...

id	437218680

...

id	437218696

Section

background-color	$lightGrayColor
id	437218675

Topics Discussed

Table of Contents

maxLevel	3
minLevel	3

...

id	437218686

In the Armor Management Portal (AMP), roles are similar to job titles that you must create and assign to your users. When you create a new role, you can populate that role with specific permissions. These permissions determine the type of access a user has in AMP.

For example, you can create an Accounting role, and then you can add specific permissions to only give the user access to accounting-related features in AMP, such as the permission to view invoices.

Info

When you create a new user, you must assign that user a role.

There are two ways to assign a user to a role:

Assign a default role with permissions already enabled in AMP.
- To learn more, see Assign a default role.
Create a new role, populate that role with your preferred permissions, and then assign that role to a user.
- To learn more, see Create and assign a new role.

Note
To review Frequently Asked Questions (FAQs) regarding roles and permissions in AMP, see Introduction to Roles and Permissions.

Anchor
Assign a default role
Assign a default role
Assign a Default Role

...

Anchor
Review default roles and corresponding permissions
Review default roles and corresponding permissions
Step 1: Review default roles and corresponding permissions

Note
If your AMP account was created before May 2017, then by default, you will only see the Admin role. This role contains every permission available.

Note

In AMP, you can easily identify a default role by the orange Armor badge that displays next to the role name.

You cannot edit the permissions within the default roles.

Expand

title	Permissions in the default Admin role

The default Admin role contains every permission available.

This role is automatically assigned to a new administrator account.

This role is automatically updated with new permissions after an AMP release.

Note

With the Admin role, you can also view the specific routes associated with each permission.

In the Armor Management Portal (AMP), in the left-side navigation, clickAccount.
ClickRoles + Permissions.
Locate and select the desired role.
Click the expand arrow for the permission that you want to view.

Expand

title	Permissions in the default Billing role

At a high-level, the default Billing role contains mostly read-only permissions.

Note
This role is not automatically updated with new permissions after an AMP release.

Review the following table to better understand the specific permissions associated with the default Billing role.

