As a MSP, I have management users and techs. I want my tech to be able to go to a roaming client and change the policy depending on what the computer needs. They can't do that with Policy Only permission. The next permission is Admin but that gives them Billing access which we dont need them to get access to. Please create something in the middle that gives my tech full permission to manage our clients without needing to see the management side of DNSFilter for our MSP like billing, users management.