Accessing Users & Roles
- Click Settings in the sidebar
- Select the Users & Roles icon from the settings navigation
Users Tab
The Users tab displays all team members in your organization.
User Information
Each user entry shows:| Field | Description |
|---|---|
| Name | User’s full name |
| Login email address | |
| Role | Assigned custom role |
| Status | Active or inactive |
| Last Login | Most recent login timestamp |
Adding a New User
1
Click Add User
Select the + Add User button in the top right
2
Enter User Details
Fill in the user’s name, email address, and other required information
3
Assign a Role
Select a custom role to define the user’s permissions
4
Assign Companies
If “Restrict to Assigned Companies” is enabled, select which companies this user can access
5
Send Invitation
Click Save to send an invitation email to the new user
Editing Users
Click on any user row to edit their details:- Update profile information
- Change assigned role
- Modify company assignments
- Deactivate or reactivate the account
Roles Tab
The Roles tab allows you to create and manage custom roles with specific permissions.
Understanding Roles
Roles define what actions users can perform in MSPortal.ai. Each role is a collection of permissions that can be assigned to users.The Primary Admin role is a system role that cannot be deleted or modified. It always has full access to all features.
Creating a Custom Role
1
Click Add Role
Select the + Add Role button
2
Name the Role
Enter a descriptive name (e.g., “Support Technician”, “Account Manager”)
3
Set Permissions
Check the permissions this role should have access to
4
Save the Role
Click Save to create the role
RBAC Permissions
Roles use a granular Role-Based Access Control (RBAC) system. Each role has three permission levels for every resource:
| Permission Level | Description |
|---|---|
| Read | View data and access the page |
| Write | Create and edit records |
| Manage | Full control including delete and settings |
Permission Sections
Permissions are organized into three sections: Main Navigation - Access to core application pages:- Dashboard, Surveys, Goals, Planner, Budgets
- Calendar, Meetings, Notifications
- M365, Tickets, Compliance, Training
- Devices, Reporting, External
- Users, Roles, Companies
- Training, Tickets, Compliance settings
- Templates, Playbooks, Integrations
- Import/Export, Tenant, Billing
- Impersonate (start user impersonation)
- Types management
Role Options
| Option | Description |
|---|---|
| Default Role | Automatically assign to new users |
| Bypass Company Restrictions | Access all companies regardless of tenant restrictions |
Example Role Configurations
| Role Name | Typical Permissions |
|---|---|
| Support Tech | Read/Write on Tickets, Devices; Read on Company Overview |
| Account Manager | Manage on Calendar, Budgets; Read/Write on Reports |
| Compliance Admin | Manage on Compliance, Playbooks; Read on Reports |
| Training Admin | Manage on Training; Read on Company Overview |
Company Assignments
When “Restrict to Assigned Companies” is enabled in Tenant Settings, users only see data for companies they’re assigned to.Assigning Companies to Users
- Edit a user from the Users tab
- Navigate to the Company Assignments section
- Select the companies this user should have access to
- Save changes
Best Practices
Role Design
- Start simple - Create a few broad roles before adding specialized ones
- Use descriptive names - Role names should indicate the user’s function
- Document permissions - Maintain a reference of what each role can do
User Management
- Regular audits - Review user access periodically
- Deactivate vs delete - Deactivate users who leave to preserve audit trails
- Least privilege - Assign the minimum permissions needed for each role
Troubleshooting
User Can’t Access a Feature
- Check the user’s assigned role
- Verify the role has the required permission
- If using company restrictions, ensure the user is assigned to relevant companies
Role Changes Not Taking Effect
- Ask the user to log out and back in
- Clear browser cache if issues persist
- Verify the role was saved successfully
Related Resources
- Settings Overview - All settings options
- Tenant Settings - Company restriction settings
- Getting Started - Role creation guide