AMP Screen	Permission	Description
Security Dashboard (landing page)	Read Dashboard Statistics	This permission allows you to view the widgets (and corresponding data) that populate the security dashboard. These widgets display a high-level status of your virtual machines, agents, and open security incidents.
Malware Protection	Read AVAM	This permission allows you to view antivirus and anti-malware (malware protection) details for each virtual machine.
FIM	Read FIM	This permission allows you to view file integrity details for each virtual machine.
Patching	Read OS Packages	This permission allows you to view details OS patching details for each virtual machine.
Intrusion Detection	Read IDS	This permission allows you to view intrusion detection data.
Log & Data Management	Read LogManagement	This permission allows you to view high-level information for log collection for each virtual machine, such as: Date logs were last received Average size of collected logs Log Status
Log & Data Management	Read LogSearch	This permission allows you to view details for log collection, such as the specific log message, for each virtual machine.
Firewall	Read Firewall	This permission allows you to view details for firewall rules for each virtual machine.
Marketplace	Read Product Catalog	This permission allows you to view available add-on products. You must have this permission enabled in your account in order to view purchased services and also to order new services in AMP.
Marketplace (and My Products)	View Subscriptions	This permission allows you to view subscription-based add-on products in the My Products screen of the User Details screen.
Workloads	Read Workload(s)	This permission allows you to view high-level data for workloads, such as the associated data center the number of tiers within the workload the number of virtual machines within the workload
Virtual Machines	Write Orders	This permission allows you to provision a new virtual machine.
Virtual Machines	Read Virtual Machine Stats	This permission allows you to view usage data for a virtual data. This data is displayed in a line graph.
Virtual Machines	Read Virtual Machine(s)	This permission allows you to view data for a virtual machine, such as Operating system Size Corresponding workload Status
Virtual Machines	Read Location(s)	This permission allows you to view a list of available Armor data centers when you manage your virtual machines.
Virtual Machines	Read Virtual Data Centers	This permission allows you to view the list of virtual environments in your account.
Virtual Machines	Read Server Replication	This permission allows you to view high-level data for the server replication (disaster recovery) add-on product. Specifically, this permission allows you to view: The status of the add-on product (configuring, enabled, disabled) The location of the primary data center The location of the failover data center The status of the replication
Virtual Machines	Read Tasks	This permission allows you to view pending tasks, such as a scheduled delete or downsize of a virtual machine.
Virtual Machines	Read Storage	This permission allows you to view disk and storage information for a virtual machine.
IP Addresses	Read Network IP	This permission allows you to view data for unassigned and assigned public and private IP addresses
IP Addresses	Read Network NAT	This permission allows you to view DNAT assignments.
L2L VPN	Read Network L2L	This permission allows you to view high-level data for your L2L network tunnels.
SSL/VPN	Read SSL VPN Devices and Users	This permission allows you to view the status of your users' SSL VPN client.
Compliance	Read Compliance	This permission allows you to view information for the vulnerability scanning add-on product information. Specifically, you will see the status of the add-on product.
Tickets	Read Ticket(s)	This permission allows you to view support tickets listed in the ViewArchivedTickets section.
Overview (Account screen)	Read Identity	This permission allows you to view the account-level information, such as Account overview Armor contacts User profiles Roles and permissions
User Detail	Update Personal Identity	This permission allows you to update your personal account information, such as your: Password Challenge Phrase Challenge Response
User Detail	Read Notification(s)	This permission allows you to view the notification preferences for your users, such as a user's preference to receive an email regarding technical updates.
Invoices	View Invoices	This permission allows you to view current and previous invoices.
Payment Methods	Read Payment Information	This permission allows you to view current payment information, such as the primary payment method.
Payment Methods	Write / Update Payment Information	This permission allows you to update the payment information, such as adding a new credit card or assigning a new primary payment method
Not applicable	Read Entity Metadata	This permission allows you to view optional notes and tags that have been added to various AMP resources, such as a note added to a virtual machine.
Not applicable	Write Entity Metadata	This permission allows you to add, update, and delete optional notes and tags to various AMP resource, such as adding a note to a virtual machine.
Not applicable	Global Search	This permission allows you to use the global search function throughout AMP.

Expand

title	Permissions in the default Technical role

At a high-level, the default Technical role contains read-only and write-only permissions, with a focus on security and infrastructure resources in AMP.

Note
This role is not automatically updated with new permissions after an AMP release.

Review the following table to better understand the specific permissions associated with the default Technical role.

