User roles

This article gives an overview of the roles in Remote Access: Admin and Access Only. Access is managed by permission sets that are applied to user profiles. Note the following when managing user permissions:

Permissions can be assigned at the organization, site, portfolio, or (for Access Only) endpoint level.
Users cannot view or modify resources outside their assigned scope.
A user can have different roles for different resources. For example, the same user can have Admin permissions to one portfolio and Access Only permissions to another portfolio.

To learn more about resource hierarchy, see Hierarchy in Neeve.

Role	Scope	Actions
Admin	All resources (sites, portfolios, users, devices, groups) for their assigned organization, sites, or portfolios.	✅ Can view, create, modify, delete any resource within their site or portfolio scope 🗙 Cannot view resources outside their assigned scope 🗙 Cannot add, modify, or delete resources that are of equal or greater hierarchy than their scope Example: A user with Admin permissions to a specific site cannot create a new site in the organization. However, they can create a new portfolio under the site they manage.
Access Only	All endpoints under their assigned sites, portfolios, system type, or individual endpoint assignments.	✅Can view information about and access endpoints they are assigned to. 🗙 Cannot view or connect to endpoints outside their scope 🗙 Cannot modify anything Example: A user with Access Only permissions to a site can connect to all endpoints under that site. However, they cannot see information about other resources for that site, such as users, nodes, or networks.

Role

Scope

Actions

Admin

All resources (sites, portfolios, users, devices, groups) for their assigned organization, sites, or portfolios.

✅ Can view, create, modify, delete any resource within their site or portfolio scope

🗙 Cannot view resources outside their assigned scope

🗙 Cannot add, modify, or delete resources that are of equal or greater hierarchy than their scope

Example:

A user with Admin permissions to a specific site cannot create a new site in the organization. However, they can create a new portfolio under the site they manage.

Access Only

All endpoints under their assigned sites, portfolios, system type, or individual endpoint assignments.

✅Can view information about and access endpoints they are assigned to.

🗙 Cannot view or connect to endpoints outside their scope

🗙 Cannot modify anything

Example:

A user with Access Only permissions to a site can connect to all endpoints under that site. However, they cannot see information about other resources for that site, such as users, nodes, or networks.