[GH-ISSUE #1819] URL Actions Permissions / Global Settings Sub-Permissions #3075

New issue

Closed

opened 2026-03-14 06:28:13 +03:00 by kerem · 2 comments

kerem commented

2026-03-14 06:28:13 +03:00

Owner

Originally created by @ZzBombardierzZ on GitHub (Mar 29, 2024).
Original GitHub issue: https://github.com/amidaware/tacticalrmm/issues/1819

Originally assigned to: @wh1te909 on GitHub.

Is your feature request related to a problem? Please describe.
We are working on technician permissions for a new hire coming onboard soon, and I noticed that he won't be able to view URL Actions without being given the "View Global Settings" permission. We use URL Actions currently just to take control of an agent using ScreenConnect. This permission issue is troubling because he would then be able to see our email alert/SMTP settings as well as the SMS Twilio key.

Describe the solution you'd like
Breaking down these global setting permissions further for Email, SMS, MeshCentral, key store, url actions, etc.

Describe alternatives you've considered
Implementing something like #667 with the ability to set it to a URL action that doesn't care about the 'View Global Settings' permission.

Alternatively, make the "Run URL Actions" permission allow viewing only URL actions if the 'View Global Settings' permission is not checked.

Or any other solution you may think of.

Additional context
Add any other context or screenshots about the feature request here.

Originally created by @ZzBombardierzZ on GitHub (Mar 29, 2024). Original GitHub issue: https://github.com/amidaware/tacticalrmm/issues/1819 Originally assigned to: @wh1te909 on GitHub. **Is your feature request related to a problem? Please describe.** We are working on technician permissions for a new hire coming onboard soon, and I noticed that he won't be able to view URL Actions without being given the "View Global Settings" permission. We use URL Actions currently just to take control of an agent using ScreenConnect. This permission issue is troubling because he would then be able to see our email alert/SMTP settings as well as the SMS Twilio key. **Describe the solution you'd like** Breaking down these global setting permissions further for Email, SMS, MeshCentral, key store, url actions, etc. **Describe alternatives you've considered** Implementing something like #667 with the ability to set it to a URL action that doesn't care about the 'View Global Settings' permission. Alternatively, make the "Run URL Actions" permission allow viewing only URL actions if the 'View Global Settings' permission is not checked. Or any other solution you may think of. **Additional context** Add any other context or screenshots about the feature request here.

kerem

2026-03-14 06:28:13 +03:00

closed this issue
added the
bug
label

kerem commented

2026-03-14 06:28:39 +03:00

Author

Owner

@wh1te909 commented on GitHub (Mar 30, 2024):

thanks just pushed a fix for this, was not the intended behavior. you can manually apply the changes in github.com/amidaware/tacticalrmm@ee3a7bbbfc to the files on your server now and then sudo systemctl restart rmm and test it out, should work

@wh1te909 commented on GitHub (Mar 30, 2024): thanks just pushed a fix for this, was not the intended behavior. you can manually apply the changes in https://github.com/amidaware/tacticalrmm/commit/ee3a7bbbfce8a240cc269fb54176fd869fdd19c1 to the files on your server now and then `sudo systemctl restart rmm` and test it out, should work

kerem commented

2026-03-14 06:28:44 +03:00

Author

Owner

@wh1te909 commented on GitHub (Apr 9, 2024):

Released in 0.18.2

@wh1te909 commented on GitHub (Apr 9, 2024): Released in 0.18.2