AMP Screen	Permission	Description
Security Dashboard (landing page)	Read Dashboard Statistics	This permission allows you to view the widgets (and corresponding data) that populate the security dashboard. These widgets display a high-level status of your virtual machines, agents, and open security incidents.
Malware Protection	Read AVAM	This permission allows you to view antivirus and anti-malware (malware protection) details for each virtual machine.
FIM	Read FIM	This permission allows you to view file integrity details for each virtual machine.
Patching	Read OS Packages	This permission allows you to view details OS patching details for each virtual machine.
Intrusion Detection	Read IDS	This permission allows you to view intrusion detection data.
Log & Data Management	Read LogManagement	This permission allows you to view high-level information for log collection for each virtual machine, such as: Date logs were last received Average size of collected logs Log Status
Log Management	Read LogSearch	This permission allows you to view details for log collection, such as the specific log message, for each virtual machine.
Log Management	Write LogManagement	This permission allows you to update the log management service, specifically the permission to upgrade the log retention plan.
Firewall	Read Firewall	This permission allows you to view details for firewall rules for each virtual machine.
Firewall	Write Firewall	This permission allows you to add, update, or delete firewall rules.
Marketplace	Read Product Catalog	This permission allows you to view available add-on products. You must have this permission enabled in your account in order to view purchased services and also to order new services in AMP.
Marketplace (and My Products)	View Subscriptions	This permission allows you to view subscription-based add-on products in the My Products screen of the User Details screen.
Marketplace (and My Products)	Write Subscriptions	This permission allows you to view the Armor Marketplace, as well as add and cancel subscription-based add-on products. Specifically, you can add the subscription in the Armor Marketplace, and then cancel the subscription in the My Products screen of the User Details screen.
Workloads	Read Workload(s)	This permission allows you to view high-level data for workloads, such as the associated data center the number of tiers within the workload the number of virtual machines within the workload
Workloads	Write Workload	This permission allows you to create, update, and remove workloads and tiers.
Virtual Machines / VM Details	Write Orders	This permission allows you to provision a new virtual machine.
Virtual Machines / VM Details	Read Virtual Machine Stats	This permission allows you to view usage data for a virtual data. This data is displayed in a line graph.
Virtual Machines / VM Details	Read Virtual Machine(s)	This permission allows you to view data for a virtual machine, such as Operating system Size Corresponding workload Status
Virtual Machines / VM Details	Scale Virtual Machine	This permission allows you upgrade or downgrade (resize) the size of a virtual machine.
Virtual Machines / VM Details	Write Virtual Machine	This permission allows you to create, update, and remove virtual machines.
Virtual Machines / VM Details	Read Location(s)	This permission allows you to view a list of available Armor data centers when you manage your virtual machines.
Virtual Machines / VM Detail	Read Virtual Data Centers	This permission allows you to view the list of virtual environments in your account.
Virtual Machines	Read Server Replication	This permission allows you to view high-level data for the server replication (disaster recovery) add-on product. Specifically, this permission allows you to view: The status of the add-on product (configuring, enabled, disabled) The location of the primary data center The location of the failover data center The status of the replication
Virtual Machines	Write Server Replication	This permission allows you to order and cancel the server replication add-on product.
Virtual Machines	Read Tasks	This permission allows you to view pending tasks, such as a scheduled delete or downsize of a virtual machine.
Virtual Machines	Write Tasks	This permission allows you to schedule a delete or downsize of a virtual machine.
Virtual Machines	Read Storage	This permission allows you to view disk and storage information for a virtual machine.
IP Addresses	Read Network IP	This permission allows you to view data for unassigned and assigned public and private IP addresses
IP Addresses	Write Network IP	This permission allows you to update an IP address, such as: Assign an IP addresses Unassign an IP addresses Delete IP address Request a new public IP address
IP Addresses	Read Network NAT	This permission allows you to view DNAT assignments.
IP Addresses	Write Network NAT	This permission allows you to add and remove DNAT assignments.
L2L VPN	Read Network L2L	This permission allows you to view high-level data for your L2L network tunnels.
L2L VPN	Write Network L2L	This permission allows you to add, update, and remove L2L tunnels.
SSL/VPN	Read SSL VPN Devices and Users	This permission allows you to view the status of your users' SSL VPN client.
SSL/VPN	Write SSL VPN Devices and User	This permission allows you to enable your users the ability to download and install the SSL VPN client.
Compliance	Read Compliance	This permission allows you to view information for the vulnerability scanning add-on product information. Specifically, you will see the status of the add-on product.
Compliance	Write Compliance	This permission allows you to upgrade, downgrade, or delete the vulnerability scanning add-on product.
Tickets	Read Ticket(s)	This permission allows you to view support tickets listed in the ViewArchivedTickets section.
Overview (Account screen)	Read Identity	This permission allows you to view the account-level information, such as Account overview Armor contacts User profiles Roles and permissions
User Detail	Update Personal Identity	This permission allows you to update your personal account information, such as your: Password Challenge Phrase Challenge Response
User Detail	Read Notification(s)	This permission allows you to view the notification preferences for your users, such as a user's preference to receive an email regarding technical updates.
Not applicable	Read Entity Metadata	This permission allows you to view optional notes and tags that have been added to various AMP resources, such as a note added to a virtual machine.
Not applicable	Write Entity Metadata	This permission allows you to add, update, and delete optional notes and tags to various AMP resource, such as adding a note to a virtual machine.
Not applicable	Global Search	This permission allows you to use the global search function throughout AMP.

