Least Privilege Access Requirements for ConnectWise Manage Integration

Introduction

This document provides guidance on the least privileged access required for integrating ConnectWise PSA with Rewst. The aim of this document is to provide the necessary information required to configure the integration securely and to minimize the risk of unauthorized access or data leakage.

For more information on how to authenticate your ConnectWise PSA account check out the Integration Setup page.

Authentication Requirements

To initiate the successful authentication of the ConnectWise PSA integration with Rewst, and pull back the list of companies you want to associate, the following permission scopes are needed:

  • System → Member Maintenance: Inquire

  • Companies → Company Maintenance: Inquire

If you are seeing a 403 Forbidden error when running workflows, this is due to incorrect permissions. Ensure that the above authentication requirements are complete to resolve this error.

Additional Action Requirements

In addition to the above that’s required for authentication, there are several more actions the ConnectWise integration is capable of taking within Rewst. To use them all, you’ll need the following additional Security Roles configured for this account:

  • Companies → Configurations: Add, Edit, Inquire

  • Companies → Contacts: Add, Edit, Inquire

  • Companies → Manage Attachments: Add (My), Edit (My), Delete(My), Inquire

  • Companies → Team Members: Inquire

  • Service Desk → Service Tickets: Add, Edit, Inquire

  • Service Desk → Service Ticket – Dependencies: Add, Edit, Inquire

  • Service Desk → Close Service Tickets: Edit, Inquire

  • Service Desk → Merge Tickets: Add, Edit, Inquire

  • Project → Project Ticket: Add, Edit, Inquire

  • Project → Project Ticket - Dependancies: Add, Edit, Inquire

  • Project → Close Project Tickets: Edit, Inquire

  • System → My Account: Add (My), Edit (My), Delete (My), Inquire (My)

  • System → Table Setup: Add, Inquire (Additional customization can be done to allow or disallow tables)

  • Time & Expense → Time Entry: Add, Edit, Delete (My), Inquire

  • Time & Expense → Time Entry Billable Option: Add, Edit, Delete(My), Inquire

  • Finance → Agreements: Inquire

  • Finance → Billing View Time: Inquire: ALL *Required for adding billable time to tickets

  • Finance → Billing View Time: Edit: ALL *Required for adding billable time to tickets

Breakdown of Actions per Security Role

The following tables outline the various actions the ConnectWise PSA integration can take within Rewst, grouped by their security roles in ConnectWise, and each of their required permission levels to be able to execute them in workflows. We also have a generic request action, that will require any relevant scopes for what it’s being used for. For more information on the ConnectWise API and its required permissions, please refer to the Official ConnectWise API documentation.

Companies

Actions
API Endpoint
Required Permission

List Companies

/company/companies

Inquire

Get Company

/company/companies/{id}

Inquire

List Communication Types

/company/communicationTypes

Inquire

List Contacts

/company/contacts

Inquire

Get Contact

/company/contacts/{id}

Inquire

Create Contact

/company/contacts

Add

Service Desk

Actions
API Endpoint
Required Permission

List Service Tickets

/service/tickets

Inquire

Get Service Ticket

/service/tickets/{id}

Inquire

Get Tasks

/service/tickets/{id}/tasks

Inquire

Create Task

/service/tickets/tasks/{id}

Add

Create Bulk Tasks

/service/tickets/tasks/bulk

Add

Update Task

/service/tickets/tasks/{id}

Edit

Update Service Ticket

/service/tickets/{id}

Edit

Create Service Ticket

/service/tickets

Add

Time & Expense

Actions
API Endpoint
Required Permission

Add Time Entry

/time/entries

Add

Finance

Actions
API Endpoint
Required Permission

List Agreements

/finance/agreements

Inquire

Last updated