This section lists all the user privileges available in the Enterprise portal.
Below is a table listing the user privileges. The columns in the table indicate the following:
- Allow Privilege – Do the privileges have allow access?
- Deny Privilege – Do the privileges have deny access?
- Customizable – Is the privilege available for customization in the Service Permissions tab along with the Create, Read, Update, Delete customizations?
Note: The features that can be completely customized by an Enterprise Superuser have been listed in a separate table at the end of this topic.
Navigation Path in the Enterprise Portal | Name of the Tab | Elements in the Tab | Name of the Privilege | Description | Allow Privilege | Deny Privilege | Customizable |
---|---|---|---|---|---|---|---|
Monitor > Edges > Select Edge | Overview | ||||||
Read Edge | Grants ability to view and manage Edge objects and their properties in general | Yes | No | No | |||
Top Applications Top Categories Top Operating Systems Top Sources |
Read Edge | Grants ability to view and manage Edge objects and their properties in general | Yes | No | No | ||
View Flow Stats | Grants ability to view collected flow statistics | Yes | Yes | Yes | |||
Sources | Read Edge | Grants ability to view and manage Edge objects and their properties in general | Yes | No | No | ||
View Edge Sources | Grants ability to view Monitor Edge Sources tab | Yes | Yes | Yes | |||
Devices | View User Identifiable Flow Stats | Grants ability to view potentially user identifiable flow source attributes | Yes | Yes | Yes | ||
Create Client Device | Controls visibility to unique identifiers (IP or MAC address) of LAN-side client devices | Yes | No | No | |||
Read Client Device | |||||||
Change Hostname | Update Client Device | ||||||
Delete Client Device | |||||||
Manage Client Device | |||||||
Operating Systems | Create Client User | Controls visibility to potentially Personal Identifiable Information(PII) in flow statistics | Yes | No | No | ||
Read Client User | |||||||
Update Client User | |||||||
Delete Client User | |||||||
Manage Client User | |||||||
Applications Sources Destinations | Read Edge | Grants ability to view and manage Edge objects and their properties in general | Yes | No | No | ||
View Flow Stats | Grants ability to view collected flow statistics | Yes | Yes | Yes | |||
Events from this Edge | Read Customer Event | Grants ability to view customer level events | Yes | No | No | ||
Remote Actions | Read Remote Actions | Grants access to view and execute remote actions | No | Yes | Yes | ||
Remote Actions Generate Diagnostic Bundle Remote Diagnostics | Read Diagnostics | Controls creation of and access to diagnostics bundles, both Edge and Gateway. Combine with Edge and Gateway privileges to control access to each type individually | Yes | Yes | Yes | ||
Generate Diagnostic Bundle | Create Diagnostic Bundle | No | Yes | Yes | |||
Remote Diagnostics | Read Remote Diagnostics | Privilege granting access to view and execute remote diagnostics | No | Yes | Yes | ||
Monitor | Edges | Read Edge | Grants ability to view and manage Edge objects and their properties in general | Yes | No | No | |
Edge Cluster | Read Edge Cluster | Controls the ability to create and configure Edge Clusters | No | Yes | Yes | ||
Network Services | Read Network Service | Grants ability to view and manage services with the Network Services configuration block | Yes | No | No | ||
Non SD-WAN Destinations via Gateway Non SD-WAN Destinations via Edge | Read Customer Event | Grants ability to view customer level events | Yes | No | No | ||
Non SD-WAN Destinations via Gateway Non SD-WAN Destinations via Edge | Read Non SD-WAN Destination via Gateway | Grants ability to view and manage Non SD-WAN Destinations via Gateway and Non SD-WAN Destinations via Edge | No | Yes | Yes | ||
BGP Gateway Neighbor State | Read Network Service | Grants ability to view and manage services with the Network Services configuration block | Yes | No | No | ||
BGP Edge Neighbor State | Read Edge | Grants ability to view and manage Edge objects and their properties in general | Yes | No | No | ||
Edge VNFs | Read VNF Network Service | Grants ability to manage VNF Network Services | No | Yes | Yes | ||
Edge Cluster | Read Edge Cluster | Controls the ability to create and configure Edge Clusters | No | Yes | Yes | ||
Routing | Read Network Addressing | Grants ability to view and manage address block configuration in the legacy Network profile mode | Yes | No | No | ||
Read Edge | Grants ability to view and manage Edge objects and their properties in general | Yes | No | No | |||
View Customer Routing | Grants ability to view the customer Routing | Yes | No | No | |||
Alerts | Create Customer Alert | Grants ability to view and manage customer alert configuration and generated alerts | Yes | No | No | ||
Read Customer Alert | Yes | Yes | |||||
Update Customer Alert | |||||||
Delete Customer Alert | No | No | |||||
Manage Customer Alert | |||||||
Events | Create Customer Event | Grants ability to view customer level events | Yes | No | No | ||
Read Customer Event | |||||||
Update Customer Event | |||||||
Delete Customer Event | |||||||
Manage Customer Event | |||||||
Reports | Update Customer | Grants ability to view and manage Customers, from the Partner or Operator level | Yes | Yes | Yes | ||
Read Customer | No | No | |||||
Firewall | Firewall Logging | View Firewall Logs | Grants ability to view collected firewall logs | Yes | Yes | Yes | |