Step 2: Assign a default role

In the Armor Management Portal (AMP), in the left-side navigation, click Account.
Click Roles + Permissions.
Locate and select the desired default role (Admin, Billing, or Technical).
Click Members.
Under Members, enter and select the name of the user.

Anchor
Create and assign a new role
Create and assign a new role
Create and assign a new role

...

Step 1: Create a role and add permissions

Insert excerpt

	ESLP:Create a role and add permissions (snippet)
	ESLP:Create a role and add permissions (snippet)
nopanel	true

Step 2: Assign a role to an existing user account

Insert excerpt

	ESLP:Assign a role to an existing user account (snippet)
	ESLP:Assign a role to an existing user account (snippet)
nopanel	true

Anchor
Update permissions to a role
Update permissions to a role
Update a permission for a role

...

Insert excerpt

	ESLP:Update a permission for a role (snippet)
	ESLP:Update a permission for a role (snippet)
nopanel	true

Anchor
Remove a role for a newly created or existing user
Remove a role for a newly created or existing user
Remove a role for a newly created or existing user

...

Insert excerpt

	ESLP:Remove a role for a newly created or existing user (snippet)
	ESLP:Remove a role for a newly created or existing user (snippet)
nopanel	true

Anchor
Delete a role
Delete a role
Delete A Role

...

Insert excerpt

	ESLP:Delete a role (snippet)
	ESLP:Delete a role (snippet)
nopanel	true

Additional Documentation

To view every permission available in AMP, see Review All Permissions.

Note
In the Roles and Permissions screen, you may see permissions that only apply to Armor Complete or Armor Anywhere users. Your roles will not malfunction if you happen to add apermission for a different product to your role.

Was this helpful?

Excerpt

hidden	true

test

Review permissions for popular AMP screens

Review the following tables to understand the permissions needed to interact with popular screens in AMP.

Note
To view every permission available in AMP, see Review All Permissions.

Note
In the Roles and Permissions screen in AMP, you may see permissions that only apply to Armor Anywhere users. Your roles will not malfunction if you happen to add an Armor Anywhere permission to your role.

Permissions for virtual machines and workloads

Screen / Feature

Actions

Permissions

Additional information

Virtual Machines and Workloads

Create a virtual machine
Reboot, reset, or turn off a virtual machine
Delete a virtual machine
Resize a virtual machine
Upgrade a virtual machine
Downgrade a virtual machine
Add disk space to an existing virtual machine
Export virtual machine data
View a workload
Create a workload

Read Workload(s)
Write Workload
Read Virtual Machine Stats
Read Virtual Machine(s)
Write Virtual Machine
Scale Virtual Machine
Read Location(s)
Read Virtual Data Centers
Read Tasks
Write Tasks
Read Storage
Read Network L2L
Write Network L2L
Read SSL VPN Devices and Users
Write SSL VPN Devices and User

Note

If you ordered the Continuous Server Replication (Data Recovery) add-on product, then you must also have the following permissions:

Read Server Replication
Write Server Replication

Note
To learn more about the Virtual Machines screen, see Virtual Machines.

Permissions for IP addresses

Screen / Feature

Actions

Permissions

Additional information

IP Addresses

Assign a new public IP address to virtual machine
Assign an existing public IP address to a virtual machine
Remove an existing public IP address from a virtual machine
Delete an unassigned public IP address
Delete an assigned public IP address
Assign an available private IP address to a virtual machine
Unassign a secondary private IP address from a virtual machine

Read Network IP
Write Network IP
Read Network NAT
Write Network NAT
Read Location(s)
Read Virtual Data Centers

Note
To learn more about the IP Addresses screen, see IP Address.

