The following table lists all the role privileges available in the Enterprise portal.
The columns in the table indicate the following:
- Allow Privilege – Do the roles have allow access?
- Deny Privilege – Do the roles have deny access?
- Customizable – Is the role privilege available for customization in the Role Customization window?
| Navigation Path in the Enterprise Portal | Name of the Tab | Elements in the Tab | Name of the Role Privilege | Description | Allow Privilege | Deny Privilege | Customizable |
|---|---|---|---|---|---|---|---|
| Monitor > Edges > Select Edge | Overview | ||||||
| Top Sources | View Edge Sources | Grants ability to view Monitor Edge Sources tab | Yes | Yes | Yes | ||
| Read Edge | Grants ability to view and manage Edge objects and their properties in general | Yes | No | No | |||
| View User Identifiable Flow Stats | Grants ability to view potentially user identifiable flow source attributes | Yes | Yes | Yes | |||
| Top Applications Top Categories Top Operating Systems Top Sources |
Read Edge | Grants ability to view and manage Edge objects and their properties in general | Yes | No | No | ||
| View Flow Stats | Grants ability to view collected flow statistics | Yes | Yes | Yes | |||
| Sources | Read Edge | Grants ability to view and manage Edge objects and their properties in general | Yes | No | No | ||
| View Edge Sources | Grants ability to view Monitor Edge Sources tab | Yes | Yes | Yes | |||
| Devices | View User Identifiable Flow Stats | Grants ability to view potentially user identifiable flow source attributes | Yes | Yes | Yes | ||
| Create Client Device | Controls visibility to unique identifiers (IP or MAC address) of LAN-side client devices | Yes | No | No | |||
| Read Client Device | |||||||
| Change Hostname | Update Client Device | ||||||
| Delete Client Device | |||||||
| Manage Client Device | |||||||
| Operating Systems | Create Client User | Controls visibility to potentially Personal Identifiable Information(PII) in flow statistics | Yes | No | No | ||
| Read Client User | |||||||
| Update Client User | |||||||
| Delete Client User | |||||||
| Manage Client User | |||||||
| Applications Sources Destinations | Read Edge | Grants ability to view and manage Edge objects and their properties in general | Yes | No | No | ||
| View Flow Stats | Grants ability to view collected flow statistics | Yes | Yes | Yes | |||
| Events from this Edge | Read Customer Event | Grants ability to view customer level events | Yes | No | No | ||
| Remote Actions | Read Remote Actions | Grants access to view and execute remote actions | No | Yes | Yes | ||
| Remote Actions Generate Diagnostic Bundle Remote Diagnostics | Read Diagnostics | Controls creation of and access to diagnostics bundles, both Edge and Gateway. Combine with Edge and Gateway privileges to control access to each type individually | Yes | Yes | Yes | ||
| Generate Diagnostic Bundle | Create Diagnostic Bundle | No | Yes | Yes | |||
| Remote Diagnostics | Read Remote Diagnostics | Privilege granting access to view and execute remote diagnostics | No | Yes | Yes | ||
| Monitor | Edges | Read Edge | Grants ability to view and manage Edge objects and their properties in general | Yes | No | No | |
| Edge Cluster | Read Edge Cluster | Controls the ability to create and configure Edge Clusters | No | Yes | Yes | ||
| Network Services | Read Network Service | Grants ability to view and manage services with the Network Services configuration block | Yes | No | No | ||
| Non SD-WAN Destinations via Gateway Non SD-WAN Destinations via Edge | Read Customer Event | Grants ability to view customer level events | Yes | No | No | ||
| Non SD-WAN Destinations via Gateway Non SD-WAN Destinations via Edge | Read Non SD-WAN Destination via Gateway | Grants ability to view and manage Non SD-WAN Destinations via Gateway and Non SD-WAN Destinations via Edge | No | Yes | Yes | ||
| BGP Gateway Neighbor State | Read Network Service | Grants ability to view and manage services with the Network Services configuration block | Yes | No | No | ||
| BGP Edge Neighbor State | Read Edge | Grants ability to view and manage Edge objects and their properties in general | Yes | No | No | ||
| Edge VNFs | Read VNF Network Service | Grants ability to manage VNF Network Services | No | Yes | Yes | ||
| Edge Cluster | Read Edge Cluster | Controls the ability to create and configure Edge Clusters | No | Yes | Yes | ||
| Routing | Read Network Addressing | Grants ability to view and manage address block configuration in the legacy Network profile mode | Yes | No | No | ||
| Read Edge | Grants ability to view and manage Edge objects and their properties in general | Yes | No | No | |||
| View Customer Routing | Grants ability to view the customer Routing | Yes | No | No | |||
| Alerts | Create Customer Alert | Grants ability to view and manage customer alert configuration and generated alerts | Yes | No | No | ||
| Read Customer Alert | Yes | Yes | |||||
| Update Customer Alert | |||||||
