This section lists all the role privileges available in the Partner portal of the SASE Orchestrator.
The columns in the table indicate the following:
- Allow Privilege – Do the privileges have allow access?
- Deny Privilege – Do the privileges have deny access?
- Customizable – Is the privilege available for customization in the Service Permissions tab?
Feature | Name of the Privilege | Description | Allow Privilege | Deny Privilege | Customizable |
---|---|---|---|---|---|
Manage Customers | Create Customer | Grants ability to view and manage Customers, from the Partner or Operator level | Yes | No | No |
Read Customer | |||||
Update Customer | Yes | Yes | |||
Delete Customer | No | No | |||
Manage Customer | |||||
Partner Events | Create Partner Event | Grants access to view Partner events | Yes | No | No |
Read Partner Event | Yes | Yes | |||
Update Partner Event | No | No | |||
Delete Partner Event | |||||
Manage Partner Event | |||||
Partner Admins | Create Partner User | Grants access to view and configure Partner administrators | Yes | No | No |
Read Partner User | Yes | Yes | |||
Update Partner User | No | No | |||
Delete Partner User | |||||
Manage Partner User | |||||
Partner Admins > API Tokens | Create Partner Token | Grants ability to view and manage operator authentication tokens | Yes | No | No |
Read Partner Token | |||||
Update Partner Token | |||||
Delete Partner Token | |||||
Manage Partner Token | |||||
Service Permissions | Create Service Permissions Package | Grants access to manage Service Permissions packages | Yes | No | No |
Read Service Permissions Package | |||||
Update Service Permissions Package | |||||
Delete Service Permissions Package | |||||
Manage Service Permissions Package | |||||
Partner Overview | Update Partner | Grants access to view and Partners | Yes | No | No |
Partner Overview > Other Settings | Read User Agreement | Grants access to configure the customer user agreement feature | Yes | No | No |
Update User Agreement | |||||
Partner Settings | Read Partner Delegation | Grants ability to view and edit the delegation of Partner privileges to the Operator | Yes | No | No |
Partner Settings > General Information > Privacy Settings | Read Customer Delegation | Grants ability to view and manage the delegation of privileges from the customer to Partners or the Operator | Yes | Yes | Yes |
Update Customer Delegation | No | ||||
Partner Settings > Authentication | Create Partner Authentication | Grants ability to view and edit Partner authentication mode and associated configuration | Yes | No | No |
Read Partner Authentication | |||||
Update Partner Authentication | |||||
Delete Partner Authentication | |||||
Manage Partner Authentication | |||||
Partner Settings > Authentication > API Tokens | Create Partner Token | Grants ability to view and manage operator authentication tokens | Yes | No | No |
Read Partner Token | |||||
Update Partner Token | |||||
Delete Partner Token | |||||
Manage Partner Token | |||||
Edge Licensing | Create License | Grants ability to view and manage Edge licensing | Yes | No | No |
Read License | Yes | Yes | |||
Update License | |||||
Delete License | No | No | |||
Manage License | |||||
Gateway Pools Gateways Gateway Diagnostic bundles | Create Gateway | Grants ability to view and manage Gateways, from the Partner or Operator level | Yes | Yes | Yes |
Read Gateway | |||||
Update Gateway | |||||
Delete Gateway | |||||
Manage Gateway | |||||
View Tab Gateway List | Grants ability to view the Gateway list tab | No | Yes | Yes | |
Gateway Diagnostic Bundles > Download Diagnostic Bundles | Download Gateway Diagnostics | Grants ability to download Gateway Diagnostics | No | Yes | Yes |
VeloCloud Support Access Role | Create Partner Delegation | Grants ability to view and edit the delegation of Partner privileges to the Operator | Yes | No | No |
Read Partner Delegation | |||||
Update Partner Delegation | |||||
Delete Partner Delegation | |||||
Manage Partner Delegation |
When the corresponding user privilege is denied, the Orchestrator window displays the 404 resource not found error.