Permissions for firewall rules

Screen / Feature

Actions

Permissions

Additional information

Firewall

Create a firewall rule with a new IP address group
Create a firewall rule with an existing IP address group
Edit a firewall rule
Edit name
Edit source
Edit destination
Edit action
Edit services
Enable or disable a firewall rule
Delete a firewall rule
Export firewall data
Create an IP group
Create a service group

Write Network IP Addresses
Read Firewall
Write Firewall
Read Location(s)
Read Virtual Data Centers

Note
To learn more about the Firewall screen, see Firewall Rules.

Permissions for L2L VPN tunnels

Screen / Feature

Actions

Permissions

Additional information

L2L VPN

Create an L2L VPN tunnel with a new workload
Edit an L2L VPN tunnel
Enable, disable, or delete an L2L VPN tunnel

Read Network L2L
Write Network L2L
Read Location(s)
Read Virtual Data Centers

Note
To learn more about the L2L VPN screen, see L2L VPN Tunnel.

Permissions for SSL/VPN

Screen / Feature

Actions

Permissions

Additional information

SSL/VPN

Enable and install your SSL/VPN access
Enable SSL/VPN access for your user
Disable SSL/VPN for your user

Read Network L2L
Write Network L2L
Read Location(s)
Read Virtual Data Centers

Note

To access a virtual machine, you must download and install the SSL/VPN client. An account administrator must first enable their users the ability to download the client. As a result, an account administrator must have the following permissions enabled in their account:

Read SSL VPN Devices and Users
Write SSL VPN Devices and Users
Read Location(s)
Read Virtual Data Centers

Note
To learn more about the SSL/VPN screen, see SSL VPN - decomission.

Permissions for support tickets

Screen / Feature

Actions

Permissions

Additional information

Tickets

Create a support ticket
View a support ticket
View an archived ticket
Add a recipient to an existing support ticket
Chat with Armor

Read Ticket(s)
Read Ticket Group(s)
Write Ticket Group(s)

Note
In addition to these permissions, in order to view a ticket, you must be listed as a recipient. For example, if a user in your account sends a support ticket, and you are not listed as a recipient, then you will not be able to see this ticket.

Note
To learn more about the Tickets screen, see Armor Support.

Excerpt

hidden	true

Permissions for Advanced Backup

Screen / Feature

Actions

Permissions

Additional information

Advanced Backup

Create a snapshot policy
Assign a policy to a virtual machine
Restore a virtual machine from a backup

Read Avanced Backup Plans
Commit Advanced Backup Restore
Create Advanced Backup Policy
Read Advanced Backup
Read Advanced Backup Policy
Read Advanced Backup Snapshots
Read Advanced Backup Vms
Refresh Advanced Backup Snapshots
Remote Advanced Backup
Request Advanced Backup Restore
Update Advanced Backup Policy
Write Advanced Backup

Note
Additionally, you must have all the permissions for the Virtual Machines screen.

Note
To learn more about the Advanced Backup screen, see Advanced Backup.

Permissions for Continuous Server Replication (Disaster Recovery)

Screen / Feature

Actions

Permissions

Additional information

Continuous Server Replication (Disaster Recovery)

Order Continuous Server Replication (Disaster Recovery)
Request a test failover
Request a live failover

Read Server Replication
Write Server Replication

Note
Additionally, you must have all the permissions for the Virtual Machines screen.

Note

To learn more about Continuous Server Replication (Disaster Recovery):

If you are a native Generation 4 user, see Continuous Server Replication - Disaster Recovery.
If you are an upgraded user, see Continuous Server Replication - Disaster Recovery - for Upgraded Users.

Permissions for Log & Data Management

Screen / Feature

Actions

Permissions

Additional information

Log & Data Management

View collected logs in the Search section
View the status of the logging subagent in the Sources section

Write LogManagement
Read LogManagement

Note
To learn more about Log Management, seeNOT PUBLISHED: Log Management.