| Delete Customer Alert | No | No | |||||
| Manage Customer Alert | |||||||
| Events | Create Customer Event | Grants ability to view customer level events | Yes | No | No | ||
| Read Customer Event | |||||||
| Update Customer Event | |||||||
| Delete Customer Event | |||||||
| Manage Customer Event | |||||||
| Reports | Update Customer | Grants ability to view and manage Customers, from the Partner or Operator level | Yes | Yes | Yes | ||
| Read Customer | No | No | |||||
| Firewall | Firewall Logging | View Firewall Logs | Grants ability to view collected firewall logs | Yes | Yes | Yes | |
| Read Edge | Grants ability to view and manage Edge objects and their properties in general | Yes | No | No | |||
| Read Customer Event | Grants ability to view customer level events | Yes | No | No | |||
| Configure > Edges > Select Edge | Edge Overview | Edge Overview | Controls ability to view or modify Edge overview page | No | Yes | Yes | |
| Properties | Create Edge Overview Properties | Controls ability to view or change items within the properties section of the Edge overview page | No | Yes | Yes | ||
| Read Edge Overview Properties | No | No | |||||
| Update Edge Overview Properties | Yes | Yes | |||||
| Delete Edge Overview Properties | |||||||
| Name | Read Edge Overview Properties Name | Controls ability to view or change Edge name on the Edge overview page | No | Yes | Yes | ||
| Update Edge Overview Properties Name | |||||||
| Description | Read Edge Overview Properties Description | Controls ability to view or change Edge description on the Edge overview page | No | Yes | Yes | ||
| Update Edge Overview Properties Description | |||||||
| Enable Alerts | Read Edge Overview Properties Enable Alerts | Controls ability to view or change Edge alert configuration on the Edge overview page | No | Yes | Yes | ||
| Update Edge Overview Properties Enable Alerts | |||||||
| Authentication Mode | Read Edge Overview Properties Auth Mode | Controls ability to view or change Edge PKI configuration on the Edge overview page | No | Yes | Yes | ||
| Update Edge Overview Properties Auth Mode | |||||||
| Read Customer PKI | Grants ability to view and manage enterprise PKI settings | Yes | No | No | |||
| Update Customer PKI | |||||||
| Serial Number | Read Edge Overview Properties Serial Number | Controls ability to view or change Edge serial number, prior to activation, on the Edge overview page | No | Yes | Yes | ||
| Update Edge Overview Properties Serial Number | |||||||
| Generate New Activation Key | Read Edge Overview Properties Activation Expiration | Controls ability to view or change the activation key expiration period on the Edge overview page | No | Yes | Yes | ||
| Update Edge Overview Properties Activation Expiration | |||||||
| Send Activation Email button | Create Edge Overview Properties Activation Email | Controls ability to generate an activation email on the Edge overview page | No | Yes | Yes | ||
| Read Edge Overview Properties Activation Email | |||||||
| Local Credentials | Read Overview Properties Local Credentials | Grants ability to view and configure Edge local credentials | No | Yes | Yes | ||
| Update Overview Properties Local Credentials | |||||||
| View | Read Edge | Grants ability to view and manage Edge objects and their properties in general | Yes | No | No | ||
| Update Edge | |||||||
| Read Customer Keys | Grants ability to view and manage enterprise security keys such as Edge administrator credentials and IPSEC keys | Yes | Yes | Yes | |||
| Update Customer Keys | |||||||
| License | Read License | Grants ability to view and manage Edge licensing | Yes | Yes | Yes | ||
| Update License | |||||||
| Profile | Create Edge Overview Profile | Controls visibility and control of Edges assigned profile on the Edge overview page | No | Yes | Yes | ||
| Read Edge Overview Profile | No | No | |||||
| Update Edge Overview Profile | Yes | Yes | |||||
| Delete Edge Overview Profile | |||||||
| Assign Edge Profile | Grants ability to assign profiles to Edges | No | Yes | Yes | |||
| RMA Reactivation | Create Edge | Grants ability to view and manage Edge objects and their properties in general | Yes | Yes | Yes | ||
| Device | |||||||
| Authentication Settings | Create Edge Device Authentication Settings | Controls ability to view or change Edge Device Authentication Settings | No | Yes | Yes | ||
| Read Edge Device Authentication Settings | |||||||
| Update Edge Device Authentication Settings | |||||||
| Delete Edge Device Authentication Settings | |||||||
| DNS Settings | Update Edge Device DNS Settings | Controls ability to view or change Edge Device DNS Settings | No | Yes | Yes | ||
| Netflow Settings | Create Edge Device Netflow Settings | Controls ability to view or change Edge Device Netflow Settings | No | Yes | Yes | ||
| Read Edge Device Netflow Settings | |||||||
| Update Edge Device Netflow Settings | |||||||
| Delete Edge Device Netflow Settings | |||||||
