Review All Permissions
- Former user (Deleted)
- Soniya Patil
- Former user (Deleted)
In the Armor Management Portal (AMP), permissions allow you to control the way your users access their AMP account.
There are many shared permissions between Armor Enterprise Cloud and Armor Anywhere. As a result, this document applies to both Armor Enterprise Cloud and Armor Anywhere users.
Review the Product compatibility column for product-specific permissions.
In the Roles and Permissions screen, you may see permissions that only apply to Armor Enterprise Cloud or Armor Anywhere users. Your roles will not malfunction if you include a permission for a different product into your role.
Security Permissions
Screen | Permission | Description | Product compatibility |
|---|---|---|---|
Security Health Dashboards
| Read Dashboard Statistics | This permission allows you to view the data that populates the security dashboards. |
|
Malware Protection | Read AVAM | This permission allows you to view antivirus and anti-malware (malware protection) details for each virtual machine. |
|
Malware Protection | Read Trend Manual Scan | This permission allows you to view which virtual machines are eligible for a manual scan. |
|
Malware Protection | Writer Trend Manual Scan | This permission allows you to start a manual scan for a virtual machine. |
|
FIM | Read FIM | This permission allows you to view file integrity details for each virtual machine. |
|
Patching | Read OS Packages | This permission allows you to view details OS patching details for each virtual machine. |
|
Intrusion Detection | Read IDS | This permission allows you to view intrusion detection data. |
|
Log & Data Management | Read LogManagement | This permission allows you to view high-level information for log collection for each virtual machine, such as:
|
|
Log & Data Management | Write LogManagement | This permission allows you to update the log management service, specifically the permission to upgrade the log retention plan. |
|
Log & Data Management | Read Log Management Plan Selection | This permission allows you to view additional log retention plans. |
|
Log & Data Management | Write Log Management Plan Selection | This permission allows you to change log retention plans. |
|
Log & Data Management | Delete Log Management | This permission allows you to delete a log source. |
|
Log & Data Management | Read Log Endpoints | This permission allows you to view an endpoint. |
|
Log & Data Management | Write Log Endpoints | This permission allows you to create an endpoint. |
|
Log & Data Management | Delete Log Endpoints | This permission allows you to delete an endpoint. |
|
Log & Data Management | Read Log Relays | This permission allows you to view a remote log source. |
|
Log & Data Management | Write Log Relays | This permission allows you to create a remote log source. |
|
Log & Data Management | Delete Log Relays | This permission allows you to delete a remote log source. |
|
Vulnerability Scanning | Read Compliance | This permission allows you to view information for the vulnerability scanning add-on product information. Specifically, you will see the status of the add-on product. |
|
Vulnerability Scanning | Write Compliance | This permission allows you to upgrade, downgrade, or delete the vulnerability scanning add-on product. |
|
Vulnerability Scanning | View Vulnerability Scans | This permission allows you to view the data for a vulnerability scanning report, via a downloaded report or within AMP. |
|
Dynamic Threat Blocking | Read Dynamic Threat Blocking Rule(s) | This permission allows you to view IP rules that have been created. |
|
Dynamic Threat Blocking | Write Dynamic Threat Blocking Rule(s) | This permission allows you to create and delete an IP rule (whitelist or blacklist). |
|
Dynamic Threat Blocking | Write Dynamic Threat Blocking Rule Never Expire IP | This permission allows you to create an IP rule (whitelist or blacklist) without an expiration date. |
|
Dynamic Threat Blocking | Read Dynamic Threat Blocking(s) | This permission allows you to perform an IP lookup. Additionally, this permission allows you to view other IP lookups that have taken place in your account. |
|
Firewall | Read Firewall | This permission allows you to view details for firewall rules for each virtual machine. |
|
Firewall | Write Firewall | This permission allows you to add, update, or delete firewall rules. |
|
Security Incidents | Read Dashboard Statistics | This permission allows you to view the data that populates the security dashboards, which includes open or pending security incidents. |
|
Marketplace Permissions
