The Orchestrator consists of two types of roles.

Note: Starting from the 5.1.0 release, Functional Roles are renamed as Privileges, and Composite Roles are renamed as Roles.

The roles are categorized as follows:

  • Privileges – Privileges are a set of roles relevant to a functionality. A privilege can be tagged to one or more of the following services: SD-WAN, Cloud Web Security, Secure Access, and Global Settings, Multi Cloud, and App Catalog. Users require privileges to carry out business processes. For example, a Customer support role in SD-WAN is a privilege required by an SD-WAN user to carry out various support activities. Every service defines such privileges based on its supported business functionality.
  • Roles – The privileges from various categories can be grouped to form a role. By default, the following roles are available for a Customer:
    Role SD-WAN Service Cloud Web Security Service Secure Access Service Global Settings Service
    Enterprise Standard Admin SD-WAN Enterprise Admin Cloud Web Security Enterprise Admin Secure Access Enterprise Admin Global Settings Enterprise Admin
    Enterprise Superuser SD-WAN Enterprise Superuser Cloud Web Security Enterprise Superuser Secure Access Enterprise Superuser Global Settings Enterprise Superuser
    Enterprise Support SD-WAN Enterprise Support Cloud Web Security Enterprise Read Only Secure Access Enterprise Read Only Global Settings Enterprise Support
    Enterprise Read Only User SD-WAN Enterprise Read Only No privileges No privileges Global Settings Enterprise Read Only
    Enterprise Security Admin SD-WAN Security Enterprise Admin Cloud Web Security Enterprise Admin Secure Access Enterprise Admin Global Settings Enterprise Admin
    Enterprise Security Read Only SD-WAN Security Enterprise Read Only Cloud Web Security Enterprise Read Only Secure Access Enterprise Read Only Global Settings Enterprise Read Only
    Enterprise Network Admin SD-WAN Enterprise Admin Cloud Web Security Enterprise Read Only Secure Access Enterprise Read Only Global Settings Enterprise Admin

    If required, you can customize the privileges of these roles. For more information, see Service Permissions.

As a Customer, you can view the list of existing standard roles and their corresponding descriptions. You can add, edit, clone, or delete a new role. However, you cannot edit or delete a default role.

To access the Roles tab:
  1. In the Enterprise portal, on the Global Navigation bar, expand the Enterprise Applications drop-down menu.
  2. Select Global Settings service.
  3. From the left menu, click User Management, and then click the Roles tab. The following screen appears:
  4. On the Roles screen, you can perform the following activities:
    Option Description
    Add Role Creates a new custom role. For more information, see Add Role.
    Edit Allows you to edit only the custom roles. You cannot edit the default roles. Also, you cannot edit or view the settings of a Superuser.
    Clone Role Creates a new custom role, by cloning the existing settings from the selected role. You cannot clone the settings of a Superuser.
    Delete Role Deletes the selected role. You cannot delete the default roles. You can delete only custom composite roles. Ensure that you have removed all the users associated with the selected role, before deleting the role.
    Download CSV Downloads the details of the user roles into a file in CSV format.
    Note: You can also access the Edit, Clone Role, and Delete Role options from the vertical ellipsis of the selected Role.
  5. Click the Open icon " >>" displayed before the Role link, to view more details about the selected Role, as shown below:
  6. Click the View Role link to view the privileges associated to the selected role for the activated services.
    Note: By default, only Global Settings & Administration service is activated for a Customer. Only an Operator can activate an additional service.
  7. The following are the other options available in the Roles tab:
    Option Description
    Search Enter a search term to search for the matching text across the table. Use the advanced search option to narrow down the search results.
    Columns Click and select the columns to be displayed or hidden on the page.
    Refresh Click to refresh the page to display the most current data.