Agent permissions control what an Agent can view, create, edit, delete, manage, and configure in SysAid.
Using permissions intentionally helps you give each SAgent the access they need without opening more of the system than their role requires. You can use permissions to support different service desk roles, such as frontline technicians, service desk managers, asset managers, change managers, chat supervisors, and SysAid administrators.
Available for:
Customers using SysAid Spaces. If you’re using SysAid Classic, see Edit Administrator.
How it works
Permissions apply only to Agents. End Users do not have admin permissions and cannot access admin functionality.
You can manage Agent permissions in two ways:
Individual permissions: Permissions are configured directly on a specific Agent profile.
Group permissions: Permissions are configured on a group and applied to Agents who use that group’s permissions.
In the individual user profile, the Permission Type field lets you choose whether an Agent’s permissions are determined by their individual profile or by the permissions configured for the groups they belong to.
Use group permissions when a set of Agents should share the same access level. Use individual permissions when an Agent needs access that differs from the group model.
Individual permissions
Individual permissions are configured directly on the Agent profile.
Use individual permissions when:
A Service Pro needs a one-off exception.
A manager or specialist needs extra access that other members of the same group should not have.
You want to test a permission change before applying it to a larger group.
Individual permissions can become harder to audit as your service desk grows, so use them carefully.
Group permissions
Group permissions are configured on groups and can be used to give multiple Service Pros the same access.
Use group permissions when:
Access should follow a team, role, or function.
You want to manage permissions for several Service Pros at once.
You want permission reviews to be easier and more consistent.
For example, you might create permission sets through groups such as Tier 1 Support, Service Desk Managers, Asset Managers, or Change Managers.
For more information about configuring groups, see Managing Groups.
Company-based access limits
In the Full Edition, Service Pros can be associated with a company. Depending on their permissions, you can limit a Service Pro so they can only view or manage SysAid entities associated with the same company.
This limitation can affect service records, action items, assets, CIs, tasks, projects, and relational custom fields.
Important:
An Agent can be associated with only one company. If company-based access is enabled and the Service Pro is not associated with a company, they will not have access to company-scoped data.
Reports run by a company-limited Service Pro only show data from that Agent’s associated company.
Permissions overview
The permissions available to a Service Pro may vary depending on your SysAid edition, version, enabled modules, and configuration.
Inventory and asset permissions
Permission | What it controls |
|---|---|
View Inventory, only in group X and their sub groups | Allows the Service Pro to view assets under Asset Management for the selected groups and their subgroups. Clear this option to prevent the Service Pro from seeing assets. |
Modify Inventory | Allows the Service Pro to make changes to assets they can view. |
Purge Inventory, only in group X and their sub groups | Allows the Service Pro to delete assets under Asset Management for the selected groups and their subgroups. Clear this option to prevent the Service Pro from deleting assets. |
Deploy/undeploy TeamViewer Embedded on assets | Allows the Service Pro to deploy or undeploy TeamViewer Embedded on assets in the system. |
Start TeamViewer Embedded sessions | Allows the Service Pro to initiate remote control sessions using TeamViewer Embedded. |
Please note:
Agents can see all subgroups within their selected groups. If the root group is selected, the Agent can see all relevant assets, even if no other groups are selected.
Service record permissions
Permission | What it controls |
|---|---|
View Service Records that are assigned to | Determines which service records the Agent can view. Clear this option to prevent the Agent from seeing service records. |
Create/Modify Service Records that are assigned to | Determines which service records the Agent can create and modify. Clear this option to prevent the Service Pro from modifying service records. |
Enable bulk actions from SR list | Allows the Agent to update and/or delete tickets from the service record list. This option is available from version 20.4.60 and above. In earlier versions, it can be set for all admins or SysAid admins in general settings. |
Purge Service Records that are assigned to | Allows the Agent to permanently delete service records. |
Archive Service Records that are assigned to | Determines which service records the Agent can archive. Clear this option to prevent the Agent from archiving service records. |
Merge service records | Allows the Agent to merge service records. You can choose whether the Agent can change merge settings for each merge or must use the default merge settings configured in the Merge Service Records page. |
Knowledge base permissions
Permission | What it controls |
|---|---|
Create/Modify Knowledge base articles | Allows the Agent to create and modify articles for both the Knowledge Base and FAQ, or for the Knowledge Base only. Clear this option if the Service Pro should not modify KB or FAQ articles. |
Purge Knowledge base articles | Allows the Agent to delete articles for both the Knowledge Base and FAQ, or for the Knowledge Base only. Clear this option if the Service Pro should not delete KB or FAQ articles. |
Project and task permissions
Permission | What it controls |
|---|---|
