In the Armor Management Portal (AMP), roles are similar to job titles that you must create and assign to your users. When you create a new role, you can populate that role with specific permissions. These permissions determine the type of access a user has in AMP.
For example, you can create an Accounting role, and then you can add specific permissions to only give the user access to accounting-related features in AMP, such as the permission to view invoices.
| Info |
|---|
When you create a new user, you must assign that user a role. |
There are two ways to assign a user to a role:
- Assign a default role with permissions already enabled in AMP.
- To learn more, see Assign a default role.
- Create a new role, populate that role with your preferred permissions, and then assign that role to a user.
- To learn more, see Create and assign a new role.
| Note |
|---|
To review Frequently Asked Questions (FAQs) regarding roles and permissions in AMP, see Introduction to Roles and Permissions. |
...
| Note |
|---|
If your AMP account was created before May 2017, then by default, you will only see the Admin role. This role contains every permission available. |
| Note |
|---|
In AMP, you can easily identify a default role by the orange Armor badge that displays next to the role name. You cannot edit the permissions within the default roles. |
The default Admin role contains every permission available.
This role is automatically assigned to a new administrator account.
This role is automatically updated with new permissions after an AMP release.
| Note |
|---|
With the Admin role, you can also view the specific routes associated with each permission. |
...
Permissions in the default billing role
At a high-level, the default Billing role contains mostly read-only permissions.
| Note |
|---|
This role is not automatically updated with new permissions after an AMP release. |
Review the following table to better understand the specific permissions associated with the default Billing role.
...
Security Dashboard (landing page)
...
Malware Protection
...
FIM
...
Patching
...
Log & Data Management
...
Read LogManagement
...
This permission allows you to view high-level information for log collection for each virtual machine, such as:
- Date logs were last received
- Average size of collected logs
- Log Status
...
Read LogSearch
...
Firewall
...
Read Firewall
...
This permission allows you to view details for firewall rules for each virtual machine.
...
This permission allows you to view available add-on products.
You must have this permission enabled in your account in order to view purchased services and also to order new services in AMP.
...
This permission allows you to view high-level data for workloads, such as
- the associated data center
- the number of tiers within the workload
- the number of virtual machines within the workload
...
This permission allows you to view data for a virtual machine, such as
- Operating system
- Size
- Corresponding workload
- Status
...
This permission allows you to view high-level data for the server replication (disaster recovery) add-on product. Specifically, this permission allows you to view:
- The status of the add-on product (configuring, enabled, disabled)
- The location of the primary data center
- The location of the failover data center
- The status of the replication
...
Tickets
...
This permission allows you to view the account-level information, such as
- Account overview
- Armor contacts
- User profiles
- Roles and permissions
...
This permission allows you to update your personal account information, such as your:
- Password
- Challenge Phrase
- Challenge Response
...
This permission allows you to view optional notes and tags that have been added to various AMP resources, such as a note added to a virtual machine.
...
In the Armor Management Portal (AMP), roles are similar to job titles that you must create and assign to your users. When you create a new role, you can populate that role with specific permissions. These permissions determine the type of access a user has in AMP.
For example, you can create an Accounting role, and then you can add specific permissions to only give the user access to accounting-related features in AMP, such as the permission to view invoices.
| Info |
|---|
When you create a new user, you must assign that user a role. |
There are two ways to assign a user to a role:
Assign a default role with permissions already enabled in AMP.
To learn more, see Assign a default role.
Create a new role, populate that role with your preferred permissions, and then assign that role to a user.
To learn more, see Create and assign a new role.
| Note |
|---|
To review Frequently Asked Questions (FAQs) regarding roles and permissions in AMP, see Introduction to Roles and Permissions. |
...
Assign a Default Role
Step 1: Review default roles and corresponding permissions
| Note |
|---|
If your AMP account was created before May 2017, then by default, you will only see the Admin role. This role contains every permission available. |
| Note |
|---|
In AMP, you can easily identify a default role by the orange Armor badge that displays next to the role name. You cannot edit the permissions within the default roles. |
| Expand | ||
|---|---|---|
| ||
The default Admin role contains every permission available. The role is automatically assigned to a new administrator account. The role is automatically updated with new permissions after an AMP release.
|
| Expand | ||
|---|---|---|
| ||
At a high-level, the default |
Billing role contains mostly read-only permissions.
Review the following table to better understand the specific permissions associated with the default |
Billing role.
|
...
Write LogManagement
...
|
...
|
...
|
...
|
...
|
...
|
...
|
...
|
...
|
...
|
...
|
...
|
...
|
...
|
...
|
...
|
...
|
...
|
...
