A role is a set of permissions assigned to technicians (or other employees) granting them various access privileges. You can create unlimited roles in Atera. 

Preset roles

There are two preset roles in Atera, Beginner and Admin, which cannot be deleted and have limited modification abilities to maintain security and functionality.

Beginner role

The Beginner role is automatically assigned to every new technician, and can be changed by users with admin permissions after the technician's first login. The Beginner role is 'view only' — all permissions are disabled by default and cannot be modified.

Admin role

The Admin role has all permissions enabled and provides full access to the platform and all sites. This role cannot be modified, ensuring complete access and control. At least one user must always be assigned to the Admin role.

The Admin role has all permissions enabled and provides full access to the platform and all customers. This role cannot be modified, ensuring complete access and control. At least one user must always be assigned to the Admin role.

Note: The Admin role has unrestricted access to all users and sites. For all Admin permissions with limited site access, create a new role and limit access to specified sites.

Note: The Admin role has unrestricted access to all contacts and customers. For all admin permissions with limited customer access, create a new role and limit access to specified customers.

Permissions explained

Below is an overview of the various functionalities that can be enabled for each permission set and how each setting affects user access. Understanding these roles and permissions will help ensure your organization has the most effective and secure user access configuration.

Full admin access

Full admin access automatically enables all permissions and additional abilities, including:

• Account settings:
  • General: Edit company name, address, time zone, and language. 
  • Agents: Enable Atera Agent uninstall prevention and define retired devices.
  • Tickets: Manage ticket creation time entry settings, spam tickets automations, technician default response type, ticket ID sequence resets, ticket auto-tagging, and tickets viewed in the Service portal.
  • Tickets: Manage ticket creation time entry settings, spam tickets automations, technician default response type, ticket ID sequence resets, ticket auto-tagging, and tickets viewed in the Customer portal. 
  • Email: Define your support email addresses and user email settings. 
  • Email: Define your support email addresses and contact email settings. 
  • Alerts: Set alerts email address and send time, enable automated ticket creation by alert severity, and select sounds for incoming alerts. 
  • Remote access: Configure default remote access and settings. 
• Technicians: Add, view, edit, assign, and deactivate technician profiles, and manage their availability. 
• Technician groups: Create technician groups and manage group members.
• Access roles: Add, view, or edit roles (user permissions). 
• Folders: Add and delete Site folders. 
• Folders: Add and delete Customer folders. 
• Threshold profiles: Add, view and edit threshold profiles. 
• Configuration policies: Create, assign, and edit configuration policies. 
• Sites: Create and delete sites. 
• Customers: Create and delete customers. 
• Security and authentication: Manage access list, authentication (2FA and SSO), MFA for protected actions, and log out of all sessions. 
• Audit log: View, filter, and export user audit logs. 
• SNMP templates: Create, share, and delete SNMP templates. 
• Software installation: Create, clone, and delete software bundles for group installation and private repository. 
• Ticket automation rules: Create, edit, activate, and delete ticket automation rules. 
• Ticket forms: Create, edit, clone, and archive ticket form templates. 
• Email templates: Create, edit, and delete email and quick reply templates. 
• SLA: Add, view, edit, and delete SLAs. 
• Business hours: Add, view, and edit business hours calendars. 
• Calendar integration: Connect Office 365 or google calendars. 
• Service Portal: Manage the domain, SSO, ticketing, AI assistant, self-service actions, and customize branding. 
• Customer Portal: Manage the domain, SSO, ticketing, AI assistant, self-service actions, and customize branding. 
• Departments: Create, edit, and delete departments. 
• Custom fields: Add, view, and edit custom fields. 
• Assets: Create, edit, clone, and delete asset types and fields. 
• Integrations: Connect with apps via Zapier.
• Import data: Import sites, users, and assets in bulk.
• Import data: Import customers, users, and assets in bulk.

Remote management

Remote management permissions enable the ability to perform all remote actions found under the Manage button of a device on desktop and/or server devices.

• Remote connection: Connect to and manage devices with our remote connection tools.
• Patch management: View, install, and uninstall patches directly onto devices.
• Software inventory: View, uninstall, and update software on Windows and Mac devices.
• Software installation: Install software and bundles directly onto devices.
• Run scripts: View, clone, and run scripts on devices from selected categories in My scripts and/or scripts from the shared script library.
• Shutdown actions: Log out, restart, and shut down devices.
• Service Manager: Start, restart, and stop service on Windows devices.
• Task Manager: View and manage running tasks on Windows devices.
• Terminal access: Run CMD, PowerShell, Terminal, and SSH on devices.
• User activity: View user activity on Windows devices.
• File transfer: Upload and download files to and from devices.
• Registry Editor: Access and manage registry keys on Windows devices.
• Event viewer: Access the Event Viewer on Windows devices.
• Apps: Install apps on Windows devices.
• Helpdesk agent: Activate the Helpdesk agent on Windows devices.