| LAN-Side NAT Rules | Update Edge Device LAN-Side NAT Rules | Controls ability to view or change Edge Device LAN-Side NAT Rules | No | Yes | Yes | ||
| Voice Quality Monitoring Settings | Read Edge Device VQM Settings | Controls ability to view or change Edge Device VQM Settings | No | Yes | Yes | ||
| Update Edge Device VQM Settings | |||||||
| Syslog Settings | Read Edge Device Syslog Settings | Controls ability to view or change Edge Device Syslog Settings | No | Yes | Yes | ||
| Update Edge Device Syslog Settings | |||||||
| Static Route Settings | Update Edge Device Static Route Settings | Controls ability to view or change Edge Device Static Route Settings | No | Yes | Yes | ||
| ICMP Probes | Read Edge Device ICMP Probes | Controls ability to view or change Edge Device ICMP Probes | No | Yes | Yes | ||
| Update Edge Device ICMP Probes | |||||||
| ICMP Responders | Read Edge Device ICMP Responders | Controls ability to view or change Edge Device ICMP Responders | No | Yes | Yes | ||
| Update Edge Device ICMP Responders | |||||||
| VRRP Settings | Update Edge Device VRRP Settings | Controls ability to view or change Edge Device VRRP Settings | No | Yes | Yes | ||
| Cloud VPN | Read Edge Device Cloud VPN | Controls ability to view or change Edge Device Cloud VPN | No | Yes | Yes | ||
| Update Edge Device Cloud VPN | |||||||
| BFD Rules | Update Edge Device BFD Rules | Controls ability to view or change Edge Device BFD Rules | No | Yes | Yes | ||
| BGP Settings | Read Edge Device BGP Settings | Controls ability to view or change Edge Device BGP Settings | No | Yes | Yes | ||
| Update Edge Device BGP Settings | |||||||
| Multicast Settings | Read Edge Device Multicast Settings | Controls ability to view or change Edge Device Multicast Settings | No | Yes | Yes | ||
| Update Edge Device Multicast Settings | |||||||
| Cloud Security Service | Read Edge Device Cloud Security Service | Controls ability to view or change Edge Device Cloud Security Service | No | Yes | Yes | ||
| Update Edge Device Cloud Security Service | |||||||
| Gateway Handoff Assignment | Update Edge Device Gateway Handoff Assignment | Controls ability to view or change Edge Device Gateway Handoff Assignment | No | Yes | Yes | ||
| High Availability | Create Edge Device High Availability | Controls ability to view or change Edge Device High Availability | No | Yes | Yes | ||
| Read Edge Device High Availability | |||||||
| Update Edge Device High Availability | |||||||
| Delete Edge Device High Availability | |||||||
| Enable HA Standby Pair | Grants ability to configure standby HA | No | Yes | Yes | |||
| Enable HA Cluster | Grants ability to configure HA Clustering | No | Yes | Yes | |||
| Enable HA VRRP Pair | Grants ability to configure VRRP HA | No | Yes | Yes | |||
| Configure VLAN | Read Edge Device Settings | Controls ability to view or change Edge Device Settings | No | Yes | Yes | ||
| Management IP | Read Edge Device Management IP | Controls ability to view or change Edge Device Management IP | No | Yes | Yes | ||
| Update Edge Device Management IP | |||||||
| Device Settings | Create Edge Device Settings | Controls ability to view or change Edge Device Settings | No | Yes | Yes | ||
| Read Edge Device Settings | |||||||
| Update Edge Device Settings | |||||||
| Delete Edge Device Settings | |||||||
| Interface Settings | Update Edge Device Interface Settings | Controls ability to view or change Edge Device Interface Settings | No | Yes | Yes | ||
| WAN Settings | Update Edge Device WAN Settings | Controls ability to view or change Edge Device WAN Settings | No | Yes | Yes | ||
| Security VNF | Update Edge Device Security VNF | Controls ability to view or change Edge Device Security VNF | No | Yes | Yes | ||
| Wi-Fi Radio Settings | Create Edge Device Wi-Fi Settings | Controls ability to view or change Edge Device Wi-Fi Settings | No | Yes | Yes | ||
| Read Edge Device Wi-Fi Settings | |||||||
| Update Edge Device Wi-Fi Settings | |||||||
| Delete Edge Device Wi-Fi Settings | |||||||
| Multi-Source QoS | Read Edge Device Cloud VPN QoS Settings | Controls ability to view or change Edge Device Cloud VPN QoS Settings | No | Yes | Yes | ||
| Update Edge Device Cloud VPN QoS Settings | |||||||
| TACACS Settings | Create Network Service | Grants ability to view and manage services with the Network Services configuration block | Yes | Yes | Yes | ||
| Read Network Service | No | No | |||||
| Update Network Service | Yes | Yes | |||||
| Delete Network Service | |||||||
| Create Customer Keys | Grants ability to view and manage enterprise security keys such as Edge administrator credentials and IPSEC keys | Yes | Yes | Yes | |||
| Read Customer Keys | |||||||
| Update Customer Keys | |||||||
| Delete Customer Keys | |||||||
| Manage Customer Keys | No | No | |||||
| L2 Settings | Update Edge Device L2 Settings | Controls ability to view or change Edge Device L2 Settings | No | Yes | Yes | ||
| SNMP Settings | Create Edge Device SNMP Settings | Controls ability to view or change Edge Device SNMP Settings | No | Yes | Yes | ||
| Read Edge Device SNMP Settings | |||||||