This permission allows you to update an IP address, such as:
- Assign an IP addresses
- Unassign an IP addresses
- Delete IP address
- Request a new public IP address
...
|
...
|
...
|
...
|
...
|
...
|
...
|
...
|
...
|
...
|
...
|
...
|
...
|
...
|
...
Step 2: Assign a default role
- In the Armor Management Portal (AMP), in the left-side navigation, click Account.
- Click Roles + Permissions.
- Locate and select the desired default role (Admin, Billing, or Technical).
- Click Members.
- Under Members, enter and select the name of the user.
...
Step 1: Create a role and add permissions
...
Step 2: Assign a role to an existing user account
...
To view every permission available in AMP, see Review All Permissions.
...
| hidden | true |
|---|
test
Review permissions for popular AMP screens
Review the following tables to understand the permissions needed to interact with popular screens in AMP.
| Note |
|---|
To view every permission available in AMP, see Review All Permissions. |
| Note |
|---|
In the Roles and Permissions screen in AMP, you may see permissions that only apply to Armor Anywhere users. Your roles will not malfunction if you happen to add an Armor Anywhere permission to your role. |
Permissions for virtual machines and workloads
...
- Read Workload(s)
- Write Workload
- Read Virtual Machine Stats
- Read Virtual Machine(s)
- Write Virtual Machine
- Scale Virtual Machine
- Read Location(s)
- Read Virtual Data Centers
- Read Tasks
- Write Tasks
- Read Storage
- Read Network L2L
- Write Network L2L
- Read SSL VPN Devices and Users
- Write SSL VPN Devices and User
| Note |
|---|
If you ordered the Continuous Server Replication (Data Recovery) add-on product, then you must also have the following permissions:
|
| Note |
|---|
To learn more about the Virtual Machines screen, see Virtual Machines. |
Permissions for IP addresses
...
- Assign a new public IP address to virtual machine
- Assign an existing public IP address to a virtual machine
- Remove an existing public IP address from a virtual machine
- Delete an unassigned public IP address
- Delete an assigned public IP address
- Assign an available private IP address to a virtual machine
- Unassign a secondary private IP address from a virtual machine
...
- Read Network IP
- Write Network IP
- Read Network NAT
- Write Network NAT
- Read Location(s)
- Read Virtual Data Centers
| Note |
|---|
To learn more about the IP Addresses screen, see IP Address. |
Permissions for firewall rules
...
- Create a firewall rule with a new IP address group
- Create a firewall rule with an existing IP address group
- Edit a firewall rule
- Edit name
- Edit source
- Edit destination
- Edit action
- Edit services
- Enable or disable a firewall rule
- Delete a firewall rule
- Export firewall data
- Create an IP group
- Create a service group
...
- Write Network IP Addresses
- Read Firewall
- Write Firewall
- Read Location(s)
- Read Virtual Data Centers
| Note |
|---|
To learn more about the Firewall screen, see Firewall Rules. |
Permissions for L2L VPN tunnels
...
| Note |
|---|
To learn more about the L2L VPN screen, see L2L VPN Tunnel. |
Permissions for SSL/VPN
...
- Enable and install your SSL/VPN access
- Enable SSL/VPN access for your user
- Disable SSL/VPN for your user
...
| Note |
|---|
To access a virtual machine, you must download and install the SSL/VPN client. An account administrator must first enable their users the ability to download the client. As a result, an account administrator must have the following permissions enabled in their account:
|
| Note |
|---|
To learn more about the SSL/VPN screen, see SSL VPN. |
Permissions for support tickets
...
- Create a support ticket
- View a support ticket
- View an archived ticket
- Add a recipient to an existing support ticket
- Chat with Armor
...
- Read Ticket(s)
- Read Ticket Group(s)
- Write Ticket Group(s)
| Note |
|---|
In addition to these permissions, in order to view a ticket, you must be listed as a recipient. For example, if a user in your account sends a support ticket, and you are not listed as a recipient, then you will not be able to see this ticket. |
| Note |
|---|
To learn more about the Tickets screen, see Armor Support. |
...
| hidden | true |
|---|
Permissions for Advanced Backup
...
- Create a snapshot policy
- Assign a policy to a virtual machine
- Restore a virtual machine from a backup
...
- Read Avanced Backup Plans
- Commit Advanced Backup Restore
- Create Advanced Backup Policy
- Read Advanced Backup
- Read Advanced Backup Policy
- Read Advanced Backup Snapshots
- Read Advanced Backup Vms
- Refresh Advanced Backup Snapshots
- Remote Advanced Backup
- Request Advanced Backup Restore
- Update Advanced Backup Policy
- Write Advanced Backup
| Note |
|---|
Additionally, you must have all the permissions for the Virtual Machines screen. |
| Note |
|---|
To learn more about the Advanced Backup screen, see Advanced Backup. |
Permissions for Continuous Server Replication (Disaster Recovery)
...
