arrow_back All features

MSP Granular Access Control

Control exactly what each person on your team can see and do — down to which clients they can access and what actions they can take.

Three team roles with distinct access levels

admin_panel_settings Owner
  • check Full access to all features, clients, and resources
  • check Manage billing, subscription, and plan changes
  • check Invite and remove team members
  • check Change roles for Admin and Member accounts
  • check Only role that can delete the team account
manage_accounts Admin
  • check Full operational access to all clients and resources
  • check Create, edit, and delete domains, DNS records, websites
  • check Manage DMARC policies for all clients
  • check Invite and manage Members
  • check Cannot access billing or delete the team
person Member
  • check Access scoped by the Owner or Admin
  • check Can be restricted to specific clients only
  • check Read-only or write access per resource type
  • check Cannot manage team membership
  • check Actions logged the same as other roles

Full audit log of every action

Every create, update, and delete action in Albaspot is recorded in the activity log. The log captures who took the action, what resource was affected, when it happened, and the originating IP address.

This applies to all MSP team members — Owner, Admin, and Member — as well as any client users operating through the client portal. You always have a complete trail.

  • arrow_right Actor name and role recorded on every entry
  • arrow_right Resource type and specific record affected
  • arrow_right Timestamp (UTC) for every action
  • arrow_right IP address of the request origin
  • arrow_right Filterable by client, resource type, or date range
history
Sarah (Admin) Updated DMARC policy
client-co.com · 2m ago
history
James (Member) Added DNS TXT record
example.net · 14m ago
history
Client: Dev user Added CNAME record
staging.client.io · 1h ago
history
Sarah (Admin) Registered domain
newclient.com · 3h ago

Team member invitations and management

Add team members by sending an email invitation from the Members section. Invitations have an expiry time — if not accepted, they become inactive and can be resent. Once accepted, the new member's role and access can be updated at any time by an Owner or Admin.

send Invite by email — invitation link sent automatically
timer Invitations expire and can be resent
edit Change role at any time without re-inviting
person_remove Remove access immediately by revoking membership

See it in practice

Set up your MSP team, define access levels, and start managing clients — all in one place.

Start free trial arrow_forward