Users & Roles settings allow you to manage your team members, create custom roles, and assign granular permissions to control access across MSPortal.ai.
Accessing Users & Roles
- Click Settings in the sidebar
- Select the Users & Roles icon from the settings navigation
Users Tab
The Users tab displays all team members in your organization.
Each user entry shows:
| Field | Description |
|---|
| Name | User’s full name |
| Email | Login email address |
| Role | Assigned custom role |
| Status | Active or inactive |
| Last Login | Most recent login timestamp |
Adding a New User
Click Add User
Select the + Add User button in the top right
Enter User Details
Fill in the user’s name, email address, and other required information
Assign a Role
Select a custom role to define the user’s permissions
Assign Companies
If “Restrict to Assigned Companies” is enabled, select which companies this user can access
Send Invitation
Click Save to send an invitation email to the new user
Editing Users
Click on any user row to edit their details:
- Update profile information
- Change assigned role
- Modify company assignments
- Deactivate or reactivate the account
Roles Tab
The Roles tab allows you to create and manage custom roles with specific permissions.
Understanding Roles
Roles define what actions users can perform in MSPortal.ai. Each role is a collection of permissions that can be assigned to users.
The Primary Admin role is a system role that cannot be deleted or modified. It always has full access to all features.
Creating a Custom Role
Click Add Role
Select the + Add Role button
Name the Role
Enter a descriptive name (e.g., “Support Technician”, “Account Manager”)
Set Permissions
Check the permissions this role should have access to
Save the Role
Click Save to create the role
RBAC Permissions
Roles use a granular Role-Based Access Control (RBAC) system. Each role has three permission levels for every resource:
| Permission Level | Description |
|---|
| Read | View data and access the page |
| Write | Create and edit records |
| Manage | Full control including delete and settings |
Permission Sections
Permissions are organized into three sections:
Main Navigation - Access to core application pages:
- Dashboard, Surveys, Goals, Planner, Budgets
- Calendar, Meetings, Notifications
- M365, Tickets, Compliance, Training
- Devices, Reporting, External
Settings - Access to configuration areas:
- Users, Roles, Companies
- Training, Tickets, Compliance settings
- Templates, Playbooks, Integrations
- Import/Export, Tenant, Billing
Other - Special permissions:
- Impersonate (start user impersonation)
- Types management
Role Options
| Option | Description |
|---|
| Default Role | Automatically assign to new users |
| Bypass Company Restrictions | Access all companies regardless of tenant restrictions |
Example Role Configurations
| Role Name | Typical Permissions |
|---|
| Support Tech | Read/Write on Tickets, Devices; Read on Company Overview |
| Account Manager | Manage on Calendar, Budgets; Read/Write on Reports |
| Compliance Admin | Manage on Compliance, Playbooks; Read on Reports |
| Training Admin | Manage on Training; Read on Company Overview |
Company Assignments
When “Restrict to Assigned Companies” is enabled in Tenant Settings, users only see data for companies they’re assigned to.
Assigning Companies to Users
- Edit a user from the Users tab
- Navigate to the Company Assignments section
- Select the companies this user should have access to
- Save changes
If a user has no company assignments when restrictions are enabled, they won’t be able to see any company data.
Best Practices
Role Design
- Start simple - Create a few broad roles before adding specialized ones
- Use descriptive names - Role names should indicate the user’s function
- Document permissions - Maintain a reference of what each role can do
User Management
- Regular audits - Review user access periodically
- Deactivate vs delete - Deactivate users who leave to preserve audit trails
- Least privilege - Assign the minimum permissions needed for each role
Troubleshooting
User Can’t Access a Feature
- Check the user’s assigned role
- Verify the role has the required permission
- If using company restrictions, ensure the user is assigned to relevant companies
Role Changes Not Taking Effect
- Ask the user to log out and back in
- Clear browser cache if issues persist
- Verify the role was saved successfully
