Users can have different roles and every role can have a specific privilege bundle for every service in the Orchestrator. As an Operator Super User, you can assign a pre-defined role to a user. Service Permissions feature allows you to customize the privilege bundles for various services.

Note:
  • Starting from the 5.1.0 release, Role Customization is renamed as Service Permissions.
  • To activate this feature, an Operator must navigate to Global Settings > Customer Configuration > Additional Configuration > Feature Access, and then check the Role Customization check box.

You can customize only the privilege bundles and not the roles. When you customize a privilege bundle, the changes would impact the roles associated with it. For more information, see Roles.

The Service Permissions are applied to the privileges as follows:
  • The customizations done at the Enterprise level override the Partner or Operator level customizations.
  • The customizations done at the Partner level override the Operator level customizations.
  • Only when there are no customizations done at the Partner level or Enterprise level, the customizations made by the Operator are applied globally across all users in the Orchestrator.
To access the Service Permissions tab:
  1. In the Operator Portal, click Administration from the top menu.
  2. From the left menu, click User Management, and then click the Service Permissions tab. The following screen appears:
  3. On the Service Permissions screen, you can perform the following activities:
    Option Description
    Service Select the service from the drop-down menu. The available services are:
    • All
    • Global Settings
    • SD-WAN
    • Cloud Web Security
    • Secure Access
    • Edge Network Intelligence
    • App Catalog
    • MCS

    The permissions available for the selected service are displayed. By default, all the available permissions are displayed.

    New Permission Allows you to create a new permission. You can create only one permission for a Privilege Bundle. For more information, see New Permission.
    Edit Allows you to edit the settings of the selected permission. You can also click the link to the permission to edit the settings.
    Clone Allows you to create a copy of the selected permission.
    Publish Permission Applies the customization available in the selected package to the existing privilege. This option modifies the privileges only at the current level. If there are customizations available at the Operator level or a lower level for the same role, then the lower level takes precedence.
    More Allows you to select from the following additional options:
    • Delete: Deletes the selected permission. You cannot delete a permission if it is already in use.
    • Download JSON: Downloads the list of permissions into a file in JSON format.
    • Upload Permission: Allows you to upload a JSON file of a customized permission.
    • Reset to System Default: Allows you to reset the current published permissions to default settings. Only the permissions applied to the privileges in the Operator portal are reset to the default settings. If your Partners or Customers have customized their privileges in the Partner or Enterprise portal, those settings remain the same.
  4. The following are the other options available in the Service Permissions tab:
    Option Description
    Columns Click and select the columns to be displayed or hidden on the page.
    Note: The Role Associated column displays the Roles using the same Privilege Bundle.
    Refresh Click to refresh the page to display the most current data.