| Update Edge Device SNMP Settings | |||||||
| Delete Edge Device SNMP Settings | |||||||
| NTP | Read Edge Device NTP Settings | Controls ability to view or change Edge Device NTP Settings | No | Yes | Yes | ||
| Update Edge Device NTP Settings | |||||||
| Visibility Mode | Update Edge Device Config Visibility Mode | Controls ability to view or change Edge Device Config Visibility Mode | No | Yes | Yes | ||
| Analytics Settings | Read Edge | Grants ability to view and manage Edge objects and their properties in general | Yes | No | No | ||
| Update Edge | |||||||
| Business Policy | Edge Business Policy | Controls ability to view or change Edge business policy page | No | Yes | Yes | ||
| SD-WAN Overlay Rate Limit | Read Edge Business Policy Rate Limit | Controls the ability to read and update the rate limiting business policy feature | No | Yes | Yes | ||
| Update Edge Business Policy Rate Limit | |||||||
| SD-WAN Overlay Rate Limit SD-WAN Traffic Class and Weight Mapping | Read Edge | Grants ability to view and manage Edge objects and their properties in general | Yes | No | No | ||
| Read Customer Profile | Grants ability to view and edit enterprise configuration profiles | Yes | Yes | Yes | |||
| Firewall | Edge Firewall | Controls ability to view or change Edge firewall page | No | Yes | Yes | ||
| Firewall Logging Syslog Forwarding Stateful Firewall | Configure Edge Firewall Logging | Grants ability to configure Edges level firewall logging | No | Yes | Yes | ||
| Firewall Logging | View Firewall Logs | Grants ability to view collected firewall logs | Yes | Yes | Yes | ||
| Read Edge | Grants ability to view and manage Edge objects and their properties in general | Yes | No | No | |||
| Syslog Forwarding | View Syslog Forwarding | Grants ability to see Syslog forwarding | No | Yes | Yes | ||
| Read Edge | Grants ability to view and manage Edge objects and their properties in general | Yes | No | No | |||
| Stateful Firewall Settings Network & Flood Protection Settings Edge Access | Create Edge Firewall Edge Access | Privilege granting or denying visibility and control of an Edges Stateful Firewall Settings, Network & Flood Protection Settings and Edge Access on the Edge firewall page | No | Yes | Yes | ||
| Read Edge Firewall Edge Access | |||||||
| Update Edge Firewall Edge Access | |||||||
| Delete Edge Firewall Edge Access | |||||||
| Events from this Edge | Read Customer Event | Grants ability to view customer level events | Yes | No | No | ||
| Remote Actions | Read Remote Actions | Privilege granting access to view and execute remote actions | No | Yes | Yes | ||
| Remote Actions Generate Diagnostic Bundle Remote Diagnostics | Read Diagnostics | Controls creation of and access to diagnostics bundles, both Edge and Gateway. Combine with Edge and Gateway privileges to control access to each type individually | Yes | Yes | Yes | ||
| Generate Diagnostic Bundle | Create Diagnostic Bundle | No | Yes | Yes | |||
| Remote Diagnostics | Read Remote Diagnostics | Grants access to view and execute remote diagnostics | No | Yes | Yes | ||
| Configure > Profiles > Select Profile | Profile Overview | Profile Overview | Controls ability to view or change profile overview page | No | Yes | Yes | |
| Description | Create Profile Overview Description | Controls ability to view or change Profile Overview Description | No | Yes | Yes | ||
| Read Profile Overview Description | No | No | |||||
| Update Profile Overview Description | Yes | Yes | |||||
| Delete Profile Overview Description | |||||||
| Local Credentials | Read Overview Properties Local Credentials | Grants ability to view and configure Edge local credentials | No | Yes | Yes | ||
| Update Overview Properties Local Credentials | |||||||
| Device | |||||||
| Authentication Settings | Create Profile Device Authentication Settings | Controls ability to view or change Profile Device Authentication Settings | No | Yes | Yes | ||
| Read Profile Device Authentication Settings | |||||||
| Update Profile Device Authentication Settings | |||||||
| Delete Profile Device Authentication Settings | |||||||
| DNS Settings | Update Profile Device DNS Settings | Controls ability to view or change Profile Device DNS Settings | No | Yes | Yes | ||
| Netflow Settings | Create Profile Device Netflow Settings | Controls ability to view or change Profile Device Netflow Settings | No | Yes | Yes | ||
| Read Profile Device Netflow Settings | |||||||
| Update Profile Device Netflow Settings | |||||||
| Delete Profile Device Netflow Settings | |||||||
| LAN-Side NAT Rules | Update Profile Device LAN-Side NAT Rules | Controls ability to view or change Profile Device LAN-Side NAT Rules | No | Yes | Yes | ||
| Voice Quality Monitoring Settings | Read Profile Device VQM Settings | Controls ability to view or change Profile Device VQM Settings | No | Yes | Yes | ||
| Update Profile Device VQM Settings | |||||||
| Syslog Settings | Read Profile Device Syslog Settings | Controls ability to view or change Profile Device Syslog Settings | No | Yes | Yes | ||
