There are six types of user roles available, each with their own permission levels for available actions. The roles are specified on the Create/Edit User screen.
Administrator — Users with this permission level control the highest-level security and account settings and have access to all data. We recommend that most teams have only a couple of Administrators. The first user to start a new account is given an Administrator role. Administrators added subsequently can change the role of the first user if needed.
Manager — Managers can manage users and handle most administrative tasks, plus create, edit, and delete data within the organizations where access is granted. Certain destructive actions (i.e. permanently deleting data) are permitted.
Editor — Editors can create, edit, and delete data within the organizations where access is granted, plus set asset permissions, controlling which other users have access to that asset.
Creator — Creators can create and edit data within the organizations where access is granted, plus set asset permissions, controlling which other users have access to that asset.
Read-only — Users with this permission level can only view data within the organizations where access is granted. This role is read-only.
Lite — Users with this permission level can only view data within the organizations where access is granted. This role is read-only and is only allowed access to up to five organizations/sub-organizations. This role is ideal for clients you invite to your account.
For reference, the table below summarizes the different permission levels:
Comparing Manager and Administrator roles
Here's a quick overview of the Manager and Administrator roles.
Managers can perform these administrative actions in the account:
- Update billing
- Invite/edit/remove users (except Administrator roles)
- Manage user groups (except groups that they are not a member of)
- Create/edit/delete flexible asset templates
- Edit the organizational sidebar
- Enable integrations and features
- Access sync settings and data management screens associated with PSA and RMM integrations
- View detailed activity logs
- Import data (requires access to all organizations)
Administrators have all the same administrative rights and permissions as Managers but with the following additions:
- Turn on enforced multi-factor authentication (MFA) for all users
- Turn on single-sign on (SSO) for all users
- Reset MFA for users
- Generate API keys for IT Glue API and Warranty Master API
- Configure GlueConnect
- View and share the Passwords Accessed report
- Manage all user groups
- Import/export data
- Full visibility to all data; an all-access pass to the account (regardless of access settings)
- Granting organization access is an administrative function. Within each organization, restrictions are further applicable at the item level. For more information, see Controlling access with security permissions.
- Because the Manager and Administrator roles are highly privileged, enabling multi-factor authentication to increase the level of security is strongly recommended.