Least Privilege Access Requirements for ConnectWise Manage Integration
Introduction
This document provides guidance on the least privileged access required for integrating ConnectWise PSA with Rewst. The aim of this document is to provide the necessary information required to configure the integration securely and to minimize the risk of unauthorized access or data leakage.
For more information on how to authenticate your ConnectWise PSA account check out the Integration Setup page.
Authentication Requirements
To initiate the successful authentication of the ConnectWise PSA integration with Rewst, and pull back the list of companies you want to associate, the following permission scopes are needed:
System → Member Maintenance: Inquire
Companies → Company Maintenance: Inquire
If you are seeing a 403 Forbidden error when running workflows, this is due to incorrect permissions. Ensure that the above authentication requirements are complete to resolve this error.
Additional Action Requirements
In addition to the above that’s required for authentication, there are several more actions the ConnectWise integration is capable of taking within Rewst. To use them all, you’ll need the following additional Security Roles configured for this account:
Companies → Configurations: Add, Edit, Inquire
Companies → Contacts: Add, Edit, Inquire
Companies → Manage Attachments: Add (My), Edit (My), Delete(My), Inquire
Companies → Team Members: Inquire
Service Desk → Service Tickets: Add, Edit, Inquire
Service Desk → Service Ticket – Dependencies: Add, Edit, Inquire
Service Desk → Close Service Tickets: Edit, Inquire
Service Desk → Merge Tickets: Add, Edit, Inquire
Project → Project Ticket: Add, Edit, Inquire
Project → Project Ticket - Dependancies: Add, Edit, Inquire
Project → Close Project Tickets: Edit, Inquire
System → My Account: Add (My), Edit (My), Delete (My), Inquire (My)
System → Table Setup: Add, Inquire (Additional customization can be done to allow or disallow tables)
Time & Expense → Time Entry: Add, Edit, Delete (My), Inquire
Time & Expense → Time Entry Billable Option: Add, Edit, Delete(My), Inquire
Finance → Agreements: Inquire
Finance → Billing View Time: Inquire: ALL *Required for adding billable time to tickets
Finance → Billing View Time: Edit: ALL *Required for adding billable time to tickets
Breakdown of Actions per Security Role
The following tables outline the various actions the ConnectWise PSA integration can take within Rewst, grouped by their security roles in ConnectWise, and each of their required permission levels to be able to execute them in workflows. We also have a generic request action, that will require any relevant scopes for what it’s being used for. For more information on the ConnectWise API and its required permissions, please refer to the Official ConnectWise API documentation.
Companies
| Actions | API Endpoint | Required Permission |
|---|---|---|
List Companies | /company/companies | Inquire |
Get Company | /company/companies/{id} | Inquire |
List Communication Types | /company/communicationTypes | Inquire |
List Contacts | /company/contacts | Inquire |
Get Contact | /company/contacts/{id} | Inquire |
Create Contact | /company/contacts | Add |
Service Desk
| Actions | API Endpoint | Required Permission |
|---|---|---|
List Service Tickets | /service/tickets | Inquire |
Get Service Ticket | /service/tickets/{id} | Inquire |
Get Tasks | /service/tickets/{id}/tasks | Inquire |
Create Task | /service/tickets/tasks/{id} | Add |
Create Bulk Tasks | /service/tickets/tasks/bulk | Add |
Update Task | /service/tickets/tasks/{id} | Edit |
Update Service Ticket | /service/tickets/{id} | Edit |
Create Service Ticket | /service/tickets | Add |
Time & Expense
| Actions | API Endpoint | Required Permission |
|---|---|---|
Add Time Entry | /time/entries | Add |
Finance
| Actions | API Endpoint | Required Permission |
|---|---|---|
List Agreements | /finance/agreements | Inquire |
Last updated