| Update Profile Device Syslog Settings | |||||||
| Cloud VPN | Read Profile Device Cloud VPN | Controls ability to view or change Profile Device Cloud VPN | No | Yes | Yes | ||
| Update Profile Device Cloud VPN | |||||||
| BFD Rules | Update Profile Device BFD Rules | Controls ability to view or change Profile Device BFD Rules | No | Yes | Yes | ||
| OSPF Areas | Read Profile Device OSPF Settings | Controls ability to view or change Profile Device OSPF Settings | No | Yes | Yes | ||
| Update Profile Device OSPF Settings | |||||||
| BGP Settings | Read Profile Device BGP Settings | Controls ability to view or change Profile Device BGP Settings | No | Yes | Yes | ||
| Update Profile Device BGP Settings | |||||||
| Multicast Settings | Read Profile Device Multicast Settings | Controls ability to view or change Profile Device Multicast Settings | No | Yes | Yes | ||
| Update Profile Device Multicast Settings | |||||||
| Cloud Security Service | Read Profile Device Cloud Security Service | Controls ability to view or change Profile Device Cloud Security Service | No | Yes | Yes | ||
| Update Profile Device Cloud Security Service | |||||||
| Gateway Handoff Assignment | Update Profile Device Gateway Handoff Assignment | Controls ability to view or change Profile Device Gateway Handoff Assignment | No | Yes | Yes | ||
| Configure VLAN | Read Profile Device Settings | Controls ability to view or change Profile Device Settings | No | Yes | Yes | ||
| Management IP | Read Profile Device Management IP | Controls ability to view or change Profile Device Management IP | No | Yes | Yes | ||
| Update Profile Device Management IP | |||||||
| Device Settings | Create Profile Device Settings | Controls ability to view or change Profile Device Settings | No | Yes | Yes | ||
| Read Profile Device Settings | |||||||
| Update Profile Device Settings | |||||||
| Delete Profile Device Settings | |||||||
| Interface Settings | Update Profile Device Interface Settings | Controls ability to view or change Profile Device Interface Settings | No | Yes | Yes | ||
| Wi-Fi Radio Settings | Create Profile Device Wi-Fi Settings | Controls ability to view or change Profile Device Wi-Fi Settings | No | Yes | Yes | ||
| Read Profile Device Wi-Fi Settings | |||||||
| Update Profile Device Wi-Fi Settings | |||||||
| Delete Profile Device Wi-Fi Settings | |||||||
| L2 Settings | Update Profile Device L2 Settings | Controls ability to view or change Profile Device L2 Settings | No | Yes | Yes | ||
| Multi-Source QoS | Read Profile Device Cloud VPN QoS Settings | Controls ability to view or change Profile Device Cloud VPN QoS Settings | No | Yes | Yes | ||
| Update Profile Device Cloud VPN QoS Settings | |||||||
| SNMP Settings | Create Profile Device SNMP Settings | Controls ability to view or change Profile Device SNMP Settings | No | Yes | Yes | ||
| Read Profile Device SNMP Settings | |||||||
| Update Profile Device SNMP Settings | |||||||
| Delete Profile Device SNMP Settings | |||||||
| NTP | Read Profile Device NTP Settings | Controls ability to view or change Profile Device NTP Settings | No | Yes | Yes | ||
| Update Profile Device NTP Settings | |||||||
| Visibility Mode | Update Profile Device Config Visibility Mode | Controls ability to view or change Profile Device Config Visibility Mode | No | Yes | Yes | ||
| Analytics Settings | Read Profile Device Analytics Settings | Controls ability to view or change Profile Device Analytics Settings | No | Yes | Yes | ||
| Update Profile Device Analytics Settings | |||||||
| Create Profile Device Network Settings | Controls ability to view or change Profile Device Network Settings | No | Yes | Yes | |||
| Read Profile Device Network Settings | |||||||
| Update Profile Device Network Settings | |||||||
| Delete Profile Device Network Settings | |||||||
| Business Policy | Profile Business Policy | Controls ability to view or change profile business policy page | No | Yes | Yes | ||
| SD-WAN Overlay Rate Limit | Read Profile Business Policy Rate Limit | Controls the ability to read and update the rate limiting business policy feature | No | Yes | Yes | ||
| Update Profile Business Policy Rate Limit | |||||||
| Firewall | Profile Firewall | Controls ability to view or change profile firewall page | No | Yes | Yes | ||
| Firewall Logging Syslog Forwarding Stateful Firewall | Configure Profile Firewall Logging | Grants ability to configure profile level firewall logging | No | Yes | Yes | ||
| Firewall Logging | View Firewall Logs | Grants ability to view collected firewall logs | Yes | Yes | Yes | ||
| Read Edge | Grants ability to view and manage Edge objects and their properties in general | Yes | No | No | |||
| Syslog Forwarding | View Syslog Forwarding | Grants ability to see Syslog forwarding | No | Yes | Yes | ||
| Read Edge | Grants ability to view and manage Edge objects and their properties in general | Yes | No | No | |||
