WatchDog Security Help Center
    MSP Guide
    • Docs Home
    • Admin Guide
    • User Guide
    • MSP Guide
    • Getting Started
      • MSP Portal Overview
      • MSP Owner Account Setup & First Login
      • Billing & Usage Overview
    • Managed Companies
      • Create Your First Managed Company
      • Access a Managed Company (Assume Tenant)
      • Edit a Managed Company
      • Delete a Managed Company
    • Node Management
      • Navigate Between MSP Nodes
      • Create a New MSP Node
      • Edit an MSP Node
      • Delete an MSP Node
    • User Management
      • Add a User
      • Edit a User
      • Reset a User’s 2FA
      • Delete a User
      • Resend a User Invitation
      • Revoke a User Invitation
    • Role Management
      • Add a Role
      • Edit a Role
      • Delete a Role
    • Service Accounts
      • Create a Service Account
      • Edit a Service Account
      • Rotate a Service Account Key
      • Delete a Service Account
    • API Reference
      • Node
        • List Node
        • Get Node
        • Create Node
        • Update Node
        • Delete Node
      • Role
        • List Permissions
        • List Roles
        • List Service Account Permissions
        • Get Role
        • Create Role
        • Update Role
        • Delete Role
      • MSP Employee
        • List MSP Employee
        • Get MSP Employee
        • Create MSP Employee
        • Resend MSP Invited Employee Activation Email
        • Reset MSP Employee 2FA
        • Update MSP Employee
        • Delete MSP Employee
      • Billing
        • List Available Packages
      • Managed Company
        • List Managed Company
        • Get Managed Company
        • Create Managed Company
        • Update Managed Company
        • Delete Managed Company

    Role Management

    The WatchDog MSP Portal uses role-based access control (RBAC) to determine what users can see and do across MSP nodes and managed companies.
    Who This Is For
    MSP Owners and/or Administrators responsible for onboarding and MSP Portal Management
    Understanding this model is critical before onboarding customers or granting your team access.

    Roles in the MSP Portal#

    Access within the MSP Portal is controlled using role-based access control (RBAC). Permissions determine both visibility and action capability.
    MSP Owner
    Assigned to the primary contact when the MSP tenant is created. Provides unrestricted administrative access across the MSP Portal, including billing management and node administration. This role is permanent and cannot currently be edited, transferred, or removed.
    System Generated Parent Role
    System Generated Child Role(s)
    Custom Roles

    MSP Portal Permissions#

    Node Management
    PermissionDescriptionIs Cascadable
    Create NodesUsers with this permission can create a Child Node❌ No
    Modify NodesUsers with this permission can modify the details of a Child Node❌ No
    Delete NodesUsers with this permission can delete Child Nodes.❌ No
    User Management
    Role Management
    Service Account Management
    Managed Company Management
    Additional Permissions

    Understanding Cascade Node Permissions#

    Cascade Node Permissions allow a role created at the Parent MSP node to apply automatically to all existing and future Child MSP nodes.
    When cascade permissions are enabled:
    The user gains access to child nodes without manual assignment
    Permissions are evaluated consistently across the hierarchy
    Cascade permissions are not available to roles created at the Child MSP node level.

    Best Practices#

    1.
    Use custom roles instead of assigning system roles broadly
    2.
    Limit the use of cascade permissions to trusted administrative users
    3.
    Avoid granting Billing Administrator permissions unless required
    4.
    Review roles periodically to ensure least-privilege access
    Modified at 2026-02-25 23:13:34
    Previous
    Revoke a User Invitation
    Next
    Add a Role
    Built with