Organization Roles in Trio MSP define what administrators can see and do within the platform. By assigning predefined or custom roles, you ensure proper access control, separation of duties, and operational security across your organization. This article covers the overview of roles, editing template roles, creating custom roles, and managing role permissions.
Overview of Organization Roles
The Organization Roles section in the Admin Center provides a centralized view of all available roles. These include Trio template roles (predefined) and customized roles created by your organization.
Each role card displays:
Role name
Role type (Trio template or Customized role)11
Available Template Roles
Trio provides several predefined roles to support different operational responsibilities:
Owner
Full access to all platform features
Manages users, roles, billing, and security settings
Auditor
Manages users and devices
Limited access to billing, security, and compliance
Standard Admin
Platform-wide access
No access to billing, role management, or security controls
Super Admin
Full platform access
Can be restricted by Owner depending on configuration
Human Resource (HR)
Manages users
Can wipe/lock devices
Has log access and integration visibility
App Manager
Handles application deployment, updates, and removal
Focused on software lifecycle management
Help Desk
Broad operational access
Restricted from roles, billing, security, un-enrollment, and deletions
Billing Admin
Manages billing settings
Read-only access to devices and dashboard
View-Only Admin
Full visibility across the platform
No modification privileges
Custom Role
Fully customizable permissions
Designed for specialized or limited operational needs
Viewing and Editing Role Permissions
You can review and modify permissions for customizable roles.
To View or Modify a Role:
Navigate to Admin Center → Organization Roles
Click on a role card or open the ⋮ menu
Select View details
This opens the Role Details panel, where permissions are grouped by resource categories.
Permission Categories
Permissions are structured by operational domains:
Device Groups
Users
Profiles
Software
Each permission is controlled via checkboxes.
To apply changes:
Modify the required permissions
Click Save
You can also use:
Reset to default to revert to original template configuration
Adding a New Custom Role
If predefined roles do not meet your operational needs, you can create a new custom role.
Step 1: Create Role Details
Go to Admin Center → Organization Roles
Click + Add
In the Role details section:
Enter the Role Name
Optionally provide a Description
Click Next
The description helps identify the role’s purpose internally.
Step 2: Configure Role Permissions
In the Role permissions section:
Select the appropriate permissions under:
Device Groups
Users
Profiles
Software
Carefully define:
View rights (visibility only)
Edit rights (modification capability)
Assign rights (policy deployment)
Delete/Archive rights (destructive operations)
Click Save
Your custom role will now appear in the Organization Roles list.
Managing Existing Roles
From the role card (⋮ menu), you can:
View details – Inspect and modify permissions
Edit name – Rename the role
Delete – Remove the role (if not system-protected)
When editing the role name:
Enter the new role name
Optionally update the description
Click Save
Role Governance and Access Control
Roles are foundational to security and operational segmentation in Trio MSP.
They help you:
Enforce least-privilege access
Separate billing from technical operations
Limit destructive permissions
Create compliance-aligned access structures
Scale administrative control across large organizations
By carefully designing and assigning roles, you maintain both flexibility and governance across your MSP environment.