| Stateful Firewall Settings Network & Flood Protection Settings Edge Access | Create Edge Firewall Edge Access | Controls visibility and control of Stateful Firewall Settings, Network & Flood Protection Settings, and Edge Access on the profile firewall page | No | Yes | Yes | ||
| Read Edge Firewall Edge Access | No | No | |||||
| Update Edge Firewall Edge Access | Yes | Yes | |||||
| Delete Edge Firewall Edge Access | |||||||
| Configure | Edges | Create Edge | Grants ability to view and manage Edge objects and their properties in general | Yes | Yes | Yes | |
| Read Edge | No | No | |||||
| Update Edge | |||||||
| Delete Edge | Yes | Yes | |||||
| Manage Edge | No | No | |||||
| Read Customer Profile | Grants ability to view and edit enterprise configuration profiles | Yes | Yes | Yes | |||
| New Edge > | Authentication | Create Customer PKI | Grants ability to view and manage enterprise PKI settings | Yes | No | No | |
| Select Edge/Edges > | Local Credentials | Read Overview Properties Local Credentials | Grants ability to view and configure Edge local credentials | No | Yes | Yes | |
| Update Overview Properties Local Credentials | |||||||
| Select Edge/Edges > | Assign Profile | Assign Edge Profile | Grants ability to assign profiles to Edges | No | Yes | Yes | |
| Select Edge/Edges > | Update Pre-Notifications | Update Edge Overview Properties Enable Alerts | Controls ability to view or change Edge alert configuration on the Edge overview page | No | Yes | Yes | |
| Select Edge/Edges > | Assign Edge License | ||||||
| Select Edge/Edges > | Update Customer Alerts | ||||||
| Edge Cluster | Read Edge Cluster | Grants ability to view Edge clusters | No | Yes | Yes | ||
| Create Cloud Edge | Create DMZ Gateway | Grants ability to create DMZ Gateways | No | Yes | Yes | ||
| Profiles | Create Customer Profile | Grants ability to view and edit enterprise configuration profiles | Yes | Yes | Yes | ||
| Read Customer Profile | |||||||
| Update Customer Profile | |||||||
| Delete Customer Profile | |||||||
| Manage Customer Profile | No | No | |||||
| Duplicate Profile | Duplicate Customer Profile | Grants ability to edit duplicate customer level profiles | No | Yes | Yes | ||
| Create Profile | Grants access to view and manage profiles at any level | No | Yes | Yes | |||
| Read Profile | |||||||
| Update Profile | |||||||
| Delete Profile | |||||||
| Object Groups | Create Object Group | Grants ability to manage Object Group | Yes | Yes | Yes | ||
| Read Object Group | |||||||
| Update Object Group | |||||||
| Delete Object Group | |||||||
| Manage Object Group | No | No | |||||
| Read Customer Profile | Grants ability to view and edit enterprise configuration profiles | Yes | Yes | Yes | |||
| Segments/Networks | Create Network Addressing | Grants ability to view and manage address block configuration in the legacy Network profile mode | Yes | Yes | Yes | ||
| Read Network Addressing | No | No | |||||
| Update Network Addressing | Yes | Yes | |||||
| Delete Network Addressing | |||||||
| Manage Network Addressing | No | No | |||||
| Create Customer Segment | Grants ability to view and manage the creation of segments and their assignment to configuration profiles | No | Yes | Yes | |||
| Read Customer Segment | |||||||
| Update Customer Segment | |||||||
| Delete Customer Segment | |||||||
| Overlay Flow Control | Create Overlay Flow Control | Grants ability to view and manage data and configuration presented on the Overlay Flow Control page | No | Yes | Yes | ||
| Read Overlay Flow Control | |||||||
| Update Overlay Flow Control | |||||||
| Delete Overlay Flow Control | |||||||
| Read Customer Profile | Grants ability to view and edit enterprise configuration profiles | Yes | Yes | Yes | |||
| Update Customer Profile | |||||||
| Network Services | Create Network Service | Grants ability to view and manage services with the Network Services configuration block | Yes | Yes | Yes | ||
| Read Network Service | No | No | |||||
| Update Network Service | Yes | Yes | |||||
| Delete Network Service | |||||||
| Manage Network Service | No | No | |||||
| Create Customer Keys | Grants ability to view and manage enterprise security keys such as Edge administrator credentials and IPSEC keys | Yes | Yes | Yes | |||
| Read Customer Keys | |||||||
| Update Customer Keys | |||||||
| Read Customer Profile | Grants ability to view and edit enterprise configuration profiles | Yes | Yes | Yes | |||
| Edge Cluster | Create Edge Cluster | Controls the ability to create and configure Edge Clusters | No | Yes | Yes | ||
| Read Edge Cluster | |||||||
| Update Edge Cluster | |||||||
| Delete Edge Cluster | |||||||
| Cloud VPN Hubs | Create VPN Hub Network Service | Grants ability to manage VPN Hubs as Network Services | No | Yes | Yes | ||
| Read VPN Hub Network Service | |||||||
| Update VPN Hub Network Service | |||||||
| Delete VPN Hub Network Service | |||||||
| Non SD-WAN Destinations via Gateway Non SD-WAN Destinations via Edge | Create Non SD-WAN Destination via Gateway | Grants ability to view and manage Non SD-WAN Destinations via Gateway and Non SD-WAN Destinations via Edge | No | Yes | Yes | ||
