[GH-ISSUE #2395] Pemission Manager: Include All Except Selected Agents #3416

New issue

Closed

opened 2026-03-14 07:17:57 +03:00 by kerem · 0 comments

kerem commented

2026-03-14 07:17:57 +03:00

Owner

Originally created by @datawolk on GitHub (Jan 26, 2026).
Original GitHub issue: https://github.com/amidaware/tacticalrmm/issues/2395

Currently, in the Permission Manager, it is only possible to grant access to all agents or to specific selected agents.
This creates a management problem when working with internal and external users.

For example, when creating a group for internal technicians, they should have access to all customer agents (existing and future ones), but not to the company’s internal agents.
At the moment, if we exclude internal agents by manually selecting agents, every new customer agent must be added to the group manually. This quickly becomes unmanageable and error-prone as the number of customers grows.

Describe the solution you'd like

I would like the ability to create dynamic agent groups in the Permission Manager that support include and exclude rules.

For example:

Include: All agents
Exclude: Internal company agents / specific sites / specific clients

This way, internal technician groups would automatically have access to all existing and newly created customer agents, while internal agents remain excluded—without requiring manual updates.

Describe alternatives you've considered

The current workaround is to create a group without internal agents and manually add every new customer agent to the group.
However, this approach does not scale and requires continuous manual maintenance, which increases the risk of misconfiguration.

Additional context

Having an “access to all by default, with exclusions” model would significantly simplify permission management, especially in environments with a growing number of customers and agents.
This would improve maintainability, reduce administrative overhead, and minimize configuration errors.

Originally created by @datawolk on GitHub (Jan 26, 2026). Original GitHub issue: https://github.com/amidaware/tacticalrmm/issues/2395 ### **Is your feature request related to a problem? Please describe.** Currently, in the Permission Manager, it is only possible to grant access to **all agents** or to **specific selected agents**. This creates a management problem when working with internal and external users. For example, when creating a group for internal technicians, they should have access to **all customer agents (existing and future ones)**, but **not** to the company’s **internal agents**. At the moment, if we exclude internal agents by manually selecting agents, every new customer agent must be added to the group manually. This quickly becomes unmanageable and error-prone as the number of customers grows. ### **Describe the solution you'd like** I would like the ability to create **dynamic agent groups** in the Permission Manager that support **include and exclude rules**. For example: * Include: **All agents** * Exclude: **Internal company agents / specific sites / specific clients** This way, internal technician groups would automatically have access to all existing and newly created customer agents, while internal agents remain excluded—without requiring manual updates. --- ### **Describe alternatives you've considered** The current workaround is to create a group without internal agents and manually add every new customer agent to the group. However, this approach does not scale and requires continuous manual maintenance, which increases the risk of misconfiguration. --- ### **Additional context** Having an “access to all by default, with exclusions” model would significantly simplify permission management, especially in environments with a growing number of customers and agents. This would improve maintainability, reduce administrative overhead, and minimize configuration errors.