Read Edge | Grants ability to view and manage Edge objects and their properties in general | Yes | No | No | |||
Read Customer Event | Grants ability to view customer level events | Yes | No | No | |||
Configure > Edges > Select Edge | Edge Overview | Edge Overview | Controls ability to view or modify Edge overview page | No | Yes | Yes | |
Properties | Create Edge Overview Properties | Controls ability to view or change items within the properties section of the Edge overview page | No | Yes | Yes | ||
Read Edge Overview Properties | No | No | |||||
Update Edge Overview Properties | Yes | Yes | |||||
Delete Edge Overview Properties | |||||||
Name | Read Edge Overview Properties Name | Controls ability to view or change Edge name on the Edge overview page | No | Yes | Yes | ||
Update Edge Overview Properties Name | |||||||
Description | Read Edge Overview Properties Description | Controls ability to view or change Edge description on the Edge overview page | No | Yes | Yes | ||
Update Edge Overview Properties Description | |||||||
Enable Alerts | Read Edge Overview Properties Enable Alerts | Controls ability to view or change Edge alert configuration on the Edge overview page | No | Yes | Yes | ||
Update Edge Overview Properties Enable Alerts | |||||||
Authentication Mode | Read Edge Overview Properties Auth Mode | Controls ability to view or change Edge PKI configuration on the Edge overview page | No | Yes | Yes | ||
Update Edge Overview Properties Auth Mode | |||||||
Read Customer PKI | Grants ability to view and manage enterprise PKI settings | Yes | No | No | |||
Update Customer PKI | |||||||
Serial Number | Read Edge Overview Properties Serial Number | Controls ability to view or change Edge serial number, prior to activation, on the Edge overview page | No | Yes | Yes | ||
Update Edge Overview Properties Serial Number | |||||||
Generate New Activation Key | Read Edge Overview Properties Activation Expiration | Controls ability to view or change the activation key expiration period on the Edge overview page | No | Yes | Yes | ||
Update Edge Overview Properties Activation Expiration | |||||||
Send Activation Email button | Create Edge Overview Properties Activation Email | Controls ability to generate an activation email on the Edge overview page | No | Yes | Yes | ||
Read Edge Overview Properties Activation Email | |||||||
Local Credentials | Read Overview Properties Local Credentials | Grants ability to view and configure Edge local credentials | No | Yes | Yes | ||
Update Overview Properties Local Credentials | |||||||
View | Read Edge | Grants ability to view and manage Edge objects and their properties in general | Yes | No | No | ||
Update Edge | |||||||
Read Customer Keys | Grants ability to view and manage enterprise security keys such as Edge administrator credentials and IPSEC keys | Yes | Yes | Yes | |||
Update Customer Keys | |||||||
License | Read License | Grants ability to view and manage Edge licensing | Yes | Yes | Yes | ||
Update License | |||||||
Profile | Create Edge Overview Profile | Controls visibility and control of Edges assigned profile on the Edge overview page | No | Yes | Yes | ||
Read Edge Overview Profile | No | No | |||||
Update Edge Overview Profile | Yes | Yes | |||||
Delete Edge Overview Profile | |||||||
RMA Reactivation | Create Edge | Grants ability to view and manage Edge objects and their properties in general | Yes | Yes | Yes | ||
Device | |||||||
Authentication Settings | Create Edge Device Authentication Settings | Controls ability to view or change Edge Device Authentication Settings | No | Yes | Yes | ||
Read Edge Device Authentication Settings | |||||||
Update Edge Device Authentication Settings | |||||||
Delete Edge Device Authentication Settings | |||||||
DNS Settings | Update Edge Device DNS Settings | Controls ability to view or change Edge Device DNS Settings | No | Yes | Yes | ||
Netflow Settings | Create Edge Device Netflow Settings | Controls ability to view or change Edge Device Netflow Settings | No | Yes | Yes | ||
Read Edge Device Netflow Settings | |||||||
Update Edge Device Netflow Settings | |||||||
Delete Edge Device Netflow Settings | |||||||
LAN-Side NAT Rules | Update Edge Device LAN-Side NAT Rules | Controls ability to view or change Edge Device LAN-Side NAT Rules | No | Yes | Yes | ||
Voice Quality Monitoring Settings | Read Edge Device VQM Settings | Controls ability to view or change Edge Device VQM Settings | No | Yes | Yes | ||
Update Edge Device VQM Settings | |||||||
Syslog Settings | Read Edge Device Syslog Settings | Controls ability to view or change Edge Device Syslog Settings | No | Yes | Yes | ||
Update Edge Device Syslog Settings | |||||||
Static Route Settings | Update Edge Device Static Route Settings | Controls ability to view or change Edge Device Static Route Settings | No | Yes | Yes | ||
ICMP Probes | Read Edge Device ICMP Probes | Controls ability to view or change Edge Device ICMP Probes | No | Yes | Yes | ||
Update Edge Device ICMP Probes | |||||||
ICMP Responders | Read Edge Device ICMP Responders | Controls ability to view or change Edge Device ICMP Responders | No | Yes | Yes | ||
Update Edge Device ICMP Responders | |||||||
VRRP Settings | Update Edge Device VRRP Settings | Controls ability to view or change Edge Device VRRP Settings | No | Yes | Yes | ||
Cloud VPN | Read Edge Device Cloud VPN | Controls ability to view or change Edge Device Cloud VPN | No | Yes | Yes | ||
Update Edge Device Cloud VPN | |||||||
BFD Rules | Update Edge Device BFD Rules | Controls ability to view or change Edge Device BFD Rules | No | Yes | Yes | ||