Permissions for Armor Marketplace

Screen / Feature

Actions

Permissions

Additional information

Armor Marketplace

View available add-on products
View subscription-based add-on products
Add and cancel products

Read Product Catalog
View Subscriptions
Write Subscriptions

Note
To learn more about the Armor Marketplace screen, see Armor Marketplace.

Permissions for the Health Dashboards

Screen / Feature

Actions

Permissions

Additional information

Health Overview (landing screen)
- Protection
- Detection
- Response
- Security Incidents

View the data that populates the security dashboards

Read Dashboard Statistics

Note
To learn more about the dashboards, see Health Overview Dashboard.

Permissions for Security screens

Screen / Feature

Actions

Permissions

Additional information

Security screens
- Malware Protection
- File Integrity Monitoring (FIM)
- Patching

View the data that populates the security-focused screens

Read AVAM
Read FIM
Read OS Packages

Note

To learn more, see:

Topics Discussed

Table of Contents

maxLevel	3
minLevel	3

Versions Compared

Old Version 201

New Version 202

Key

Topics Discussed

Anchor
Assign a default role
Assign a default role
Assign a Default Role

Anchor
Review default roles and corresponding permissions
Review default roles and corresponding permissions
Step 1: Review default roles and corresponding permissions

Step 2: Assign a default role

Anchor
Create and assign a new role
Create and assign a new role
Create and assign a new role

Step 1: Create a role and add permissions

Step 2: Assign a role to an existing user account

Anchor
Update permissions to a role
Update permissions to a role
Update a permission for a role

Anchor
Remove a role for a newly created or existing user
Remove a role for a newly created or existing user
Remove a role for a newly created or existing user

Anchor
Delete a role
Delete a role
Delete A Role

Additional Documentation

Was this helpful?

Review permissions for popular AMP screens

Permissions for virtual machines and workloads

Permissions for IP addresses

Permissions for firewall rules

Permissions for L2L VPN tunnels

Permissions for SSL/VPN

Permissions for support tickets

Permissions for Advanced Backup

Permissions for Continuous Server Replication (Disaster Recovery)

Permissions for Log & Data Management

Permissions for Armor Marketplace

Permissions for the Health Dashboards

Permissions for Security screens

Topics Discussed

Page Comparison

Versions Compared

Old Version 201

New Version 202

Key

Topics Discussed

AnchorAssign a default roleAssign a default roleAssign a Default Role

AnchorReview default roles and corresponding permissionsReview default roles and corresponding permissionsStep 1: Review default roles and corresponding permissions

Step 2: Assign a default role

AnchorCreate and assign a new roleCreate and assign a new roleCreate and assign a new role

Step 1: Create a role and add permissions

Step 2: Assign a role to an existing user account

AnchorUpdate permissions to a role Update permissions to a role Update a permission for a role

AnchorRemove a role for a newly created or existing userRemove a role for a newly created or existing userRemove a role for a newly created or existing user

AnchorDelete a roleDelete a roleDelete A Role

Additional Documentation

Was this helpful?

Review permissions for popular AMP screens

Permissions for virtual machines and workloads

Permissions for IP addresses

Permissions for firewall rules

Permissions for L2L VPN tunnels

Permissions for SSL/VPN

Permissions for support tickets

Permissions for Advanced Backup

Permissions for Continuous Server Replication (Disaster Recovery)

Permissions for Log & Data Management

Permissions for Armor Marketplace

Permissions for the Health Dashboards

Permissions for Security screens

Topics Discussed

Anchor
Assign a default role
Assign a default role
Assign a Default Role

Anchor
Review default roles and corresponding permissions
Review default roles and corresponding permissions
Step 1: Review default roles and corresponding permissions

Anchor
Create and assign a new role
Create and assign a new role
Create and assign a new role

Anchor
Update permissions to a role
Update permissions to a role
Update a permission for a role

Anchor
Remove a role for a newly created or existing user
Remove a role for a newly created or existing user
Remove a role for a newly created or existing user

Anchor
Delete a role
Delete a role
Delete A Role