We're announcing a major enhancement to CloudRadial's permission system rolling out during the first week of June 2025.
The revamped roles and new Role Assignment feature will allow CloudRadial CSA Partners to assign multiple security roles with specific scopes to users, giving you precise control over who can access what across your client portfolio.
All existing permissions will be automatically preserved during the update, so no immediate action is required – this advance notice helps you understand the powerful new access control options and UI changes that will be coming soon.
Specific documentation regarding each feature and change will be released at the time of the changes going live in CloudRadial.
-
New Feature: Security Role Assignments
- Ticket Visibility Settings, Board & Status Overrides are Moving
- What Will I See in This Release?
- What Do You Need to Do?
New Feature: Security Role Assignments
We're excited to announce the release of our new Roles by Company feature for CloudRadial CSA.
This is a significant enhancement to CloudRadial's permission system that transforms how MSPs manage access across their client portfolio.
What's New?
Security Roles can now be defined with a scope, and users can have multiple roles. Where multiple roles exist, CloudRadial will use the most permissive approach to permission resolution.
Example Use Cases
-
Account Manager Control: Partner Account Managers can be granted administrator rights for specific companies or Company Groups (Enterprise-only) while retaining a lower (or no) role concerning other companies, enabling full client service for their own portfolio while protecting the security and privacy of other companies.
-
Specialized Access Roles: Partners can create a Billing Contact role that is applied in addition to other user roles, enabling access to view invoices only for specified companies. Through CloudRadial's Type Mapping feature, users tagged as Billing Contacts in your PSA can be assigned the Billing Contact role, enabling them (and only them) to get elevated permissions without adding complex security roles
- Client Approval Workflows: Client approval permissions can be granted to roles for specific companies, maintaining appropriate boundaries while enabling necessary workflows.
Additional Role-Focused Documentation
The following articles have been updated to reflect the new changes in roles and role assignments:
Ticket Visibility Settings, Board & Status Overrides are Moving
For further flexibility in securing your environments, we have moved Ticket Visibility Settings, Status Overrides, and Board Overrides to individual user properties. This gives you more control over who sees what and makes manipulation of these settings easier to access.
What Will I See in This Release?
- We have moved the Partner menu item to the top of the sidebar for users with roles that allow access to Partner menu items for easier access.
-
Partner > Security has a new page to View, Add, or Delete Role Assignments including specifying the scope of the role.
- The Users grid in both Partner > Clients and Usage > Users has been updated to quickly identify users who have policy exceptions.
- Changed the Impersonation role name to Company Admin. The Owner role has been changed to Partner Administrator
- The User Detail view in both Partner > Clients and Usage > Users has been updated to show a user's role assignments and scope of those assignments. Ticket Visibility Settings and Board/Status Overrides are also seen here.
-
Usage > Users now has a Bulk Edit option to add/remove users from company-level User Groups.
- Type Mappings now provide Ticket Settings and Overrides capabilities, allowing you to synchronize those settings based on fields in your PSA.
What Do You Need to Do?
Nothing, until you want to!
We have migrated existing users and roles to the new framework and preserved all existing role assignments. As you plan to take advantage of this new feature, you'll be able to reduce permissions for users and add new role assignments that include the scope you want.
Or, if you want to change nothing... things will still work as they have.
Getting Started
You will be able to access the new Role Assignment interface in the Partner > Security section. Our permission system now distinguishes between three key elements:
- Scope: Defines what data the assignment covers (Company, Company Group, or Partner-wide)
- Role: Defines module/page access and permission levels
- Members: The User(s) or User Group(s) who receive the role for the specified scope
Note that Company Group selection for the Scope, as well as User Group selection, is only for CloudRadial CSA Enterprise.
Comments
0 comments
Article is closed for comments.