Administrators and Permissions
The Staff Management menu contains three sections; Administrator Users, Administrator Roles and Two Factor Authentication. These allow for control over access to the WHMCS admin area. New staff members are created on the Administrator Users page, their permissions are controlled on the Administrator Roles page, and login security can be enhanced by configuring Two Factor Authentication.
To set up additional admins, go to Setup > Staff Management > Administrator Users. From here you can view and edit existing operators as well as adding new ones. When editing an operator you can change all the details of the operator including resetting their password. It also allows you to see any notes they have made for themselves.
Admin Usernames should take the following format:
- Begin with a letter [A-Z,a-z]
- Letter and number characters only
- No Symbols
- No blank spaces
Assigning to Support Departments
To assign an admin to a support department perform the following steps:
- Go to Setup > Staff Management > Administrator Users
- Click the edit icon next to the administrator you would like to assign to a department
- About halfway down the page, you will see a list of all the support departments in the system, tick the boxes next to the ones you want this admin account to be a member of
- Once finished, click the Save Changes button
Only when an admin account is assigned to a department will that admin user be able to view and respond to tickets in that department.
Managing Administrator Roles
The administrator roles allow you to fine tune exactly what each of your admin users can do within your WHMCS administration area. You can setup as many different role groups as you want and then assign your admins to them as required. As standard, WHMCS comes with 3 default roles - Full, Sales & Support Only.
Information on Role Group Permissions
One of the most important features of the admin area is being able to control what particular admins are able to access and manage. For example: you may want to give support operators less access to make changes and such than the business owner. WHMCS uses administrator roles to implement this. Administrator roles can set up under Setup > Staff Management > Administrator Roles and most of the permissions are self explanatory.
- Those whose names start with "Manage" allow you to manage the item being mentioned.
- Those whose names start with "View" allow you to view the item being mentioned.
- Those whose names start with "Create" allow you to create a new mentioned item.
- Those whose names start with "Configure" are generally related to settings under the Setup menu and should be disabled unless you want admins in that role to be able to change the mentioned sections.
Please note that many of the Create permissions require the related Manage permission, so if you get "Access Denied" errors when you have the Create permission set, please add the Manage permission and it should resolve this. For example: Create Invoice will give errors without Manage Invoices enabled as well.
All admin roles should have at least "Support Center Overview" and/or "Main Homepage" enabled, so the admin can see the support center overview and/or admin summary pages after logging in.
For an admin user that will be working with clients and tickets, you will likely want to give them at least any Manage or View permissions for tickets, domains and client products. If they will be processing client orders or creating new services for clients, you will want to give the applicably named Create and Manage permissions as well.
Alternatively, if you are having someone provide remote support and you only want them to be able to view items, but make no chances, you can give them the desired view permissions only.
Ultimately you can configure the permissions to be as open or restricted as needed, based on your unique desires and requirements.
Setting Role Group Permissions
- Begin by going to Setup > Staff Management > Administrator Roles
- If you want to setup a new role group, click the Add New Role Group link and enter a name for it. Or alternatively if editing the permissions on existing group, click the edit icon next to it
- You will then be shown a complete list of the permissions settings for the group you are creating. Options are provided for each admin area page and for some, individual controls such as whether values can be edited or records deleted are provided.
- You can also set the email receiving preferences - system emails, account emails and support emails
- Once completed, click Save
Assign an Admin to a Role
- To assign an admin to a role, go to Setup > Staff Management > Administrator Users
- Next, click the edit icon next to the admin you want to change
- Now in the Role Group dropdown menu choose the role you want to assign the admin to
- Then click save and the change will take immediate effect
Managing Two Factor Authentication
Two-factor authentication adds an additional layer of security by introducing a second step to your login. It takes something you know (i.e.: your password), and adds a second factor, typically something you physically have (such as your phone). Since both are required to log in, in the event an attacker obtains your password two-factor authentication would stop them from accessing your account.
Two Factor Authentication can be applied to staff, clients or both. Instructions for configuring Two Factor Authentication are located on the Security Modules page.