissions won’t be applicable if they aren’t scoped to all customers.

1 Like

Is there a link you can reference that can tell us which permissions are restricted between All and Single-/Multi- customer security permissions?

not sure, but here’s the categories you can give permissions to techs. Assets, customers, RMM Alerts, Scripts, and Tickets. Anything else like Chat, credentials, documentation, policies, worksheets, ticket timers, NOT an option for some reason.

That works for single customers, but I thought the point was to remove customers, like your own internal devices.

You can. Just move everyone to accessible and the Customer you have your internal machines attached to under inaccessible for the security group.

This is extremely limited. A very large number of permissions do not exist for single/multi-customer.
I was hoping to be able to disable access to our internal devices, and create some other restrictions based on tech level where only some have access to certain customers.

As it stands I can’t do this because so many permissions are missing. Chat and the ability to move devices in policy folders (or editing those folders in any way) are the major 2 that I’ve seen, alongside a total lack of permissions for anything sales related. If the user needs a new battery sent out for their laptop the tech would have to pass it to an admin or sales instead of just processing it there and then themselves.

I tried mixing multiple security groups to get what I wanted but you can only have 1 single/multi-customer group applied and nothing else so I’m still just stuck with all techs having access to every device and customer.

Hopefully the team can improve this some more because as it stands this feature is unusable for us.

1 Like

Seems to be major issues with this feature. I have a number of existing security groups that have 190 total permissions and have various selections for each group. When I go to edit any of these existing groups and change it to “select customers” all permissions dissapear and only 32 blank permissions are available.

I attempted to create an internal access group called Bytes Internal Access. This is a new group and you can see there are 18 out of 32 possible permissions all the other groups were older defined groups with one hundred and ninety permissions.

Additionally, if you want to exclude one 2 or a few customers it seems possible By selecting all customers and moving them over and then searching for and removing the few customers you do not want access to. The problem I see is when you add new customers to the system users in these groups will by default not have access to these customers unless these groups have a function to auto add new customers to the groups. What will happen if someone adds a customer and then tries to edit them?

1 Like

not usable, my technicians don’t have permissions to see any of the credentials for specific customer on the assigned credential page unless they are given permissions to see all customers.

2 Likes

Hello,
So this “feature” is useless or maybe it’s useful for someone but i can’t think of who it would be…
I would love to hear what the reasoning was to say not give access to those techs tied to specific customers to knowlegebase for example or chat… really???
Why did all this needed to be soo difficult? Why can’t you just add restrictions by customers and not mess with anything also in the permissions?
We do want our techs to be able to use chat and all the other stuff that basically gets stripped out when you do multi customer permissions…
Or at the very least make this to be an umbrella under the other permissions but it seems that you can’t do that at least not right now.

Just adding my voice as another person who is running into issues with the limited permissions for co-managed situations. I have a client with an on-site IT person that helps co-manage their network and they want the ability to manually install Windows Patches and run reports on their machines.

What’s the logic in restricting me from being able to grant them these abilities?

1 Like

This is a step in the right direction, but backgrounding tools doesn’t work for techs assigned to a customer group. I have all permissions enabled in the group, including backgrounding tools. If you could get that piece working, this would be awesome-er.

Wow from everything I see on here this is a design failure. You really need to design for specific use cases. What is the use case you were designing for Syncro?

This should be your use cases:

  1. Restricting customers to technicians or technician groups (techs should still do everything, or not)
    Example cases, techs that have (Medical or Privacy, or Security Clearance) get permission on Security Clearance Customer group, Medical Group etc…
  2. Co-managed IT: This would be solved with 1, with additional restrictions to PSA features, Internal IT should not see any billing or invoicing options, yet have access to all the tools for their select customer groups.

Additionally:
It should be easy to add a new technician to segmentation/customer groups, and not have to assign permissions individually. There should be a default customer group new techs get added to, that the MSP chooses.
It should be easy to add customers to a segmentation/customer groups.
Segmentation groups can be no access, with new customers (added automatically if turned on).
Or Segmentation groups can be access.

Additionally this could be built out dynamically with tags, so tech’s with the appropriate tags get automatically added to the groups. Got #securityclearance etc…

This would solve the majority of issues mentioned here. On tickets there should be a toggle for tickets based on the customer, where the ticket is part of the global knowledge base or private to customer by default. This would be overridden on a ticket by ticket basis.