View Projects that are assigned to | Determines which projects the Agent can view. If the Agent can only view their own projects or projects assigned to them and their groups, they can only view tasks attached to projects they can view. They cannot view tasks that do not have an associated project. |
Modify Projects that are assigned to | Determines which projects the Agent can modify. |
Purge Projects that are assigned to | Allows the Agent to permanently delete projects and tasks. |
Reports and analytics permissions
Permission | What it controls |
|---|---|
Access reports | Allows the Agent to view reports. |
Manage reports | Allows the Agent to create new reports and edit existing reports. |
Access Dashboard | Allows the Agent to access the dashboard. |
Access BI Analytics | Allows the Agent to access the BI Analytics module. |
Remote control permissions
Permission | What it controls |
|---|---|
Remote Control | Allows the Agent to initiate Remote Control sessions with computers in your network. |
Company and data-scope permissions
Permission | What it controls |
|---|---|
Limit Agent to only manage service record data associated with their company | Limits the Agent to SysAid entities associated with the same company as the Agent. This can affect service record fields, action item fields, reports, relational list custom columns, and relational multiselect custom columns. |
This limitation can affect the following service record fields and entities:
Assignee
Group
Request User
Main Asset
Main CI
Main Task
Main Project
Relational List custom columns
Relational MultiSelect List custom columns
It can also affect the following action item fields and entities:
Additional users
Group
CI
Asset
Task
Project
Relational List custom columns
Relational MultiSelect List custom columns
System administration permissions
Permission | What it controls |
|---|---|
SysAid Administrator | Gives the Agent all permissions in SysAid, including user management and customization options. When selected, all other permission checkboxes are selected automatically. SysAid Administrators cannot be restricted to their company data only. Some permissions can only be granted by selecting this option, such as access to user management and SysAid customization. |
Manage end users / Manage end users and companies | Allows Agents without SysAid Administrator access to make changes to End User accounts. In the Enterprise edition, this also allows changes to company accounts. |
Restrict access for | Allows you to prevent an Agent from accessing selected SysAid pages in addition to restrictions imposed by other permissions. This option is available in the Full Edition. |
Personalization and view permissions
Permission | What it controls |
|---|---|
Can save custom personal views | Allows the Agent to save personalized custom views in service record lists. |
Manage My Desktop | Allows the Agent to access the My Desktop module, including registering users from the My Desktop tab on the user form and assigning assets from the Access List tab on the asset form. |
Change, problem, and action item permissions
Permission | What it controls |
|---|---|
Change Manager | Allows the Agent to edit subtypes, edit request/change/problem templates, create new changes and problems, and edit all action items for a request, change, or problem. |
Create Changes/Problems | Allows the Agent to create a new change request or problem. This does not include editing Change or Problem templates. |
View other Admins’ action items | Allows the Agent to view, but not edit, action items assigned to other users. |
View calendars of admins who are members of the same groups | Allows the Agent to view calendars of other Agents who belong to the same groups. |
CMDB permissions
Permission | What it controls |
|---|---|
View CMDB | Allows the Agent to view CIs in the CMDB. Clear this option to prevent the Service Pro from seeing CIs. |
Modify CMDB | Allows the Agent to create and edit CIs, CI templates, and CI types in the CMDB. |
Chat permissions
Permission | What it controls |
|---|---|
Access Chat Console | Allows the Agent to open the Administrator Chat Console and manage chats. If this option is not selected, the Agent cannot manage chats. Chat queue access can be restricted under Settings > Chat > Chat Queues. |
Chat Administrator | Allows the Agents to supervise chat sessions conducted by other Agents. |
News, password, patch, mobile, AI, and licensing permissions
Permission | What it controls |
|---|---|
Create/Modify News for | Allows the Agent to create or modify news items from Settings > Self-Service Portal > News. |
Access to Password Services | Allows the Agent to access the Password Services module. |
Manage Patch Management | Allows the Agent to approve or deny patches, approve patches using Change Management, apply failed and approved patches, schedule failed patches for redeployment, reassign assets to different policies from the asset form, and edit Patch Management policies. |
Enable Access Via Mobile App | Allows the Agent to access SysAid through the mobile solution. |
AI Admin | Gives the Agent full access to AI-related features and settings. |
Manage Software Licensing | Gives the Agent full access to License Manager. |
Managing Agent permissions
Use the Service Pro profile to configure permissions for an individual Service Pro or to choose whether the Service Pro should use group-based permissions.
To manage Service Pro permissions:
Go to Settings > Administration > User Management.
Select Service Pros (Admins).
Select the user whose permissions you want to manage.
Open the Permissions tab.
If available, use Permission Type to choose whether permissions are inherited from the group the user is associated with or their individual permissions.
Select or clear the relevant permissions.
Click OK or Apply to save your changes.
Viewing permissions for all Agents
You can view the permissions of all Service Pros at the following page:
http://[your SysAid URL]/PermissionsPerUser.jsp
Use this view when you want to compare permissions across Service Pros or audit access more broadly.