There needs to be much more granular control of roles - they're currently not fit for purpose for an MSP. For example, we can't have a user with access to policy configuration, without making him a full admin and therefore providing him access to all the billing information. This is a security risk for the business that needs a solution ASAP.

We need to be able to assign or unassign using more granular permissions. Some tech's we want to allow creating KB articles, while other techs should only be able to view them.
We need more granular control over which scripts a Tech can run.
We need more granular control over editing devices but not allowing them to connect to devices
We need more granular control over the Manage button, some technicians should not be able to edit the registy or run command prompt or powershell on devices.
We need more granular control over Edit Relations, some tech's should have this ability while others should not.

URGENT: Technicians should be able to add time to a ticket without being able to see the rate of the contract or select the rate. This is important as right now there is no way for technicians to be able to log time without accessing all clients' contract rates, which are confidential.

Permission Ticks for custom roles to be considered
Allow A role to create a Customer
Allow a role to remove a customer
Allow access to all customers With exception/exclusion
Allow to Modify or submission to Knowledgebase (with ability to restore previous version)
Allow to create KB for internal
Allow to create KB For Customer
Allow to create Scripts
Allow full admin - with customized Feature/plugin blocking

Disable menu items for roles (e.g. knowledge base or app center)

I need to be able for technicians to edit customer information, (not contacts, for which there is already a selection) without the need to be admin.

Also it would be nice to add "Create atera accounts" without being admin.

We should have the option to have the customer access list work either exclusively or inclusively. We have one technician who can't have access to one customer only, so every time we add a customer I have to go add them to the his role. It would be better if I could just exclude the one customer he can't access and be done with it.

Adding the possibilities for a technician to add snmp, http, tcp monitoring.

This has probably been said, but we need the ability for non-admins to be able to create and update quick response templates. It's silly that you have to be an admin in order to do some of the most basic tasks.

I would like to see the ability for techs/staff to be able to edit and create KB articles and add customer notes and modify customer details. Currently only Admins have these permissions.

I agree with all of the previous comments. I would like to add that if I have a role that I've only allowed access to a handful of customers, but then go to edit it to add the rest of the customers, I can't just click "Select All". I have to compare the list of current allowed customers to my list of full customers to add the differences, or delete and make a new role, or delete all the customers and then "Select All". I would like to just hit "Select All" and it just overwrite everything on the list. Would be so fast and convenient. Hopefully that made sense?

Dashboard view only - for companies with NOC's where we like to have stats displayed on a big central screen - no ability to do anything with tickets/alerts apart from view them - no atera license required

password viewer role - the tech can see the password but not alter/delete it. at the moment if you have permission to view the password you have permission to alter it, this could cause merry hell - you bring on a newbie and they either cant do their job becasue they dont have access to admin passwords, or you give them the ability to go in and break everything. This urgently needs some middle ground where they can do their job and not damage internal systems.

Going to add another comment here about roles....if we ever get separate roles, since Helpdesk and Billing shouldn't be doing Network Discovery. That would be Sales Engineers or full-Admin staff.

I'm going to add in that certain roles need to be on a per-customer basis. Helpdesk/NOC should have access to customer servers, but not our own internal servers. (currently it's all-servers or no-servers based permissions)

separate role for KB edit, previously report access role gave KB edit permission. Haven't tested this again but there are no mentions about it in the roles section.

Everyone must be admin for us, roles are useless.

How about just a ground up rebuild of the whole role/permission system? It's so broken you might as well not even have it there right now.

Biggest let down of the whole product if you ask me.

It's actually embarrassing.

EDIT 21/10/2021 - New permissions just added are somewhat better, but still definitely needs more work. Still a bit buggy as well.

Is there an ETA On when this might happen as not letting tech move device between folders or do basic tasks that only an admin can do that a tech should be able to do is insane.

Technician should be able to move devices between customers and folders

Everyone runs into their own situations where better role customization could be utilized. Mine in particular requires me to not allow one tech to see any information from one client. I still need that technician to be able to move computers between customers and be able to edit device information. However, I can't let him because I would have to set him as Administrator, which would give him the ability to change his role and see that ONE client that doesn't not want him to have access. Better role customizations could lessen a lot of headaches for me. Also, when adding customers to roles, it shouldn't list EVERY customer. It should only list the customers that HAVEN'T been added to the role already. Just my opinion. Thanks!