This article will introduce you to the Privileges tool in BetterCloud. Role based privileges will allow you to grant access to the BetterCloud app, and customize that access for users and admins at different security and operational levels on your domain.
If you're looking for Access Controls in BetterCloud for G Suite, please click here.
Access Privileges Tool
The Privileges section of the app can be accessed via the left side navigation bar. When you click on "Privileges" from this bar, you'll be presented with two dropdown options: "New" and "Manage".
"New" will direct you straight to the "Create New Role" tool. "Manage" will direct you to the "Roles and Privileges" page, where you can manage existing roles and folders. On the "Roles and Privileges" page, you'll find:
- Existing folders into which your existing roles are organized, as well as the ability to create a new folder
- A list of all existing roles based on folder assignment
- The option to create a new role
In your role view, you can:
- Display roles contained in certain folders
- See a description and member count for each role
- Sort roles alphabetically by name or numerically by member count, and hide the Description column to customize your view.
From the dropdown "carrot" next to each role's listing, you'll find further options for managing that specific role and its assignees.
Please note that the "Super Admin" role is a default option specific to BetterCloud, and cannot be edited or deleted. Users granted this role will have full access to all tools in the BetterCloud app, including data from all enabled Connectors.
For more information about role behavior in BetterCloud, please see the Important / Requirements section of this article.
Create New Folder
Folders are a great way to organize and locate specific roles, especially for larger domains or those with many granular levels of security or required access.
You have two available options for creating a new folder: clicking on the "+" sign next to your Folders list, or the "All Folders" dropdown selector at the top of your role list, which will prompt you with a "+ Add Folder" option.
After selecting either of these options, a right side slide-out tab will open. This tab will allow you to enter a folder title and create your new folder, or cancel to return to the Privileges page below. Clicking the "x" marker on the tab will also cause the tab to retract and return you to the page below.
Clicking on the folder name you wish to manage from your list of folders will auto-select it in your role viewer. You can also select it by name from the folder dropdown at the top of your role viewer.
Once the folder you wish to manage is reflected at the top of your role viewer, clicking on it will provide a dropdown menu of available options:
- "Rename" will provide the same right side slide-out tab you used to create your folder, and allow you to edit its title.
- "Add Folder" will allow you to create a nested sub-folder, beneath the one you previously selected.
- "Delete" will automatically delete the folder in question.*
*If the folder you wish to delete contains existing roles and/or sub-folders, a right side slide-out tab will warn you that all folder contents will also be deleted and cannot be retrieved, once this folder is deleted.
Create New Role
When you select "Privileges" > "New" from the left navigation menu, or click the green "Create Role" button from the "Roles and Privileges" page, you'll be brought a new right side flyout tab containing the role creation tool. Here, the process of role creation will be broken down into several steps.
Begin setting up your role by giving it a name. You may also include an optional description.
Next, the "Privileges" section of the tab will be selected by default. Here, select the particular permissions for tools that this role will be able to access, along with what level of access they will have.
If necessary, you can work from a premade User or Admin template, or copy permissions over from a user with an existing role. Otherwise, select the box that corresponds with both the tool you would like to grant access to, and the level of access you want the role to have. If you're looking for a particular access item or tool, you can expand or contract existing selections.
As you select different access items, note that our tool will occasionally auto-select other items that are required. For example: if you want this role to be able to edit groups, the role must also be able to view groups.
To help distinguish these items, black check boxes will denote items you've chosen, and grey check boxes will denote required items.
Next, select the "Assigned Users" section, to the right of "Privileges. This will switch your view, and here you can add users to this new role by clicking the "Assign User" button; a pop-up box will appear below, where you can enter multiple users at a time.
Names will auto-populate as you type, and if you enter a user who is already assigned an existing role, you will be warned that adding them to this role will remove them from the other.
Please note that users may only be assigned one role at a time, in BetterCloud.
Once assigned, you'll be able view your added users and and remove them, if necessary. "Added Date" will populate upon saving your new role.
Finally, you can cancel to exit out of this tool without saving, or save your changes to commit the role to your BetterCloud instance.
Manage Existing Roles
In your role view, you can display the roles contained in certain folders, see more information that has been entered for each role, sort existing roles alphabetically by name, and show or hide other columns to customize your view.
From the dropdown "carrot" next to each role's listing, you'll find quick link options for managing that specific roles and its assignees:
- "Assign Users" will allow you to add user accounts to the selected role
- "Configure" will allow you to view and make changes to the selected role's current settings and permissions
- "Clone" will create a new, duplicate role with the same settings
- "Delete" will delete the role
- "Move" will allow you to move the role to a different folder or sub-folder
By clicking on a role's name in blue from this view, or by selecting "Configure" from the dropdown menu of available options, you will receive a right side flyout tab, where you can review the settings of the role. Clicking the green "Edit" button in the top right corner of the tab will make all settings, permissions and assigned user sections editable. Clicking on the tab's "X" marker or clicking on the page below it will close out the tab.
Important / Requirements
- Please note that the "Super Admin" role is a default option specific to BetterCloud, and cannot be edited or deleted. Users granted this role will have full access to all tools in the BetterCloud app, and full permissions over all connected user and application data.
- When the Privileges tool in BetterCloud was launched on February 16, 2017, all existing G Suite users with Super Admin roles in the Google Admin Console automatically inherited Super Admin access to the new BetterCloud app. However, going forward, these roles will not be inherited. All end users and new admins must have a role assigned to them via this Privileges tool in BetterCloud, before they will have access to our app.
- Roles created and assigned in the Access Controls tool in BetterCloud for G Suite will not be inherited in BetterCloud.
- While it is possible for a user to be assigned multiple roles via Access Controls in BetterCloud for G Suite, a user may have only one role in BetterCloud at a time.