Skip to content

Files

Latest commit

 

History

History
61 lines (41 loc) · 4.94 KB

least-privilege-access-requirements-for-connectwise-manage-integration.md

File metadata and controls

61 lines (41 loc) · 4.94 KB

Least Privilege Access Requirements for ConnectWise Manage Integration

Introduction

This document provides guidance on the least privileged access required for integrating ConnectWise PSA with Rewst. The aim of this document is to provide the necessary information required to configure the integration securely and to minimize the risk of unauthorized access or data leakage.

For more information on how to authenticate your ConnectWise PSA account check out the Integration Setup page.

Authentication Requirements

To initiate the successful authentication of the ConnectWise PSA integration with Rewst, and pull back the list of companies you want to associate, the following permission scopes are needed:

  • System → Member Maintenance: Inquire
  • Companies → Company Maintenance: Inquire

{% hint style="danger" %} If you are seeing a 403 Forbidden error when running workflows, this is due to incorrect permissions. Ensure that the above authentication requirements are complete to resolve this error. {% endhint %}

Additional Action Requirements

In addition to the above that’s required for authentication, there are several more actions the ConnectWise integration is capable of taking within Rewst. To use them all, you’ll need the following additional Security Roles configured for this account:

  • Companies → Configurations: Add, Edit, Inquire
  • Companies → Contacts: Add, Edit, Inquire
  • Companies → Manage Attachments: Add (My), Edit (My), Delete(My), Inquire
  • Companies → Team Members: Inquire
  • Service Desk → Service Tickets: Add, Edit, Inquire
  • Service Desk → Service Ticket – Dependencies: Add, Edit, Inquire
  • Service Desk → Close Service Tickets: Edit, Inquire
  • Service Desk → Merge Tickets: Add, Edit, Inquire
  • Project → Project Ticket: Add, Edit, Inquire
  • Project → Project Ticket - Dependancies: Add, Edit, Inquire
  • Project → Close Project Tickets: Edit, Inquire
  • System → My Account: Add (My), Edit (My), Delete (My), Inquire (My)
  • System → Table Setup: Add, Inquire (Additional customization can be done to allow or disallow tables)
  • Time & Expense → Time Entry: Add, Edit, Delete (My), Inquire
  • Time & Expense → Time Entry Billable Option: Add, Edit, Delete(My), Inquire
  • Finance → Agreements: Inquire
  • Finance → Billing View Time: Inquire: ALL *Required for adding billable time to tickets
  • Finance → Billing View Time: Edit: ALL *Required for adding billable time to tickets

Breakdown of Actions per Security Role

The following tables outline the various actions the ConnectWise PSA integration can take within Rewst, grouped by their security roles in ConnectWise, and each of their required permission levels to be able to execute them in workflows. We also have a generic request action, that will require any relevant scopes for what it’s being used for. For more information on the ConnectWise API and its required permissions, please refer to the Official ConnectWise API documentation.

Companies

ActionsAPI EndpointRequired Permission
List Companies/company/companiesInquire
Get Company/company/companies/{id}Inquire
List Communication Types/company/communicationTypesInquire
List Contacts/company/contactsInquire
Get Contact/company/contacts/{id}Inquire
Create Contact/company/contactsAdd

Service Desk

ActionsAPI EndpointRequired Permission
List Service Tickets/service/ticketsInquire
Get Service Ticket/service/tickets/{id}Inquire
Get Tasks/service/tickets/{id}/tasksInquire
Create Task/service/tickets/tasks/{id}Add
Create Bulk Tasks/service/tickets/tasks/bulkAdd
Update Task/service/tickets/tasks/{id}Edit
Update Service Ticket/service/tickets/{id}Edit
Create Service Ticket/service/ticketsAdd

Time & Expense

ActionsAPI EndpointRequired Permission
Add Time Entry/time/entriesAdd

Finance

ActionsAPI EndpointRequired Permission
List Agreements/finance/agreementsInquire