Screen | Permission | Description | Product compatibility |
|---|---|---|---|
Marketplace | Read Product Catalog | This permission allows you to view available add-on products. You must have this permission enabled in your account in order to view purchased services and also to order new services in AMP. |
|
Marketplace and My Products | View Subscriptions | This permission allows you to view subscription-based add-on products in the My Products screen of the User Details screen. |
|
Marketplace (and My Products) | Write Subscriptions | This permission allows you to view the Armor Marketplace, as well as add and cancel subscription-based add-on products. Specifically, you can add the subscription in the Armor Marketplace, and then cancel the subscription in the My Products screen of the User Details screen. |
|
Infrastructure Permissions
Screen | Permission | Description | Product compatibility |
|---|---|---|---|
Workloads | Read Workload(s) | This permission allows you to view high-level data for workloads, such as
|
|
Workloads | Write Workload | This permission allows you to create, update, and remove workloads and tiers. |
|
Virtual Machines | Read Virtual Machine Stats | This permission allows you to view usage data for a virtual data. This data is displayed in a line graph. |
|
Virtual Machines | Read Virtual Machine(s) | This permission allows you to view data for a virtual machine, such as
|
|
Virtual Machines | Write Virtual Machine | This permission allows you to update and remove virtual machines. |
|
Virtual Machines | Read Orders | This permission allows you to view data related to your virtual machine purchase. |
|
Virtual Machines | Write Orders | This permission allows you to purchase a virtual machine. |
|
Virtual Machines | Scale Virtual Machine | This permission allows you upgrade or downgrade (resize) the size of a virtual machine. |
|
Virtual Machines | Read Location(s) | This permission allows you to view a list of available Armor data centers when you manage your virtual machines. |
|
Virtual Machines | Read Virtual Data Centers | This permission allows you to view the list of virtual environments in your account. |
|
Virtual Machines | Read Server Replication | This permission allows you to view high-level data for the server replication (disaster recovery) add-on product. Specifically, this permission allows you to view:
|
|
Virtual Machines | Write Server Replication | This permission allows you to order and cancel the server replication add-on product. |
|
Virtual Machines | Read Tasks | This permission allows you to view pending tasks, such as a scheduled delete or downsize of a virtual machine. |
|
Virtual Machines | Write Tasks | This permission allows you to schedule a delete or downsize of a virtual machine. |
|
Virtual Machines | Read Storage | This permission allows you to view disk and storage information for a virtual machine. |
|
Virtual Machines | View Core License | This permission allows you to view the core license, which is necessary to download and install the Anywhere agent. |
|
Virtual Machines | Read Utilization | This permission allows you to export the usage for your virtual machine. |
|
IP Addresses | Read Network IP | This permission allows you to view data for unassigned and assigned public and private IP addresses |
|
IP Addresses | Write Network IP | This permission allows you to update an IP address, such as:
|
|
IP Addresses | Read Network NAT | This permission allows you to view DNAT assignments. |
|
IP Addresses | Write Network NAT | This permission allows you to add and remove DNAT assignments. |
|
L2L VPN | Read Network L2L | This permission allows you to view high-level data for your L2L network tunnels. |
|
L2L VPN | Write Network L2L | This permission allows you to add, update, and remove L2L tunnels. |
|
SSL/VPN | Read SSL VPN Devices and Users | This permission allows you to view the status of your users' SSL VPN client. |
|
SSL/VPN | Write SSL VPN Devices and User | This permission allows you to enable your users the ability to download and install the SSL VPN client. |
|
Advanced Backup | Commit Advanced Backup Restore | This permission allows you to commit a snapshot after the restoration is complete. |
|
Advanced Backup | Create Advanced Backup Policy | This permission allows you to create a new policy. |
|
Advanced Backup | Read Advanced Backup | This permission allows you to view the Advanced Backup screen. |
|
Advanced Backup | Read Advanced Backup Policy | This permission allows you to view policy information and details. |
|
Advanced Backup | Read Advanced Backup Snapshots | This permission allows you to view a list of snapshots (backups) for a virtual machine. |
