Technician Groups in SimpleHelp 5.0
How filters and permissions are assigned to Technicians in SimpleHelp 5.0.
SimpleHelp 5.0 changes how Technician Group permissions and restrictions are applied to Technicians. In earlier versions of SimpleHelp each technician would need to choose the group context that they wished to log in under. Technicians who were members of multiple groups would need to pick which group they wished to access the SimpleHelp server under for each session.
SimpleHelp 5.0 removes the need for technicians to pick a group to log in under. Instead, the permissions and restrictions of all a technician's groups are combined. This document details the policies that SimpleHelp follows to decide what restrictions and permissions apply to a technician.
Permissions and Filters
SimpleHelp will combine the permissions and filters specified by a technician's group, choosing the least restrictive setting. Consider the following examples:
- If any group allows a technician to view a machine, then the technician can view the machine.
- If any group allows a technician to view a customer, then the technician can view the customer.
- If any group does not restrict bandwidth usage, then the technician will have no restriction.
A similar policy is followed in order to determine whether a technician is required to use multifactor authentication, determined by their membership in a Technician Group. If any group requires a form of multifactor authentication, then the technician must use it. Similarly, if any technician group allows a technician to remember their multifactor authentication key, then the technician will be allowed to use this functionality.
This allows the server administrator to easily add different multifactor authentication requirements to existing technicians and groups simply by creating a new technician group with multifactor authentication enabled.