| Read Non SD-WAN Destination via Gateway | |||||||
| Update Non SD-WAN Destination via Gateway | |||||||
| Delete Non SD-WAN Destination via Gateway | |||||||
| Cloud Security Service | Create Cloud Security Service | Controls creation and configuration of third party cloud security services to which the traffic can be steered by business policy | No | Yes | Yes | ||
| Read Cloud Security Service | |||||||
| Update Cloud Security Service | |||||||
| Delete Cloud Security Service | |||||||
| VNFs | Create VNF Network Service | Grants ability to manage VNF Network Services | No | Yes | Yes | ||
| Read VNF Network Service | |||||||
| Update VNF Network Service | |||||||
| Delete VNF Network Service | |||||||
| VNF Licenses | Create VNF License Network Service | Grants ability to manage VNF licenses with Network Services | No | Yes | Yes | ||
| Read VNF License Network Service | |||||||
| Update VNF License Network Service | |||||||
| Delete VNF License Network Service | |||||||
| DNS Services | Create DNS Network Service | Controls the ability to create and configure DNS services for use in profiles | No | Yes | Yes | ||
| Read DNS Network Service | |||||||
| Update DNS Network Service | |||||||
| Delete DNS Network Service | |||||||
| Private Network Names | Create Private Network Name Network Service | Grants ability to manage Private Network Name with Network Services | No | Yes | Yes | ||
| Read Private Network Name Network Service | |||||||
| Update Private Network Name Network Service | |||||||
| Delete Private Network Name Network Service | |||||||
| Authentication Services | Create Authentication Service | Controls the creation and configuration of hosted 802.1x service providing LAN-side user authentication | No | Yes | Yes | ||
| Read Authentication Service | |||||||
| Update Authentication Service | |||||||
| Delete Authentication Service | |||||||
| TACACS Services | Create Network Service | Grants ability to view and manage services with the Network Services configuration block | Yes | Yes | Yes | ||
| Read Network Service | No | No | |||||
| Update Network Service | Yes | Yes | |||||
| Delete Network Service | |||||||
| Create Customer Keys | Grants ability to view and manage enterprise security keys such as Edge administrator credentials and IPSEC keys | Yes | Yes | Yes | |||
| Read Customer Keys | |||||||
| Update Customer Keys | |||||||
| Delete Customer Keys | |||||||
| Manage Customer Keys | No | No | |||||
| Cloud Subscriptions | Create Cloud Subscription Service | Grants ability to view and manage the configuration of access to IAAS providers, such as Azure, AWS and Google Cloud | No | Yes | Yes | ||
| Read Cloud Subscription Service | |||||||
| Update Cloud Subscription Service | |||||||
| Delete Cloud Subscription Service | |||||||
| Alerts & Notifications | Read Customer Alert Notification | Grants ability to view and manage customer alert configuration | No | Yes | Yes | ||
| Create Customer Alert | Grants ability to view and manage customer alert configuration and generated alerts | Yes | No | No | |||
| Read Customer Alert | Yes | Yes | |||||
| Update Customer Alert | |||||||
| Delete Customer Alert | No | No | |||||
| Manage Customer Alert | |||||||
| SMS Alert | Update Customer SMS Alert | Grants ability to configure SMS alerts at the customer level | No | Yes | Yes | ||
| Customer | Update Enterprise | Grants ability to view and manage Customers, from the Partner or Operator level | Yes | Yes | Yes | ||
| Other Settings | Read User Agreement | Privilege granting access to configure the customer user agreement feature | Yes | No | No | ||
| Update User Agreement | |||||||
| Test & Troubleshoot | Read Diagnostics | Controls creation of and access to diagnostics bundles, both Edge and Gateway. Combine with Edge and Gateway privileges to control access to each type individually | Yes | Yes | Yes | ||
| Remote Diagnostics | Create Remote Diagnostics | Grants access to view and execute remote diagnostics | No | No | No | ||
| Read Remote Diagnostics | Yes | Yes | |||||
| Update Remote Diagnostics | No | No | |||||
| Delete Remote Diagnostics | |||||||
| Manage Remote Diagnostics | Yes | Yes | |||||
| Gateway | Remote Cloud Traffic Routing | No | Yes | Yes | |||
| Reset USB Modem | Remote Reset USB Modem | Grants ability to execute the Edge USB modem reset remote action | No | Yes | Yes | ||
| Scan for nearby Wi-Fi | Remote Scan for Wi-Fi Access Points | Grants ability to execute the Edge Wi-Fi scan remote action | No | Yes | Yes | ||
| VPN Test | Remote VPN Test | Grants ability to execute the Edge VPN test remote action | No | Yes | Yes | ||
| Remote Actions | Create Remote Actions | Grants access to view and execute remote actions | No | Yes | Yes | ||
| Read Remote Actions | |||||||
| Update Remote Actions | |||||||
| Delete Remote Actions | |||||||
| Select Edge > Shutdown button | Shutdown Edge | Grants ability to execute the Edge shutdown remote action | No | Yes | Yes | ||
