Assign Admin Roles to give access to specific functionality in the Parsec for Teams admin dashboard. Multiple roles can be assigned to the same user in which case functionality is enabled when any of the assigned roles allow it.
Roles can be either Global or scoped to a Group. All teams can assign predefined Global roles. Enterprise teams can also create custom Global and Group roles.
Global roles
Global roles grant administrative controls over the entire team.
Global Permissions
| Permission | Description |
| Invite Team Members | Invite people to your team, using your team’s available seats |
| Remove Team Members | Remove people from your team, revoking their access to computers and features |
| Assign Team Members to Groups | Add people to groups on your team |
| Reset Team Member TFA | Send email to team members allowing them to reset their TFA |
| Manage Groups | Create, edit, and delete groups, and assign group wide privileges |
| Manage Team Computers | Edit, assign, and remove your team’s Team Computers. Anyone with access to the Team Computer Key can create team computers. Kick connected users. |
| Manage Guest Access Invites | Create Guest Access invitations using Guest Access Credits (balance will be visible), and manage guest sessions. All Team Computers with Guest Access enabled will be visible to the admin. Kick connected access link users. |
| Manage App Settings | Edit Parsec app settings enforced across your entire team |
| Manage Rulesets | Edit Parsec rulesets enforced across groups of team members |
| Manage Security Ruleset Settings | Edit single sign-on and other ruleset based security settings |
| Download Audit Logs | Download audit logs through the admin dashboard. Audit logs can also be downloaded using an API Key |
| Manage Billing Info | Edit billing information, including payment methods and billing contacts |
| Manage Subscription | Add or remove seats, and make edits to your Parsec for Teams plan |
| Purchase Guest Access Credits | Purchase and use Guest Access credits for guest sessions |
| Download Guest Access Transaction History | Download a history of all invites and credit balance changes |
Predefined roles
There are three predefined roles available for all teams. These roles can be assigned to team members but they can not be edited.
Super Admin
The Super Admin role has ALL permissions. The user who creates a team is automatically assigned the Super Admin role and every team must always have at least one Super Admin. If there is only one Super Admin you must assign a second one before you can remove the first. In addition to the configurable permissions there is some functionality that is only available to super admins.
Only super admins can:
- Create and assign admin roles
- Generate API keys
- Re-generate the Team Computer key
Admin
Admins can manage team members, groups, team computers and guest access invites. For a detailed list of permissions see the Admin Roles page.
Guest Access Manager
Guest Access Managers only have the Manage Guest Access Invites permission.
| Manage Guest Access Invites | Create Guest Access invitations using Guest Access Credits (balance will be visible), and manage guest sessions. All Team Computers with Guest Access enabled will be visible to the admin. |
Assigning roles
To assign a role to a user:
- Navigate to the Admin Roles page.
- Select the desired role.
- Select the Role Admins tab.
- Select Assign Role.
Multiple roles can be assigned to the same user. If a user has more than one role assigned they are listed in the OTHER ROLES column.
Custom global roles
Parsec for Teams Enterprise customers can create, duplicate, and edit roles. The three predefined roles are still not editable. If you need to tweak them you should instead create custom roles.
Use the Permissions tab to configure custom roles permissions. All changes take effect immediately.
Group roles
Group Admin permissions are scoped to only allow actions taken on the group itself, or on users, or Team Machines belonging to the group.
Group Permissions
| Permission | Description |
| Invite Team Members |
Invite people to your team, using your team's available seats. Group admins can only create team invites pre-assigned to their group. |
| Remove Team Members | Remove people from your team, revoking their access to computers and features, and freeing their seat. Group admins can only remove team members in their group. |
| Assign Team Members to Group | Move team members into this group. |
| Create and Assign Rulesets |
Create rulesets and assign rulesets to team members and team computers. |
| Remove Team Members from Group | Move team members out of this group. |
| Reset Group Member MFA | Send email to group members allowing them to reset their MFA. |
| Manage Team Computers | Manage any team machines that are a part of the groups this role applies to, including team machines assigned to users who are part of the group. This permission also grants access to update any unassigned team machines; unassigned means no user or group is assigned to the team machine. |
Creating Group Roles
When creating a Group Role you must select which group it is associated with. This can be changed at any time but a role can only be associated with one group. To give a user admin privileges for multiple groups, create multiple Group Admin Roles and assign them to the user.
Once the Group Role is created, permissions can be set on the permissions tab.