BGP Settings | Read Edge Device BGP Settings | Controls ability to view or change Edge Device BGP Settings | No | Yes | Yes | ||
Update Edge Device BGP Settings | |||||||
Multicast Settings | Read Edge Device Multicast Settings | Controls ability to view or change Edge Device Multicast Settings | No | Yes | Yes | ||
Update Edge Device Multicast Settings | |||||||
Cloud Security Service | Read Edge Device Cloud Security Service | Controls ability to view or change Edge Device Cloud Security Service | No | Yes | Yes | ||
Update Edge Device Cloud Security Service | |||||||
Gateway Handoff Assignment | Update Edge Device Gateway Handoff Assignment | Controls ability to view or change Edge Device Gateway Handoff Assignment | No | Yes | Yes | ||
High Availability | Create Edge Device High Availability | Controls ability to view or change Edge Device High Availability | No | Yes | Yes | ||
Read Edge Device High Availability | |||||||
Update Edge Device High Availability | |||||||
Delete Edge Device High Availability | |||||||
Enable HA Standby Pair | Grants ability to configure standby HA | No | Yes | Yes | |||
Enable HA Cluster | Grants ability to configure HA Clustering | No | Yes | Yes | |||
Enable HA VRRP Pair | Grants ability to configure VRRP HA | No | Yes | Yes | |||
Configure VLAN | Read Edge Device Settings | Controls ability to view or change Edge Device Settings | No | Yes | Yes | ||
Management IP | Read Edge Device Management IP | Controls ability to view or change Edge Device Management IP | No | Yes | Yes | ||
Update Edge Device Management IP | |||||||
Device Settings | Create Edge Device Settings | Controls ability to view or change Edge Device Settings | No | Yes | Yes | ||
Read Edge Device Settings | |||||||
Update Edge Device Settings | |||||||
Delete Edge Device Settings | |||||||
Interface Settings | Update Edge Device Interface Settings | Controls ability to view or change Edge Device Interface Settings | No | Yes | Yes | ||
WAN Settings | Update Edge Device WAN Settings | Controls ability to view or change Edge Device WAN Settings | No | Yes | Yes | ||
Security VNF | Update Edge Device Security VNF | Controls ability to view or change Edge Device Security VNF | No | Yes | Yes | ||
Wi-Fi Radio Settings | Create Edge Device Wi-Fi Settings | Controls ability to view or change Edge Device Wi-Fi Settings | No | Yes | Yes | ||
Read Edge Device Wi-Fi Settings | |||||||
Update Edge Device Wi-Fi Settings | |||||||
Delete Edge Device Wi-Fi Settings | |||||||
Multi-Source QoS | Read Edge Device Cloud VPN QoS Settings | Controls ability to view or change Edge Device Cloud VPN QoS Settings | No | Yes | Yes | ||
Update Edge Device Cloud VPN QoS Settings | |||||||
TACACS Settings | Create Network Service | Grants ability to view and manage services with the Network Services configuration block | Yes | Yes | Yes | ||
Read Network Service | No | No | |||||
Update Network Service | Yes | Yes | |||||
Delete Network Service | |||||||
Create Customer Keys | Grants ability to view and manage enterprise security keys such as Edge administrator credentials and IPSEC keys | Yes | Yes | Yes | |||
Read Customer Keys | |||||||
Update Customer Keys | |||||||
Delete Customer Keys | |||||||
Manage Customer Keys | No | No | |||||
L2 Settings | Update Edge Device L2 Settings | Controls ability to view or change Edge Device L2 Settings | No | Yes | Yes | ||
SNMP Settings | Create Edge Device SNMP Settings | Controls ability to view or change Edge Device SNMP Settings | No | Yes | Yes | ||
Read Edge Device SNMP Settings | |||||||
Update Edge Device SNMP Settings | |||||||
Delete Edge Device SNMP Settings | |||||||
NTP | Read Edge Device NTP Settings | Controls ability to view or change Edge Device NTP Settings | No | Yes | Yes | ||
Update Edge Device NTP Settings | |||||||
Visibility Mode | Update Edge Device Config Visibility Mode | Controls ability to view or change Edge Device Config Visibility Mode | No | Yes | Yes | ||
Analytics Settings | Read Edge | Grants ability to view and manage Edge objects and their properties in general | Yes | No | No | ||
Update Edge | |||||||
Business Policy | Edge Business Policy | Controls ability to view or change Edge business policy page | No | Yes | Yes | ||
SD-WAN Overlay Rate Limit | Read Edge Business Policy Rate Limit | Controls the ability to read and update the rate limiting business policy feature | No | Yes | Yes | ||
Update Edge Business Policy Rate Limit | |||||||
SD-WAN Overlay Rate Limit SD-WAN Traffic Class and Weight Mapping | Read Edge | Grants ability to view and manage Edge objects and their properties in general | Yes | No | No | ||
Read Customer Profile | Grants ability to view and edit enterprise configuration profiles | Yes | Yes | Yes | |||
Firewall | Edge Firewall | Controls ability to view or change Edge firewall page | No | Yes | Yes | ||
Firewall Logging Syslog Forwarding Stateful Firewall | Configure Edge Firewall Logging | Grants ability to configure Edges level firewall logging | No | Yes | Yes | ||
Read Edge | Grants ability to view and manage Edge objects and their properties in general | Yes | No | No | |||
Syslog Forwarding | View Syslog Forwarding | Grants ability to see Syslog forwarding | No | Yes | Yes | ||
Read Edge | Grants ability to view and manage Edge objects and their properties in general | Yes | No | No | |||
Stateful Firewall Settings Network & Flood Protection Settings Edge Access | Create Edge Firewall Edge Access | Privilege granting or denying visibility and control of an Edges Stateful Firewall Settings, Network & Flood Protection Settings and Edge Access on the Edge firewall page | No | Yes | Yes | ||
