Least Privilege Access Requirements for ConnectWise Manage Integration
Introduction
This document provides guidance on the least privileged access required for integrating ConnectWise PSA with Rewst. The aim of this document is to provide the necessary information required to configure the integration securely and to minimize the risk of unauthorized access or data leakage.
For more information on how to authenticate your ConnectWise PSA account check out the Integration Setup page.
Authentication Requirements
To initiate the successful authentication of the ConnectWise PSA integration with Rewst, and pull back the list of companies you want to associate, the following permission scopes are needed:
System → Member Maintenance: Inquire
Companies → Company Maintenance: Inquire
If you are seeing a 403 Forbidden error when running workflows, this is due to incorrect permissions. Ensure that the above authentication requirements are complete to resolve this error.
Additional Action Requirements
In addition to the above that’s required for authentication, there are several more actions the ConnectWise integration is capable of taking within Rewst. To use them all, you’ll need the following additional Security Roles configured for this account:
Companies → Configurations: Add, Edit, Inquire
Companies → Contacts: Add, Edit, Inquire
Companies → Manage Attachments: Add (My), Edit (My), Delete(My), Inquire
Companies → Team Members: Inquire
Service Desk → Service Tickets: Add, Edit, Inquire
Service Desk → Service Ticket – Dependencies: Add, Edit, Inquire
Service Desk → Close Service Tickets: Edit, Inquire
Service Desk → Merge Tickets: Add, Edit, Inquire
Project → Project Ticket: Add, Edit, Inquire
Project → Project Ticket - Dependancies: Add, Edit, Inquire
Project → Close Project Tickets: Edit, Inquire
System → My Account: Add (My), Edit (My), Delete (My), Inquire (My)
System → Table Setup: Add, Inquire (Additional customization can be done to allow or disallow tables)
Time & Expense → Time Entry: Add, Edit, Delete (My), Inquire
Time & Expense → Time Entry Billable Option: Add, Edit, Delete(My), Inquire
Finance → Agreements: Inquire
Finance → Billing View Time: Inquire: ALL *Required for adding billable time to tickets
Finance → Billing View Time: Edit: ALL *Required for adding billable time to tickets
Breakdown of Actions per Security Role
The following tables outline the various actions the ConnectWise PSA integration can take within Rewst, grouped by their security roles in ConnectWise, and each of their required permission levels to be able to execute them in workflows. We also have a generic request action, that will require any relevant scopes for what it’s being used for. For more information on the ConnectWise API and its required permissions, please refer to the Official ConnectWise API documentation.
Companies
List Companies
/company/companies
Inquire
Get Company
/company/companies/{id}
Inquire
List Communication Types
/company/communicationTypes
Inquire
List Contacts
/company/contacts
Inquire
Get Contact
/company/contacts/{id}
Inquire
Create Contact
/company/contacts
Add
Service Desk
List Service Tickets
/service/tickets
Inquire
Get Service Ticket
/service/tickets/{id}
Inquire
Get Tasks
/service/tickets/{id}/tasks
Inquire
Create Task
/service/tickets/tasks/{id}
Add
Create Bulk Tasks
/service/tickets/tasks/bulk
Add
Update Task
/service/tickets/tasks/{id}
Edit
Update Service Ticket
/service/tickets/{id}
Edit
Create Service Ticket
/service/tickets
Add
Time & Expense
Add Time Entry
/time/entries
Add
Finance
List Agreements
/finance/agreements
Inquire
Last updated