- Order Continuous Server Replication (Disaster Recovery)
- Request a test failover
- Request a live failover
...
- Read Server Replication
- Write Server Replication
| Note |
|---|
Additionally, you must have all the permissions for the Virtual Machines screen. |
| Note |
|---|
To learn more about Continuous Server Replication (Disaster Recovery):
|
Permissions for Log & Data Management
...
- View collected logs in the Search section
- View the status of the logging subagent in the Sources section
...
- Write LogManagement
- Read LogManagement
...
Permissions for Armor Marketplace
...
- View available add-on products
- View subscription-based add-on products
- Add and cancel products
...
- Read Product Catalog
- View Subscriptions
- Write Subscriptions
| Note |
|---|
To learn more about the Armor Marketplace screen, see Armor Marketplace. |
Permissions for the Health Dashboards
...
- Health Overview (landing screen)
- Protection
- Detection
- Response
- Security Incidents
...
- View the data that populates the security dashboards
...
- Read Dashboard Statistics
| Note |
|---|
To learn more about the dashboards, see Health Overview Dashboard. |
Permissions for Security screens
...
- Security screens
- Malware Protection
- File Integrity Monitoring (FIM)
- Patching
...
- View the data that populates the security-focused screens
...
- Read AVAM
- Read FIM
- Read OS Packages
| Note |
|---|
To learn more, see: |
Topics Discussed
Table of Contents
|
| Expand | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
At a high-level, the default Technical role contains read-only and write-only permissions, with a focus on security and infrastructure resources in AMP.
Review the following table to better understand the specific permissions associated with the default Technical role.
|
Step 2: Assign a default role
In the Armor Management Portal (AMP), in the left-side navigation, click Account.
Click Roles + Permissions.
Locate and select the desired default role (Admin, Billing, or Technical).
Click Members.
Under Members, enter and select the name of the user.
...
Create and assign a new role
Step 1: Create a role and add permissions
In the Armor Management Portal (AMP), in the left-side navigation, click Account.
Click Roles + Permissions.
Click the plus ( + ) icon.
In the top, right corner of the screen, hover over the gear icon.
Click the blue pencil (Rename) icon.
In the window that appears, enter a descriptive name, and then click Rename Role.
In the top menu, click Members.
In the field, enter and select the user (or users) to assign to the role.
In the top menu, click Permissions.
Mark the permissions to add to your role.
At the bottom of the screen, click Save Role.
Step 2: Assign a role to an existing user account
In the Armor Management Portal (AMP), in the left-side navigation, click Account.
Click Roles + Permissions.
Locate and select the desired role.
In the top menu, click Members.
In the field, enter and select the desired user.
The change will be automatically saved.
The user will have immediate access to the permissions within the role.
...
Update a permission for a role
| Note |
|---|
You cannot edit the permissions within a default role. |
| Note |
|---|
Remember, when you update the permissions for a role, the users assigned to that role will automatically be able to use the newly added permissions. |
In the Armor Management Portal (AMP), in the left-side navigation, click Account.
Click Roles + Permissions.
Locate and select the desired role.
Mark (or unmark) the desired permissions.
Click Save Role in the bottom of the screen.
...
Remove a role for a newly created or existing user
After you create a user account with an assigned role, the new user will receive an email to complete the account creation process. During this time, the account administrator has limited access to that user account; however, the account administrator can still update roles and permissions for the newly crated user.
In the Armor Management Portal (AMP), in the left-side navigation, click Account.
Click Roles + Permissions.
In the search field, enter the name of the user, and click the magnifying glass icon.
The table will display the roles assigned to the user.
Click the desired role.
In the top menu, click Members.
In the table, place the cursor over the user, and then click the trash icon.
Click Remove Access.
...
Delete A Role
| Note |
|---|
You do not need to remove the permissions from a role in order to delete a role. |
In the Armor Management Portal (AMP), in the left-side navigation, click Account.
Click Roles + Permissions.
Locate and hover over the desired role.
Click the vertical ellipses.
Click Delete.
Click Delete Role.
...
Additional Documentation
To view every permission available in AMP, see Review All Permissions.
| Note |
|---|
In the Roles and Permissions screen, you may see permissions that only apply to Armor Complete or Armor Anywhere users. Your roles will not malfunction if you happen to add apermission for a different product to your role. |