Create separate role permissions on Session Sub Groups

Henry Booth 6 years ago updated by anonymous 5 years ago 21 4 duplicates

The ability to grant specific role permissions to sub groups in addition to standard session groups would be fantastic, would simplify our session group screen and would keep everything nice, logical and tidy.

Duplicates 4

Since the description might be a little confusing, here's the forum thread discussing this: User access based on CustomProperty

Pending Review

I might expand on this even further and request restricting user access to a single session within a group if it is not already a feature


To me I would like to be able to assign a specific machine or group to a user to allow them to access machines. In my particular instance I am trying to give one of our software vendors access to look at issues on a few servers. I don't want them to see all our clients, just the ones pertaining to them.

This also goes for our internal support personnel. If they support one product they don't need to see the others.

@ Aaron, it seems like your use case would be better solved by creating a My machines group for your Vendor like in this post: http://forum.screenconnect.com/yaf_postst3230_How-to-configure-as--GoToMyPc--for-employees.aspx . Instead of notes, I would recommend using a Custom Session Filter: https://help.screenconnect.com/index.php?title=Add_custom_fields. Then you would be able to dynamically assign machines based on a custom filter. The advantage would be the my machines role could be used for all vendors, but would display different machines based on the Host Name.

The original issue is more referring to the ability to reference subgroups in role based security and seems to be a duplicate of this issue: http://product.screenconnect.com/topics/571-roles-able-to-use-subgroup-to-give-permissions/ .

@ Jackson does the above issue describe your problem? If so, I'll merge the requests.

Considering for Future Release
Considering for Future Release

Agreed, the post is a tad confusing. But I agree with the concept. In my case I have a self-hosted server with Windows AD authentication. I have a custom property that contains the windows user name of the primary user of that host computer. I'd like to make a security group that allows generic end-users access to their primary device (alone) based on that custom-property, instead of making a ConnectWise Access group for every user in my organization.

We would like to be able to grant access to more than 1 pc in a group but not the entire group - more like a 1 to some rather than 1 to 1  or 1 to all - for example all except a server or all except the owner's pc

Agreed on how much this would simplify our design and permissions!

Any ideas as to where this is on the roadmap by chance? Would be a super helpful feature for granular permissions.


Hi Samuel,

This is scheduled for a release in Q1 (6.5-6.6.), barring any development delays. 

I was chatting with support earlier and they said that you mentioned development of this ran into issues. Can you shed some light on the issues and a new timeline on when we might expect to see this feature. I would love to organize some groups but can loose the ability to limit roles to specific groups that would move into a subgroup.

Hi Dustin,

Thanks for reaching out.

Unfortunately, a couple of unseen obstacles did appear, but we are knocking things out and are aiming to bring this enhancement to everyone between Q1-Q2. When I know the definite release this change is merged in I will relay it here :) 

Awesome! Thanks for getting back to me!

We are on 6.6, Any idea when it will be?

Hi Dulitha,

We weren't able to hit our target release, but this enhancement is forthcoming. I don't have a definite idea of when it'll be available, but our developers continue to hammer out this one, and I suspect they're near a viable solution. I'll relay any new major development advances as I learn about them.