When it comes to managing IT responsibilities with your clients, it's important to give co-managed users more granular control over assets, scripts, and reports while maintaining security boundaries and preventing unintended impact on assets outside managed organizations.

This document provides an overview of Syncro's features related to co-managed support. 

Key Features and Benefits

Some key features and benefits of co-managed support in Syncro include:

Granular Permissions for Co-Managed Users: You can grant co-managed users precise permissions for managing their assets. This includes the ability to add, edit, and access assets for assigned customers. Granular permissions allow you to delegate tasks to your client's IT team, empowering them to be more efficient and autonomous.

Expanded Reporting Access: Your co-managed users can now view key reports like the Asset Activity Report, Asset Audit Report, and reports from the Executive Summary Report Builder. However, they can only view reports for the customers associated with their Security Group.

Best Practices & Examples

Here are some best practices and examples to consider when incorporating co-managed support into your business model:

Start with a Phased Rollout: The new permissions are disabled by default for all existing Security Groups. This allows you to manually enable them and decide what permissions are appropriate for each user. This approach allows for a controlled rollout, reducing potential risks.

Establish Clear Permissions: Grant access only to the specific assets, scripts, and reports your co-managed users require. Use this fine-grained control to define the precise scope of your co-managed relationships from the start.

Encourage Customer-Specific Scripts:  A best practice for Technical Leaders with multiple co-managed clients is to give each co-managed client their own customer-specific Script Category. This provides them a dedicated space to create their own scripts that won't be visible to other customers.

Centralize Shared Scripts: Create a Script Category with centrally managed, shared scripts that are available to all co-managed clients. This allows you to designate which scripts they can run while maintaining central management.

For example, you can create a Script Category for your co-managed client "Customer A" and another for "Customer B". You can then create a third category for "Shared Scripts" that both customers can access. 

Control Access to Sensitive Scripts: Use Script Categories to segment highly complex or sensitive scripts away from co-managed clients and junior Technicians to minimize the risk of a complex or system-critical script being run incorrectly. 

For example, you can restrict access to sensitive scripts to senior Technicians or internal IT teams, protecting your systems from potential errors. If a user is in a Security Group with only the permission to run scripts, and a "Script Category" called “Advanced” is not accessible, the user will be able to run all scripts not in the “Advanced” category.

Categorize All Scripts: While uncategorized scripts are accessible to all users with script permissions (the default behavior), it is a best practice to assign all scripts to a category. This ensures you achieve the desired level of control and maximizes the security of your setup. 

Get Started

Getting started is simple:

1. Assign Scripts to Script Categories, then
2. Configure Security Groups for Select Customers with the appropriate Script Category access.