The ability to grant specific role permissions to sub groups in addition to standard session groups would be fantastic, would simplify our session group screen and would keep everything nice, logical and tidy.
Currently you can only create a new role with main groups. With a large MSP company like ourselves, could we create user roles that allow for only specific subgroups to be listed.
For example: ViewSessionGroup: SpecificSessionGroup: {Main Group}: {SubGroup}
I love the feature where we can restrict our Screenconnect users to a particular session group we have made, but I'd love to extend that further and be able to give a Screenconnect user access only to a particular nested group. So say I have my sessions grouped into Clients, and then sub grouped into physical locations for that client, I would like the ability to give a user access to PCs only at a particular location. Thanks!
On the security page when Defining a role - it would be nice to be able to define "specificsubgroup" instead of specific group. The reason I ask is because I have our sessions split by :
, ,
, ,
| Name Session | Filter | Subgroup filter |
| All Machines by Organizations | blank | CustomProperty1,IIF(GuestOperatingSystemName NOT LIKE '*server*','WORKSTATIONS','SERVERS'),IIF(GuestConnectedCount > 0, 'Connected', 'Disconnected') |
If I want to only allow certain people access to certain machines by thier company name , I still must have a dedicated session group for that technician.
Since the description might be a little confusing, here's the forum thread discussing this: User access based on CustomProperty
I might expand on this even further and request restricting user access to a single session within a group if it is not already a feature
To me I would like to be able to assign a specific machine or group to a user to allow them to access machines. In my particular instance I am trying to give one of our software vendors access to look at issues on a few servers. I don't want them to see all our clients, just the ones pertaining to them.
This also goes for our internal support personnel. If they support one product they don't need to see the others.
@ Aaron, it seems like your use case would be better solved by creating a My machines group for your Vendor like in this post: http://forum.screenconnect.com/yaf_postst3230_How-to-configure-as--GoToMyPc--for-employees.aspx . Instead of notes, I would recommend using a Custom Session Filter: https://help.screenconnect.com/index.php?title=Add_custom_fields. Then you would be able to dynamically assign machines based on a custom filter. The advantage would be the my machines role could be used for all vendors, but would display different machines based on the Host Name.
The original issue is more referring to the ability to reference subgroups in role based security and seems to be a duplicate of this issue: http://product.screenconnect.com/topics/571-roles-able-to-use-subgroup-to-give-permissions/ .
@ Jackson does the above issue describe your problem? If so, I'll merge the requests.
Agreed, the post is a tad confusing. But I agree with the concept. In my case I have a self-hosted server with Windows AD authentication. I have a custom property that contains the windows user name of the primary user of that host computer. I'd like to make a security group that allows generic end-users access to their primary device (alone) based on that custom-property, instead of making a ConnectWise Access group for every user in my organization.
If the Session Group Manager is used generate Session Groups Dynamically rather than explicitly, the Host Role Security Manager is no longer able to reference the absolute value contained in a CustomProperty. Thus when CustomProperty1 is populated with the Organization, a Host Role cannot be defined to limit access to a specific Organization unless a Session Group has been explicitly defined to capture that Organization.