Read Edge Firewall Edge Access | |||||||
Update Edge Firewall Edge Access | |||||||
Delete Edge Firewall Edge Access | |||||||
Events from this Edge | Read Customer Event | Grants ability to view customer level events | Yes | No | No | ||
Remote Actions | Read Remote Actions | Privilege granting access to view and execute remote actions | No | Yes | Yes | ||
Remote Actions Generate Diagnostic Bundle Remote Diagnostics | Read Diagnostics | Controls creation of and access to diagnostics bundles, both Edge and Gateway. Combine with Edge and Gateway privileges to control access to each type individually | Yes | Yes | Yes | ||
Generate Diagnostic Bundle | Create Diagnostic Bundle | No | Yes | Yes | |||
Remote Diagnostics | Read Remote Diagnostics | Grants access to view and execute remote diagnostics | No | Yes | Yes | ||
Configure > Profiles > Select Profile | Profile Overview | Profile Overview | Controls ability to view or change profile overview page | No | Yes | Yes | |
Description | Create Profile Overview Description | Controls ability to view or change Profile Overview Description | No | Yes | Yes | ||
Read Profile Overview Description | No | No | |||||
Update Profile Overview Description | Yes | Yes | |||||
Delete Profile Overview Description | |||||||
Local Credentials | Read Overview Properties Local Credentials | Grants ability to view and configure Edge local credentials | No | Yes | Yes | ||
Update Overview Properties Local Credentials | |||||||
Device | |||||||
Authentication Settings | Create Profile Device Authentication Settings | Controls ability to view or change Profile Device Authentication Settings | No | Yes | Yes | ||
Read Profile Device Authentication Settings | |||||||
Update Profile Device Authentication Settings | |||||||
Delete Profile Device Authentication Settings | |||||||
DNS Settings | Update Profile Device DNS Settings | Controls ability to view or change Profile Device DNS Settings | No | Yes | Yes | ||
Netflow Settings | Create Profile Device Netflow Settings | Controls ability to view or change Profile Device Netflow Settings | No | Yes | Yes | ||
Read Profile Device Netflow Settings | |||||||
Update Profile Device Netflow Settings | |||||||
Delete Profile Device Netflow Settings | |||||||
LAN-Side NAT Rules | Update Profile Device LAN-Side NAT Rules | Controls ability to view or change Profile Device LAN-Side NAT Rules | No | Yes | Yes | ||
Voice Quality Monitoring Settings | Read Profile Device VQM Settings | Controls ability to view or change Profile Device VQM Settings | No | Yes | Yes | ||
Update Profile Device VQM Settings | |||||||
Syslog Settings | Read Profile Device Syslog Settings | Controls ability to view or change Profile Device Syslog Settings | No | Yes | Yes | ||
Update Profile Device Syslog Settings | |||||||
Cloud VPN | Read Profile Device Cloud VPN | Controls ability to view or change Profile Device Cloud VPN | No | Yes | Yes | ||
Update Profile Device Cloud VPN | |||||||
BFD Rules | Update Profile Device BFD Rules | Controls ability to view or change Profile Device BFD Rules | No | Yes | Yes | ||
OSPF Areas | Read Profile Device OSPF Settings | Controls ability to view or change Profile Device OSPF Settings | No | Yes | Yes | ||
Update Profile Device OSPF Settings | |||||||
BGP Settings | Read Profile Device BGP Settings | Controls ability to view or change Profile Device BGP Settings | No | Yes | Yes | ||
Update Profile Device BGP Settings | |||||||
Multicast Settings | Read Profile Device Multicast Settings | Controls ability to view or change Profile Device Multicast Settings | No | Yes | Yes | ||
Update Profile Device Multicast Settings | |||||||
Cloud Security Service | Read Profile Device Cloud Security Service | Controls ability to view or change Profile Device Cloud Security Service | No | Yes | Yes | ||
Update Profile Device Cloud Security Service | |||||||
Gateway Handoff Assignment | Update Profile Device Gateway Handoff Assignment | Controls ability to view or change Profile Device Gateway Handoff Assignment | No | Yes | Yes | ||
Configure VLAN | Read Profile Device Settings | Controls ability to view or change Profile Device Settings | No | Yes | Yes | ||
Management IP | Read Profile Device Management IP | Controls ability to view or change Profile Device Management IP | No | Yes | Yes | ||
Update Profile Device Management IP | |||||||
Device Settings | Create Profile Device Settings | Controls ability to view or change Profile Device Settings | No | Yes | Yes | ||
Read Profile Device Settings | |||||||
Update Profile Device Settings | |||||||
Delete Profile Device Settings | |||||||
Interface Settings | Update Profile Device Interface Settings | Controls ability to view or change Profile Device Interface Settings | No | Yes | Yes | ||
Wi-Fi Radio Settings | Create Profile Device Wi-Fi Settings | Controls ability to view or change Profile Device Wi-Fi Settings | No | Yes | Yes | ||
Read Profile Device Wi-Fi Settings | |||||||
Update Profile Device Wi-Fi Settings | |||||||
Delete Profile Device Wi-Fi Settings | |||||||
L2 Settings | Update Profile Device L2 Settings | Controls ability to view or change Profile Device L2 Settings | No | Yes | Yes | ||
Multi-Source QoS | Read Profile Device Cloud VPN QoS Settings | Controls ability to view or change Profile Device Cloud VPN QoS Settings | No | Yes | Yes | ||
Update Profile Device Cloud VPN QoS Settings | |||||||