|
Advanced Backup | Read Advanced Backup Vms | This permission allows you to view the virtual machines that are subscribed to Advanced Backup. |
|
Advanced Backup | Refreshed Advanced Backup Snapshots | This permission allows you to refresh the current list of available snapshots (backups) for a virtual machine. |
|
Advanced Backup | Remove Advanced Backup | This permission allows you to remove Advanced Backup from a virtual machine. |
|
Advanced Backup | Request Advanced Backup Restore | This permission allows you to initiate a restoration of a snapshot (backup). |
|
Advanced Backup | Update Advanced Backup Policy | This permission allows you to update the configurations of a policy. |
|
Advanced Backup | Write Advanced Backup | This permission allows you to create a policy. |
|
Advanced Backup | Read Advanced Backup Plans | This permission allows you to view a list of policies. |
|
Support Permissions
Screen | Permission | Description | Product compatibility |
|---|---|---|---|
Tickets | Read Ticket(s) | This permission allows you to view support tickets listed in the View Archived Tickets section. |
|
Tickets | Write Ticket(s) | This permission allows you to create, edit, respond, and share a ticket. |
|
Tickets | Read Ticket Group(s) | This permission allows you to view and follow a support ticket, as well as access the Organization features of the ticket. |
|
Tickets | Write Ticket Group(s) | This permission allows you to create and follow a support ticket, as well as access the Organization features of the ticket. |
|
Account Permissions
Screen | Permission | Description | Product compatibility |
|---|---|---|---|
Overview (Account screen) | Read Identity | This permission allows you to view the account-level information, such as
|
|
Overview (Account screen) | Write Identity | This permission allows you to update account-level information, such as:
|
|
Overview (Account screen) | Write Account | This permission allows you to update your company profile, such as the address. |
|
User Detail | Update Personal Identity | This permission allows you to update your personal account information, such as your:
|
|
Cloud Connections | Read Cloud Connections | This permission allows you to view public cloud accounts that have been synced with AMP. |
|
Cloud Connections | Write Cloud Connections | This permission allows you to add a new public cloud account to sync with AMP. |
|
User Detail | Read Notification(s) | This permission allows you to view the notification preferences for your users, such as a user's preference to receive an email regarding technical updates. |
|
Invoices + Payments | View Invoices | This permission allows you to view current and previous invoices. |
|
Payment Methods | Read Payment Information | This permission allows you to view current payment information, such as the primary payment method. |
|
Payment Methods | Update Payment Information | This permission allows you to update the payment information, such as adding a new credit card or assigning a new primary payment method |
|
API Keys (Users screen) | API Keys All Read | This permission allows you to view API keys that have been created. |
|
API Keys (Users screen) | API Keys All Delete | This permission allows you to delete an API key. |
|
API Keys (Users screen) | API Keys Self Manange | This permission allows you to create an API key. |
|
Activity | View Account Activity | This permission allows you to view the account activity for your users. |
|
Sub-Accounts | View Sub-Accounts | This permission allows you to view the Sub-Accounts screen |
|
Sub-Accounts | Write Sub-Accounts | This permission allows you to create and update sub-accounts. |
|
General Permissions
Screen | Permission | Description | Product Compatibility |
|---|---|---|---|
Not applicable | Read Entity Metadata | This permission allows you to view optional notes and tags that have been added to various AMP resources, such as a note added to a virtual machine. |
|
Not applicable | Write Entity Metadata | This permission allows you to add, update, and delete optional notes and tags to various AMP resource, such as adding a note to a virtual machine. |
|
Not applicable | Read Documentation | This permissions allows you to view documentation related to a particular product or screen, via the Help icon in the top right corner of the AMP screen (where applicable). |
|
At a minimum, users must have the following Permission assigned to their account to access AMP:
Update Personal Identity
Users without this Permission will immediately be signed out of AMP upon login.