Administrators and Permissions

From WHMCS Documentation

The Staff Management menu contains three sections; Administrator Users, Administrator Roles, and Two Factor Authentication. These allow for control over access to the WHMCS admin area. You can create new staff members on the Administrator Users page, set their permissions on the Administrator Roles page, and enhance login security by configuring Two Factor Authentication.

Managing Administrators

To set up additional admins, go to Setup > Staff Management > Administrator Users. From here, you can view and edit existing operators as well as adding new ones. When editing an operator you can change all the details of the operator, including resetting their password. It also allows you to see any notes they have made for themselves.

Admin Usernames should take the following format:

  • Begin with a letter [A–Z, a–z]
  • Alphanumeric characters only.
  • No blank spaces.

Assigning to Support Departments

To assign an admin to a support department, perform the following steps:

  1. Go to Setup > Staff Management > Administrator Users.
  2. Click the edit icon next to the administrator you would like to assign to a department.
  3. About halfway down the page, you will see a list of all the support departments in the system. Check the boxes next to the ones you want this admin account to be a member of.
  4. Click Save Changes.

After you assign an admin account to a department, the user will be able to view and respond to tickets in that department.

Managing Administrator Roles

The administrator roles allow you to fine tune exactly what each of your admin users can do within your WHMCS administration area. You can set up as many different role groups as you want and then assign your admins to them as you need to. WHMCS comes with three default roles: Full, Sales, and Support Only.

Information on Role Group Permissions

One of the most important features of the admin area is being able to control what particular admins are able to access and manage. For example, you may want to give support operators less access to make changes than the business owner. WHMCS uses administrator roles to implement this. You can set up administrator roles under Setup > Staff Management > Administrator Roles.

For these settings:

  1. Those whose names start with "Manage" allow you to manage an item.
  2. Those whose names start with "View" allow you to view an item.
  3. Those whose names start with "Create" allow you to create a new mentioned item.
  4. Those whose names start with "Configure" are generally for settings under the Setup menu. Disable them unless you want admins in that role to be able to change the mentioned sections.

Many of the Create permissions require the related Manage permission, so if you get "Access Denied" errors when you have the Create permission set, add the Manage permission and it should resolve this. For example, errors will occur for Create Invoice if you don't also enable Manage Invoices.

For all of your admin roles, you should enable, at least, "Support Center Overview" or "Main Homepage". This allows the admin to see the support center overview or admin summary pages after logging in.

For an admin user that will be working with clients and tickets, you will likely want to give them any Manage or View permissions for tickets, domains, and client products. If they will be processing client orders or creating new services for clients, give the applicable Create and Manage permissions as well.

Alternatively, if you are having someone provide remote support and you only want them to be able to view items, but make no changes, you can give them the desired view permissions only.

Ultimately, you can configure the permissions to be as open or restricted as you need, based on your requirements.

Setting Role Group Permissions

To set role group permissions:

  1. Navigate to Setup > Staff Management > Administrator Roles.
  2. If you want to set up a new role group, click the Add New Role Group link and enter a name for it. To edit the permissions on existing group, click the edit icon next to it. A complete list of the permissions settings for the group you're creating will appear.
  3. Configure the displayed options. The system provides options for each admin area page and individual controls like whether the admins can edit values.You can also set the email receiving preferences: system emails, account emails, and support emails.
  4. Click Save.

Assign an Admin to a Role

To assign an admin to a role:

  1. Navigate to Setup > Staff Management > Administrator Users.
  2. Click the edit icon next to the admin you want to change.
  3. In the Role Group menu, choose the role you want to assign the admin to.
  4. Click save. The change will take effect immediately.

Managing Two Factor Authentication

Two-factor authentication adds an additional layer of security by introducing a second step to the login process. It takes something you know (for example, your password), and adds a second factor, typically something you physically have (such as your phone). Since the system will require both to log in, if an attacker obtains your password, two-factor authentication would stop them from accessing your account.

You can apply Two-Factor Authentication to staff, clients, or both. Instructions for configuring Two-Factor Authentication are on the Security Modules page.