SNMP Settings | Create Profile Device SNMP Settings | Controls ability to view or change Profile Device SNMP Settings | No | Yes | Yes | ||
Read Profile Device SNMP Settings | |||||||
Update Profile Device SNMP Settings | |||||||
Delete Profile Device SNMP Settings | |||||||
NTP | Read Profile Device NTP Settings | Controls ability to view or change Profile Device NTP Settings | No | Yes | Yes | ||
Update Profile Device NTP Settings | |||||||
Visibility Mode | Update Profile Device Config Visibility Mode | Controls ability to view or change Profile Device Config Visibility Mode | No | Yes | Yes | ||
Analytics Settings | Read Profile Device Analytics Settings | Controls ability to view or change Profile Device Analytics Settings | No | Yes | Yes | ||
Update Profile Device Analytics Settings | |||||||
Create Profile Device Network Settings | Controls ability to view or change Profile Device Network Settings | No | Yes | Yes | |||
Read Profile Device Network Settings | |||||||
Update Profile Device Network Settings | |||||||
Delete Profile Device Network Settings | |||||||
Business Policy | Profile Business Policy | Controls ability to view or change profile business policy page | No | Yes | Yes | ||
SD-WAN Overlay Rate Limit | Read Profile Business Policy Rate Limit | Controls the ability to read and update the rate limiting business policy feature | No | Yes | Yes | ||
Update Profile Business Policy Rate Limit | |||||||
Firewall | Profile Firewall | Controls ability to view or change profile firewall page | No | Yes | Yes | ||
Firewall Logging Syslog Forwarding Stateful Firewall | Configure Profile Firewall Logging | Grants ability to configure profile level firewall logging | No | Yes | Yes | ||
Read Edge | Grants ability to view and manage Edge objects and their properties in general | Yes | No | No | |||
Read Edge | Grants ability to view and manage Edge objects and their properties in general | Yes | No | No | |||
Stateful Firewall Settings Network & Flood Protection Settings Edge Access | Create Edge Firewall Edge Access | Controls visibility and control of Stateful Firewall Settings, Network & Flood Protection Settings, and Edge Access on the profile firewall page | No | Yes | Yes | ||
Read Edge Firewall Edge Access | No | No | |||||
Update Edge Firewall Edge Access | Yes | Yes | |||||
Delete Edge Firewall Edge Access | |||||||
Configure | Edges | Create Edge | Grants ability to view and manage Edge objects and their properties in general | Yes | Yes | Yes | |
Read Edge | No | No | |||||
Update Edge | |||||||
Delete Edge | Yes | Yes | |||||
Manage Edge | No | No | |||||
Read Customer Profile | Grants ability to view and edit enterprise configuration profiles | Yes | Yes | Yes | |||
New Edge > | Authentication | Create Customer PKI | Grants ability to view and manage enterprise PKI settings | Yes | No | No | |
Select Edge/Edges > | Local Credentials | Read Overview Properties Local Credentials | Grants ability to view and configure Edge local credentials | No | Yes | Yes | |
Update Overview Properties Local Credentials | |||||||
Select Edge/Edges > | Assign Profile | Assign Edge Profile | Grants ability to assign profiles to Edges | No | Yes | Yes | |
Select Edge/Edges > | Update Pre-Notifications | Update Edge Overview Properties Enable Alerts | Controls ability to view or change Edge alert configuration on the Edge overview page | No | Yes | Yes | |
Select Edge/Edges > | Assign Edge License | ||||||
Select Edge/Edges > | Update Customer Alerts | ||||||
Edge Cluster | Read Edge Cluster | Grants ability to view Edge clusters | No | Yes | Yes | ||
Create Cloud Edge | Create DMZ Gateway | Grants ability to create DMZ Gateways | No | Yes | Yes | ||
Profiles | Create Customer Profile | Grants ability to view and edit enterprise configuration profiles | Yes | Yes | Yes | ||
Read Customer Profile | |||||||
Update Customer Profile | |||||||
Delete Customer Profile | |||||||
Manage Customer Profile | No | No | |||||
Duplicate Profile | Duplicate Customer Profile | Grants ability to edit duplicate customer level profiles | No | Yes | Yes | ||
Create Profile | Grants access to view and manage profiles at any level | No | Yes | Yes | |||
Read Profile | |||||||
Update Profile | |||||||
Delete Profile | |||||||
Object Groups | Create Object Group | Grants ability to manage Object Group | Yes | Yes | Yes | ||
Read Object Group | |||||||
Update Object Group | |||||||
Delete Object Group | |||||||
Manage Object Group | No | No | |||||
Read Customer Profile | Grants ability to view and edit enterprise configuration profiles | Yes | Yes | Yes | |||
Segments/Networks | Create Network Addressing | Grants ability to view and manage address block configuration in the legacy Network profile mode | Yes | Yes | Yes | ||
Read Network Addressing | No | No | |||||
Update Network Addressing | Yes | Yes | |||||
Delete Network Addressing | |||||||
Manage Network Addressing | No | No | |||||
Create Customer Segment | Grants ability to view and manage the creation of segments and their assignment to configuration profiles | No | Yes | Yes | |||
Read Customer Segment | |||||||
Update Customer Segment | |||||||
Delete Customer Segment | |||||||
Overlay Flow Control | Create Overlay Flow Control | Grants ability to view and manage data and configuration presented on the Overlay Flow Control page | No | Yes | Yes | ||
Read Overlay Flow Control | |||||||
Update Overlay Flow Control | |||||||
Delete Overlay Flow Control | |||||||
Read Customer Profile | Grants ability to view and edit enterprise configuration profiles | Yes | Yes | Yes | |||