| Select Edge > Deactivate button | Deactivate Edge | Grants ability to execute the deactivate Edge remote action | No | Yes | Yes | ||
| Diagnostic Bundles/Packet Capture | Create Diagnostics | Controls creation of and access to diagnostics bundles, both Edge and Gateway. Combine with Edge and Gateway privileges to control access to each type individually | Yes | Yes | Yes | ||
| Read Diagnostics | |||||||
| Update Diagnostics | |||||||
| Delete Diagnostics | |||||||
| Manage Diagnostics | No | No | |||||
| Request Diagnostic Bundle | Create Diagnostic Bundle | Grants ability to view and request Diagnostic bundles as part of remote diagnostics functionality | No | Yes | Yes | ||
| Diagnostic Bundles/Packet Capture | 404 resource not found page * |
Read Diagnostic Bundle | |||||
| Update Diagnostic Bundle | |||||||
| Delete Diagnostic Bundle | Delete Diagnostic Bundle | ||||||
| Request PCAP Bundle | Create PCAP Bundle | Grants ability to view and request PCAP bundles as part of remote diagnostics functionality | No | Yes | Yes | ||
| Diagnostic Bundles/Packet Capture | 404 resource not found page * | Read PCAP Bundle | |||||
| Update PCAP Bundle | No | No | |||||
| Delete PCAP Bundle | Yes | Yes | |||||
| Diagnostic Bundles/Packet Capture | 404 resource not found page * | Manage PCAP Bundle | |||||
| Download Diagnostic Bundle | Download Edge Diagnostics | Grants ability to download Edge Diagnostics | No | Yes | Yes | ||
| Administration | |||||||
| System Settings | Read Customer Delegation | Grants ability to view and manage the delegation of privileges from the customer to Partners or the Operator | Yes | Yes | Yes | ||
| General Information > | General Information | Read Customer General Information | Controls visibility and control of Customer General Information on the System Settings General Information page | No | Yes | Yes | |
| Update Customer General Information | |||||||
| Default Edge Authentication | Read Customer PKI | Grants ability to view and manage enterprise PKI settings | Yes | No | No | ||
| Update Customer PKI | |||||||
| Edge Configuration | Read Customer Edge Settings | Controls visibility and control of Customer Edge Settings on the System Settings General Information page | No | Yes | Yes | ||
| Update Customer Edge Settings | |||||||
| Privacy Settings | Read Customer Privacy Settings | Controls visibility and control of Customer Privacy Settings on the System Settings General Information page | No | Yes | Yes | ||
| Update Customer Privacy Settings | |||||||
| Privacy Settings > Enforce PCI | Update Customer User | Grants ability to view and manage Customer administrators | Yes | Yes | Yes | ||
| Contact Information | Read System Settings Contact Info | Controls visibility and control of System Settings Contact Info on the System Settings General Information page | No | Yes | Yes | ||
| Update System Settings Contact Info | |||||||
| Authentication | Create Customer Authentication | Grants ability to view and manage customer authentication mode, for example SSO, Radius or Native | Yes | Yes | Yes | ||
| Read Customer Authentication | |||||||
| Update Customer Authentication | |||||||
| Delete Customer Authentication | |||||||
| Manage Customer Authentication | |||||||
| API Tokens | Read Customer Token | Grants ability to view and manage authentication tokens at the Customer level | Yes | No | No | ||
| Update Customer Token | |||||||
| Administrators | Create Customer User | Grants ability to view and manage Customer administrators | Yes | Yes | Yes | ||
| Read Customer User | |||||||
| Update Customer User | |||||||
| Delete Customer User | |||||||
| Manage Customer User | No | No | |||||
| Select Enterprise User > | API Tokens | Create Customer Token | Grants ability to view and manage authentication tokens at the Customer level | Yes | No | No | |
| Read Customer Token | |||||||
| Update Customer Token | |||||||
| Delete Customer Token | |||||||
| Manage Customer Token | |||||||
| Role Customization | Create Role Customization Package | Grants access to manage role customization packages | Yes | No | No | ||
| Read Role Customization Package | |||||||
| Update Role Customization Package | |||||||
| Delete Role Customization Package | |||||||
| Manage Role Customization Package | |||||||
| Edge Licensing | Create License | Grants ability to view and manage Edge licensing | Yes | No | No | ||
| Read License | Yes | Yes | |||||
| Update License | |||||||
| Delete License | No | No | |||||
| Manage License | |||||||
| VeloCloud Support Access Role | Create Customer Delegation | Grants ability to view and manage the delegation of privileges from the customer to Partners or the Operator | Yes | Yes | Yes | ||
| Read Customer Delegation | |||||||
| Update Customer Delegation | |||||||
| Delete Customer Delegation | |||||||
| Manage Customer Delegation | No | No |
* – When the corresponding user role privilege is denied, the Orchestrator window displays the 404 resource not found error.
