Roles

The Orchestrator consists of two types of roles. The roles are categorized as follows:

Privileges – Privileges are a set of roles relevant to a functionality. A privilege can be tagged to one or more of the following services: SD-WAN, Cloud Web Security, Secure Access, and Global Settings. These are the group of privileges required by a user to carry out a certain business process. For example, a Customer support role in SD-WAN is a privilege required by an SD-WAN user to carry out various support activities. Every service defines such privileges based on its supported business functionality.

Roles – The privileges from various categories can be grouped to form a role. By default, the following roles are available for a Customer:


Role	SD-WAN Service	Cloud Web Security Service	Secure Access Service	Global Settings Service
Enterprise Standard Admin	SD-WAN Enterprise Admin	Cloud Web Security Enterprise Admin	Secure Access Enterprise Admin	Global Settings Enterprise Admin
Enterprise Super User	SD-WAN Enterprise Super User	Cloud Web Security Enterprise Super User	Secure Access Enterprise Super User	Global Settings Enterprise Super User
Enterprise Support	SD-WAN Enterprise Support	Cloud Web Security Enterprise Read Only	Secure Access Enterprise Read Only	Global Settings Enterprise Support
Enterprise Read Only User	SD-WAN Enterprise Read Only	No privileges	No privileges	Global Settings Enterprise Read Only
Enterprise Security Admin	SD-WAN Security Enterprise Admin	Cloud Web Security Enterprise Admin	Secure Access Enterprise Admin	Global Settings Enterprise Admin
Enterprise Security Read Only	SD-WAN Security Enterprise Read Only	Cloud Web Security Enterprise Read Only	Secure Access Enterprise Read Only	Global Settings Enterprise Read Only
Enterprise Network Admin	SD-WAN Enterprise Admin	Cloud Web Security Enterprise Read Only	Secure Access Enterprise Read Only	Global Settings Enterprise Admin

If required, you can customize the role privileges. For more information, see Role Customization.

As a Customer, you can view the list of existing standard roles and their corresponding descriptions. You can add, edit, clone, or delete a new role. However, you cannot edit or delete a default role.

To access the Roles tab:

In the Enterprise portal, go to Enterprise Applications > Global Settings.
From the left menu, click User Management, and then click the Roles tab. The following screen appears:

On the Roles screen, you can perform the following activities:


Option	Description
Add Role	Creates a new custom role. For more information, see Add Role.
Edit	Allows you to edit only the custom roles. You cannot edit the default roles. Also, you cannot edit or view the settings of a Super User.
Clone Role	Creates a new custom role, by cloning the existing settings from the selected role. You cannot clone the settings of a Super User.
Delete Role	Deletes the selected role. You cannot delete the default roles. You can delete only custom composite roles. Ensure that you have removed all the users associated with the selected role, before deleting the role.
Download CSV	Downloads the details of the user roles into a file in CSV format.

Note: You can also access the Edit, Clone Role, and Delete Role options from the vertical ellipsis of the selected Role.

Click the Open icon " >>" displayed before the Role link, to view more details about the selected Role, as shown below:
Click the View Role link to view the privileges associated to the selected role for the activated services.
Note: By default, only Global Settings & Administration service is activated for a Customer. Only an Operator can activate an additional service.

The following are the other options available in the Roles tab:


Option	Description
Search	Enter a search term to search for the matching text across the table. Use the advanced search option to narrow down the search results.
Columns	Click and select the columns to be displayed or hidden on the page.
Refresh	Click to refresh the page to display the most current data.