Update Customer Profile | |||||||
Network Services | Create Network Service | Grants ability to view and manage services with the Network Services configuration block | Yes | Yes | Yes | ||
Read Network Service | No | No | |||||
Update Network Service | Yes | Yes | |||||
Delete Network Service | |||||||
Manage Network Service | No | No | |||||
Create Customer Keys | Grants ability to view and manage enterprise security keys such as Edge administrator credentials and IPSEC keys | Yes | Yes | Yes | |||
Read Customer Keys | |||||||
Update Customer Keys | |||||||
Read Customer Profile | Grants ability to view and edit enterprise configuration profiles | Yes | Yes | Yes | |||
Edge Cluster | Create Edge Cluster | Controls the ability to create and configure Edge Clusters | No | Yes | Yes | ||
Read Edge Cluster | |||||||
Update Edge Cluster | |||||||
Delete Edge Cluster | |||||||
Cloud VPN Hubs | Create VPN Hub Network Service | Grants ability to manage VPN Hubs as Network Services | No | Yes | Yes | ||
Read VPN Hub Network Service | |||||||
Update VPN Hub Network Service | |||||||
Delete VPN Hub Network Service | |||||||
Non SD-WAN Destinations via Gateway Non SD-WAN Destinations via Edge | Create Non SD-WAN Destination via Gateway | Grants ability to view and manage Non SD-WAN Destinations via Gateway and Non SD-WAN Destinations via Edge | No | Yes | Yes | ||
Read Non SD-WAN Destination via Gateway | |||||||
Update Non SD-WAN Destination via Gateway | |||||||
Delete Non SD-WAN Destination via Gateway | |||||||
Cloud Security Service | Create Cloud Security Service | Controls creation and configuration of third party cloud security services to which the traffic can be steered by business policy | No | Yes | Yes | ||
Read Cloud Security Service | |||||||
Update Cloud Security Service | |||||||
Delete Cloud Security Service | |||||||
VNFs | Create VNF Network Service | Grants ability to manage VNF Network Services | No | Yes | Yes | ||
Read VNF Network Service | |||||||
Update VNF Network Service | |||||||
Delete VNF Network Service | |||||||
VNF Licenses | Create VNF License Network Service | Grants ability to manage VNF licenses with Network Services | No | Yes | Yes | ||
Read VNF License Network Service | |||||||
Update VNF License Network Service | |||||||
Delete VNF License Network Service | |||||||
DNS Services | Create DNS Network Service | Controls the ability to create and configure DNS services for use in profiles | No | Yes | Yes | ||
Read DNS Network Service | |||||||
Update DNS Network Service | |||||||
Delete DNS Network Service | |||||||
Private Network Names | Create Private Network Name Network Service | Grants ability to manage Private Network Name with Network Services | No | Yes | Yes | ||
Read Private Network Name Network Service | |||||||
Update Private Network Name Network Service | |||||||
Delete Private Network Name Network Service | |||||||
Authentication Services | Create Authentication Service | Controls the creation and configuration of hosted 802.1x service providing LAN-side user authentication | No | Yes | Yes | ||
Read Authentication Service | |||||||
Update Authentication Service | |||||||
Delete Authentication Service | |||||||
TACACS Services | Create Network Service | Grants ability to view and manage services with the Network Services configuration block | Yes | Yes | Yes | ||
Read Network Service | No | No | |||||
Update Network Service | Yes | Yes | |||||
Delete Network Service | |||||||
Create Customer Keys | Grants ability to view and manage enterprise security keys such as Edge administrator credentials and IPSEC keys | Yes | Yes | Yes | |||
Read Customer Keys | |||||||
Update Customer Keys | |||||||
Delete Customer Keys | |||||||
Manage Customer Keys | No | No | |||||
Cloud Subscriptions | Create Cloud Subscription Service | Grants ability to view and manage the configuration of access to IAAS providers, such as Azure, AWS and Google Cloud | No | Yes | Yes | ||
Read Cloud Subscription Service | |||||||
Update Cloud Subscription Service | |||||||
Delete Cloud Subscription Service | |||||||
Alerts & Notifications | Read Customer Alert Notification | Grants ability to view and manage customer alert configuration | No | Yes | Yes | ||
Create Customer Alert | Grants ability to view and manage customer alert configuration and generated alerts | Yes | No | No | |||
Read Customer Alert | Yes | Yes | |||||
Update Customer Alert | |||||||
Delete Customer Alert | No | No | |||||
Manage Customer Alert | |||||||
SMS Alert | Update Customer SMS Alert | Grants ability to configure SMS alerts at the customer level | No | Yes | Yes | ||
Customer | Update Enterprise | Grants ability to view and manage Customers, from the Partner or Operator level | Yes | Yes | Yes | ||
Other Settings | Read User Agreement | Privilege granting access to configure the customer user agreement feature | Yes | No | No | ||
Update User Agreement | |||||||
Test & Troubleshoot | Read Diagnostics | Controls creation of and access to diagnostics bundles, both Edge and Gateway. Combine with Edge and Gateway privileges to control access to each type individually | Yes | Yes | Yes | ||
Remote Diagnostics | Create Remote Diagnostics | Grants access to view and execute remote diagnostics | No | No | No | ||
Read Remote Diagnostics | Yes | Yes | |||||
Update Remote Diagnostics | No | No | |||||
Delete Remote Diagnostics | |||||||
Manage Remote Diagnostics | Yes | Yes | |||||
Gateway | Remote Cloud Traffic Routing | No | Yes | Yes | |||