Excluded folders for RMM permissions

Exclude folders from Remote management permissions. Even if the permission is enabled for the role, the technician will not be able to perform it on the selected folders.

Note:

• Associated permissions are not granted for devices in excluded folders, but the devices are still visible for technicians with the role.
• If a permission with excluded folders is turned off, the excluded folders are saved. When the permission is turned back on, the previously excluded folders remain.

RMM administration

RMM administration permissions enable the creation and management of devices, scripts, and IT automation profiles.

• Edit devices: Assign thresholds, add to favorites, clear alerts, delete devices, and edit device names, relations, and monitored devices. 
• Manage scripts: Create, view, edit, clone, delete, and run scripts. 
• Manage patch and IT automations: Create, assign, edit, clone, and delete IT automation profiles. 

Ticketing

Ticketing permissions enable access to and management of ticket handling.

• Access all tickets: Access your own tickets and ones assigned to other technicians.
• Access unassigned tickets: Access all unassigned tickets.
• Include in automated assignment: Include user in the ticket automation rules auto-assignment list.
• Ticket products: Manage products for a tickets. 
• Ticket expenses: Manage expenses for tickets.
• Delete tickets: Delete accessible tickets.
• Merge tickets: Merge accessible tickets. 

System

System permissions enable control of reporting and other account information.

• AI Center: View and configure Autopilot settings on the AI Center Settings pages.
• Access reports: Generate and schedule classic reports, and view advanced reports.
  • Manage analytical reports: Generate and schedule operational reports, and view analytical reports.
• Manage users: Add, edit, and delete end users.
• Manage contacts: Add, edit, and delete contacts.
• Manage passwords: Manage site, user, and device passwords.
• Manage passwords: Manage customer, contact, and device passwords.
• Manage billing: Create, edit, export, and delete invoices, view ticket product and expense pricing, and generate the Timesheet report.
• Manage knowledge base: Create, edit and delete categories, sections and articles in the general and site specific knowledge base
• Manage knowledge base: Create, edit and delete categories, sections and articles in the general and customer specific knowledge base
• Mobile: Log in to the web app via mobile browser.
• Access Online Backup (legacy feature): Access Online Backup dashboard, add clients, and manage settings. 

Create a role

1. Go to Admin > Users and security > Access roles.

The Roles page appears.

2. Click New role. Enter a role name, then click Create.

4. From the Permissions tab, navigate through the permission categories, or search for something specific, and select permissions to enable. You can select the checkbox next to the category title to select all the permissions on the page. To learn more about each permission, see Permissions explained.

6. Under Role members, assign technicians to the role.

7. Click Save.

Limit role access

Roles can be limited to have access to specific sites to ensure focused and secure operations. 

Note: Roles have full access to all sites by default unless specifically limited.

Roles can be defined with access to specific customers to ensure focused and secure operations. 

Note: Roles have full access to all customers by default unless specifically limited.

To limit a role to working with specific sites:

To limit a role to working with specific customers:

1. Go to Admin > Users and security > Access roles.

The Roles page appears. 

2. Select a role or create a new one

The Role page appears. 

3. From the Sites tab, click Specific sites.

3. From the Customers tab, click Specific customers.

The Sites tab appears. 

The Customers tab appears. 

4. From the dropdown menu, select the site(s). Then click Add.

4. From the dropdown menu, select the customer(s). Then click Add.

5. Click Save.

Assign technicians to a role

You can assign technicians to a role in bulk from within a specific role, or assign roles to enabled technicians from the Technicians page.

Assign within role

1. Go to Admin > Users and security > Access roles.

The Roles page appears.

2. Select a role. 

The Role page appears. 

3. Under Role members, click the Select technicians dropdown and select technicians. Then click Assign.

A confirmation window appears.

4. Click Assign role.

Note: Roles are assigned only after you click Save for the entire role page.

4. Click Save to update the role members.

Note: To remove technicians from a role, click the edit icon next to their name, and select a new role.

Assign from the Technicians page

1. Go to Admin > Users and security > Technicians.

The Technicians page appears.

2. Click the Role. 

The Role page window appears.

3. Assign the role to the desired technician and click Assign.

Edit a role

You can edit permissions, add/or remove sites, and modify a role name.

You can edit permissions, add/or remove customers, and modify a role name.

To edit a role:

1. Go to Admin > Users and security > Access roles.

The Roles page appears.

2. Select the role you wish to edit. 

The Role page appears. 

3. Modify the role name, technicians, site limitations and/or permissions as needed. For more information on each permission, see Permissions explained.

3. Modify the role name, technicians, customer limitations and/or permissions as needed. For more information on each permission, see Permissions explained.