The Orchestrator consists of two types of roles. The roles are categorized as follows:
- Privileges – Privileges are a set of roles relevant to a functionality. A privilege can be tagged to one or more of the following services: SD-WAN, Cloud Web Security, Secure Access, and Global Settings. These are the group of privileges required by a user to carry out a certain business process. For example, a Customer support role in SD-WAN is a privilege required by an SD-WAN user to carry out various support activities. Every service defines such privileges based on its supported business functionality.
- Roles – The privileges from various categories can be grouped to form a role. By default, the following roles are available for a Customer:
Role SD-WAN Service Cloud Web Security Service Secure Access Service Global Settings Service Enterprise Standard Admin SD-WAN Enterprise Admin Cloud Web Security Enterprise Admin Secure Access Enterprise Admin Global Settings Enterprise Admin Enterprise Super User SD-WAN Enterprise Super User Cloud Web Security Enterprise Super User Secure Access Enterprise Super User Global Settings Enterprise Super User Enterprise Support SD-WAN Enterprise Support Cloud Web Security Enterprise Read Only Secure Access Enterprise Read Only Global Settings Enterprise Support Enterprise Read Only User SD-WAN Enterprise Read Only No privileges No privileges Global Settings Enterprise Read Only Enterprise Security Admin SD-WAN Security Enterprise Admin Cloud Web Security Enterprise Admin Secure Access Enterprise Admin Global Settings Enterprise Admin Enterprise Security Read Only SD-WAN Security Enterprise Read Only Cloud Web Security Enterprise Read Only Secure Access Enterprise Read Only Global Settings Enterprise Read Only Enterprise Network Admin SD-WAN Enterprise Admin Cloud Web Security Enterprise Read Only Secure Access Enterprise Read Only Global Settings Enterprise Admin If required, you can customize the role privileges. For more information, see Role Customization.
As a Customer, you can view the list of existing standard roles and their corresponding descriptions. You can add, edit, clone, or delete a new role. However, you cannot edit or delete a default role.
To access the
Roles tab:
- In the Enterprise portal, go to .
- From the left menu, click User Management, and then click the Roles tab. The following screen appears:
- On the Roles screen, you can perform the following activities:
Option Description Add Role Creates a new custom role. For more information, see Add Role. Edit Allows you to edit only the custom roles. You cannot edit the default roles. Also, you cannot edit or view the settings of a Super User. Clone Role Creates a new custom role, by cloning the existing settings from the selected role. You cannot clone the settings of a Super User. Delete Role Deletes the selected role. You cannot delete the default roles. You can delete only custom composite roles. Ensure that you have removed all the users associated with the selected role, before deleting the role. Download CSV Downloads the details of the user roles into a file in CSV format. Note: You can also access the Edit, Clone Role, and Delete Role options from the vertical ellipsis of the selected Role. -
Click the Open icon " >>" displayed before the Role link, to view more details about the selected Role, as shown below:
- Click the View Role link to view the privileges associated to the selected role for the activated services.
Note: By default, only Global Settings & Administration service is activated for a Customer. Only an Operator can activate an additional service.
- The following are the other options available in the Roles tab:
Option Description Search Enter a search term to search for the matching text across the table. Use the advanced search option to narrow down the search results. Columns Click and select the columns to be displayed or hidden on the page. Refresh Click to refresh the page to display the most current data.