Reset USB Modem | Remote Reset USB Modem | Grants ability to execute the Edge USB modem reset remote action | No | Yes | Yes | ||
Scan for nearby Wi-Fi | Remote Scan for Wi-Fi Access Points | Grants ability to execute the Edge Wi-Fi scan remote action | No | Yes | Yes | ||
VPN Test | Remote VPN Test | Grants ability to execute the Edge VPN test remote action | No | Yes | Yes | ||
Remote Actions | Create Remote Actions | Grants access to view and execute remote actions | No | Yes | Yes | ||
Read Remote Actions | |||||||
Update Remote Actions | |||||||
Delete Remote Actions | |||||||
Select Edge > Shutdown button | Shutdown Edge | Grants ability to execute the Edge shutdown remote action | No | Yes | Yes | ||
Select Edge > Deactivate button | Deactivate Edge | Grants ability to execute the deactivate Edge remote action | No | Yes | Yes | ||
Diagnostic Bundles/Packet Capture | 404 resource not found page | Create Diagnostics | Controls creation of and access to diagnostics bundles, both Edge and Gateway. Combine with Edge and Gateway privileges to control access to each type individually | Yes | Yes | Yes | |
Read Diagnostics | |||||||
Update Diagnostics | |||||||
Delete Diagnostics | |||||||
Manage Diagnostics | No | No | |||||
Request Diagnostic Bundle | Create Diagnostic Bundle | Grants ability to view and request Diagnostic bundles as part of remote diagnostics functionality | No | Yes | Yes | ||
Diagnostic Bundles/Packet Capture | 404 resource not found page | Read Diagnostic Bundle | |||||
Update Diagnostic Bundle | |||||||
Delete Diagnostic Bundle | Delete Diagnostic Bundle | ||||||
Request PCAP Bundle | Create PCAP Bundle | Grants ability to view and request PCAP bundles as part of remote diagnostics functionality | No | Yes | Yes | ||
Diagnostic Bundles/Packet Capture | 404 resource not found page | Read PCAP Bundle | |||||
Update PCAP Bundle | No | No | |||||
Delete PCAP Bundle | Yes | Yes | |||||
Diagnostic Bundles/Packet Capture | 404 resource not found page | Manage PCAP Bundle | |||||
Download Diagnostic Bundle | Download Edge Diagnostics | Grants ability to download Edge Diagnostics | No | Yes | Yes | ||
Administration | |||||||
System Settings | Read Customer Delegation | Grants ability to view and manage the delegation of privileges from the customer to Partners or the Operator | Yes | Yes | Yes | ||
General Information > | General Information | Read Customer General Information | Controls visibility and control of Customer General Information on the System Settings General Information page | No | Yes | Yes | |
Update Customer General Information | |||||||
Default Edge Authentication | Read Customer PKI | Grants ability to view and manage enterprise PKI settings | Yes | No | No | ||
Update Customer PKI | |||||||
Edge Configuration | Read Customer Edge Settings | Controls visibility and control of Customer Edge Settings on the System Settings General Information page | No | Yes | Yes | ||
Update Customer Edge Settings | |||||||
Privacy Settings | Read Customer Privacy Settings | Controls visibility and control of Customer Privacy Settings on the System Settings General Information page | No | Yes | Yes | ||
Update Customer Privacy Settings | |||||||
Privacy Settings > Enforce PCI | Update Customer User | Grants ability to view and manage Customer administrators | Yes | Yes | Yes | ||
Contact Information | Read System Settings Contact Info | Controls visibility and control of System Settings Contact Info on the System Settings General Information page | No | Yes | Yes | ||
Update System Settings Contact Info | |||||||
Authentication | Create Customer Authentication | Grants ability to view and manage customer authentication mode, for example SSO, Radius or Native | Yes | Yes | Yes | ||
Read Customer Authentication | |||||||
Update Customer Authentication | |||||||
Delete Customer Authentication | |||||||
Manage Customer Authentication | |||||||
API Tokens | Read Customer Token | Grants ability to view and manage authentication tokens at the Customer level | Yes | No | No | ||
Update Customer Token | |||||||
Administrators | Create Customer User | Grants ability to view and manage Customer administrators | Yes | Yes | Yes | ||
Read Customer User | |||||||
Update Customer User | |||||||
Delete Customer User | |||||||
Manage Customer User | No | No | |||||
Select Enterprise User > | API Tokens | Create Customer Token | Grants ability to view and manage authentication tokens at the Customer level | Yes | No | No | |
Read Customer Token | |||||||
Update Customer Token | |||||||
Delete Customer Token | |||||||
Manage Customer Token | |||||||
Service Permissions | Create Service Permissions Package | Grants access to manage Service Permissions packages | Yes | No | No | ||
Read Service Permissions Package | |||||||
Update Service Permissions Package | |||||||
Delete Service Permissions Package | |||||||
Manage Service Permissions Package | |||||||
Edge Licensing | Create License | Grants ability to view and manage Edge licensing | Yes | No | No | ||
Read License | Yes | Yes | |||||
Update License | |||||||
Delete License | No | No | |||||
Manage License | |||||||
VeloCloud Support Access Role | Create Customer Delegation | Grants ability to view and manage the delegation of privileges from the customer to Partners or the Operator | Yes | Yes | Yes | ||
Read Customer Delegation | |||||||
Update Customer Delegation | |||||||
Delete Customer Delegation | |||||||
Manage Customer Delegation | No | No |
When the corresponding user privilege is denied, the Orchestrator window displays the 404 resource not found error.
