There are six types of user roles available, each with their own permission levels for available actions. The roles are specified on the Create/Edit User screen.
Administrator — Users with this permission level control the highest-level security and account settings and have access to all data. We recommend that most teams have only a couple of Administrators. The first user to start a new account is given an Administrator role. Administrators added subsequently can change the role of the first user if needed.
Manager — Managers can manage users and handle most administrative tasks, plus create, edit, and permanently delete data within the designated organizations where access is granted.
Editor — Editors can create, edit, and permanently delete data—even data that they themselves didn't create—within the designated organizations where access is granted.
Creator — Creators can create and edit data within the designated organizations where access is granted. Any destructive actions (i.e. permanently deleting data) are prohibited.
Read-only — Users with this permission level can only view data within the designated organizations where access is granted. This role is read-only.
Lite — Users with this permission level can only view data within the designated organizations where access is granted. This role is read-only and is only allowed access to up to five organizations/sub-organizations. This role is ideal for clients you invite to your account.
For reference, the table below summarizes the different permission levels:
Comparing Manager and Administrator roles
Here's a quick overview of the Manager and Administrator roles.
Managers can perform these administrative actions in the account:
- Update billing
- Invite/remove/edit users (except Administrator roles)
- Manage user groups (except groups that they are not a member of)
- Create/delete/edit flexible assets
- Edit the organizational sidebar
- Enable integrations and features
- Access sync settings and data management screens associated with PSA and RMM integrations
- View detailed activity logs
- Import data (requires access to all organizations)
Administrators have all the same administrative rights and permissions as Managers but with the following additions:
- Turn on enforced multi-factor authentication (MFA) for all users
- Turn on single-sign on (SSO) for all users
- Reset MFA for users
- Generate API keys for IT Glue API and Warranty Master API
- Configure GlueConnect
- View and share the Passwords Accessed report
- Manage all user groups
- Import/export data
- Full visibility to all data; an all-access pass to the account (regardless of access settings)
- Granting organization access is an administrative function. Within each organization, restrictions are further applicable at the item level. For more information, see Controlling access with security permissions.
- Because the Manager and Administrator roles are highly privileged, enabling multi-factor authentication to increase the level of security is strongly recommended.