Below table provides a list of customizable feature privileges:
Navigation Path in the Enterprise Portal | Name of the Tab | Name of the Privilege | Description |
---|---|---|---|
Configure > Edges > Select Edge | Overview | Assign Edge Profile | Grants ability to assign a Profile to Edges |
Configure > Edges > Select Edge | Firewall | Configure Edge Firewall Logging | Grants ability to configure Edge level firewall logging |
Configure > Profiles > Select Profile | Firewall | Configure Profile Firewall Logging | Grants ability to configure Profile level firewall logging |
Diagnostics > Remote Actions | Select Edge > Deactivate | Deactivate Edge | Grants ability to reset the device configuration to its factory default state |
Global Settings > Enterprise Settings > Information Privacy Settings > SD-WAN PCI | Enforce PCI Compliance | Deny PCI Operations | Denies access to sensitive Customer data including PCAPs, etc. on the Edges and Gateways, for all users including VMware Support |
Diagnostics > Diagnostic Bundles | Select Edge > Download Bundle | Download Edge Diagnostics | Grants ability to download Edge Diagnostics |
Gateway Management > Diagnostic Bundles | Select Gateway > Download Bundle | Download Gateway Diagnostics | Grants ability to download Gateway Diagnostics |
Configure > Profiles | Duplicate | Duplicate Customer Profile | Grants ability to edit duplicate customer level Profiles |
Configure > Segments / Configure > Profiles / Configure > Edges | Segments drop-down menu | Edit Tab Segments | Grants ability to edit within the Segments tab |
Configure > Edges > Select Edge | Device | Enable HA Cluster | Grants ability to configure HA Clustering |
Configure > Edges > Select Edge | Device | Enable HA Active/Standby Pair | Grants ability to configure active/standby HA |
Configure > Edges > Select Edge | Device | Enable HA VRRP Pair | Grants ability to configure VRRP HA |
Diagnostics > Remote Diagnostics | Clear ARP Cache | Remote Clear ARP Cache | Grants ability to clear the ARP cache for a given interface |
Diagnostics > Remote Diagnostics > Gateway | Cloud Traffic Routing (drop-down menu) | Remote Cloud Traffic Routing | Grants ability to route cloud traffic remotely |
Diagnostics > Remote Diagnostics | DNS/DHCP Service Restart | Remote DNS/DHCP Restart | Grants ability to restart the DNS/DHCP service |
Diagnostics > Remote Diagnostics | Flush Flows | Remote Flush Flows | Grants ability to flush the Flow table, causing user traffic to be re-classified |
Diagnostics > Remote Diagnostics | Flush NAT | Remote Flush NAT | Grants ability to flush the NAT table |
Diagnostics > Remote Diagnostics > LTE SIM Switchover | LTE Switch SIM Slot
Note: This is for 610-LTE and 710 5G devices only.
|
Remote LTE Switch SIM Slot | Grants ability to activate the SIM Switchover feature. After the test is successful, you can check the status from Monitor > Edges > Overview tab |
Diagnostics > Remote Diagnostics | List Paths | Remote List Paths | Grants ability to view the list of active paths between local WAN links and each peer |
Diagnostics > Remote Diagnostics | List current IKE Child SAs | Remote List current IKE Child SAs | Grants ability to use filters to view the exact Child SAs you want to see |
Diagnostics > Remote Diagnostics | List current IKE SAs | Remote List Current IKE SAs | Grants ability to use filters to view the exact SAs you want to see |
Diagnostics > Remote Diagnostics | MIBs for Edge | Remote MIBS for Edge | Grants ability to dump Edge MIBs |
Diagnostics > Remote Diagnostics | NAT Table Dump | Remote NAT Table Dump | Grants ability to view the contents of the NAT table |
Diagnostics > Remote Diagnostics | Select Edge > Rebalance Hub Cluster | Remote Rebalance Hub Cluster | Grants ability to either redistribute Spokes in Hub Cluster or redistribute Spokes excluding this Hub |
Diagnostics > Remote Diagnostics | Select Edge (with SFP module) > Reset SFP Firmware Configuration | Remote Reset SFP Firmware Configuration | Grants ability to reset the SFP Firmware Configuration |
Diagnostics > Remote Actions | Reset USB Modem | Remote Reset USB Modem | Grants ability to execute the Edge USB modem reset remote action |
Diagnostics > Remote Diagnostics | Scan for WiFi Access Points | Remote Scan for WiFi Access Points | Grants ability to scan the Wi-Fi functionality for the SD-WAN Edge |
Diagnostics > Remote Diagnostics | System Information | Remote System Information | Grants ability to view system information such as system load, recent WAN stability statistics, monitoring services |
Diagnostics > Remote Diagnostics | VPN Test | Remote VPN Test | Grants ability to execute the Edge VPN test remote action |
Diagnostics > Remote Diagnostics | WAN Link Bandwidth Test | Remote WAN link Bandwidth Test | Grants ability to re-test the bandwidth of a WAN link |
Diagnostics > Remote Actions | Select Edge > Shutdown | Shutdown Edge | Grants ability to execute the Edge shutdown remote action |
Service Settings > Alerts & Notifications | Notifications > Email/SMS | Update Customer SMS Alert | Grants ability to configure SMS alerts at the customer level |
Monitor > Edges > Select Edge | Top Sources | View Edge Sources | Grants ability to view Monitor Edge Sources tab |
Monitor > Firewall | Firewall Logging | View Firewall Logs | Grants ability to view collected firewall logs |
Monitor > Edges > Select Edge | Top Sources | View Flow Stats | Grants ability to view collected flow statistics |
Monitor > Firewall Logs | Firewall Logs | View Profile Firewall Logging | Grants ability to view the details of firewall logs originating from VMware SD-WAN Edges |
Configure > Profiles | Firewall | View Stateful Firewall | Grants ability to view collected flow statistics |
Configure > Profiles | Firewall tab > Configure Firewall > Syslog Forwarding | View Syslog Forwarding | Grants ability to view logs that are forwarded to a configured syslog collector |
Operator portal > Gateway Management | Gateways | View Tab Gateway List | Grants ability to view the Gateway list tab |
Operator portal > Administration | Operator Profiles | View Tab Operator Profile | Grants ability to view and configure settings within the Operator Profile menu tab |
Monitor > Edges > Select Edge | Top Sources | View User Identifiable Flow Stats | Grants ability to view potentially user identifiable flow source attributes |