Below table provides a list of customizable feature privileges:
Navigation Path in the Enterprise Portal | Name of the Tab | Name of the Privilege | Description |
---|---|---|---|
Configure > Edges > Select Edge | Overview | Assign Edge Profile | Grants ability to assign a Profile to Edges |
Configure > Edges > Select Edge | Firewall | Configure Edge Firewall Logging | Grants ability to configure Edge level firewall logging |
Configure > Profiles > Select Profile | Firewall | Configure Profile Firewall Logging | Grants ability to configure Profile level firewall logging |
Diagnostics > Remote Actions | Select Edge > Deactivate | Deactivate Edge | Grants ability to reset the device configuration to its factory default state |
Global Settings > Enterprise Settings > Information Privacy Settings > SD-WAN PCI | Enforce PCI Compliance | Deny PCI Operations | Denies access to sensitive Customer data including PCAPs, etc. on the Edges and Gateways, for all users including VMware Support |
Diagnostics > Diagnostic Bundles | Select Edge > Download Bundle | Download Edge Diagnostics | Grants ability to download Edge Diagnostics |
Gateway Management > Diagnostic Bundles | Select Gateway > Download Bundle | Download Gateway Diagnostics | Grants ability to download Gateway Diagnostics |
Configure > Profiles | Duplicate | Duplicate Customer Profile | Grants ability to edit duplicate customer level Profiles |
Configure > Segments / Configure > Profiles / Configure > Edges | Segments drop-down menu | Edit Tab Segments | Grants ability to edit within the Segments tab |
Configure > Edges > Select Edge | Device | Enable HA Cluster | Grants ability to configure HA Clustering |
Configure > Edges > Select Edge | Device | Enable HA Active/Standby Pair | Grants ability to configure active/standby HA |
Configure > Edges > Select Edge | Device | Enable HA VRRP Pair | Grants ability to configure VRRP HA |
Diagnostics > Remote Diagnostics | Clear ARP Cache | Remote Clear ARP Cache | Grants ability to clear the ARP cache for a given interface |
Diagnostics > Remote Diagnostics > Gateway | Cloud Traffic Routing (drop-down menu) | Remote Cloud Traffic Routing | Grants ability to route cloud traffic remotely |
Diagnostics > Remote Diagnostics | DNS/DHCP Service Restart | Remote DNS/DHCP Restart | Grants ability to restart the DNS/DHCP service |
Diagnostics > Remote Diagnostics | Flush Flows | Remote Flush Flows | Grants ability to flush the Flow table, causing user traffic to be re-classified |
Diagnostics > Remote Diagnostics | Flush NAT | Remote Flush NAT | Grants ability to flush the NAT table |
Diagnostics > Remote Diagnostics > LTE SIM Switchover | LTE Switch SIM Slot
Note: This is for 610-LTE devices only.
|
Remote LTE Switch SIM Slot | Grants ability to activate the SIM Switchover feature. After the test is successful, you can check the status from Monitor > Edges > Overview tab |
Diagnostics > Remote Diagnostics | List Paths | Remote List Paths | Grants ability to view the list of active paths between local WAN links and each peer |
Diagnostics > Remote Diagnostics | List current IKE Child SAs | Remote List current IKE Child SAs | Grants ability to use filters to view the exact Child SAs you want to see |
Diagnostics > Remote Diagnostics | List current IKE SAs | Remote List Current IKE SAs | Grants ability to use filters to view the exact SAs you want to see |
Diagnostics > Remote Diagnostics | MIBs for Edge | Remote MIBS for Edge | Grants ability to dump Edge MIBs |
Diagnostics > Remote Diagnostics | NAT Table Dump | Remote NAT Table Dump | Grants ability to view the contents of the NAT table |
Diagnostics > Remote Diagnostics | Select Edge > Rebalance Hub Cluster | Remote Rebalance Hub Cluster | Grants ability to either redistribute Spokes in Hub Cluster or redistribute Spokes excluding this Hub |
Diagnostics > Remote Diagnostics | Select Edge (with SFP module) > Reset SFP Firmware Configuration | Remote Reset SFP Firmware Configuration | Grants ability to reset the SFP Firmware Configuration |
Diagnostics > Remote Actions | Reset USB Modem | Remote Reset USB Modem | Grants ability to execute the Edge USB modem reset remote action |
Diagnostics > Remote Diagnostics | Scan for WiFi Access Points | Remote Scan for WiFi Access Points | Grants ability to scan the Wi-Fi functionality for the SD-WAN Edge |
Diagnostics > Remote Diagnostics | System Information | Remote System Information | Grants ability to view system information such as system load, recent WAN stability statistics, monitoring services |
Diagnostics > Remote Diagnostics | VPN Test | Remote VPN Test | Grants ability to execute the Edge VPN test remote action |
Diagnostics > Remote Diagnostics | WAN Link Bandwidth Test | Remote WAN link Bandwidth Test | Grants ability to re-test the bandwidth of a WAN link |
Diagnostics > Remote Actions | Select Edge > Shutdown | Shutdown Edge | Grants ability to execute the Edge shutdown remote action |
Service Settings > Alerts & Notifications | Notifications > Email/SMS | Update Customer SMS Alert | Grants ability to configure SMS alerts at the customer level |
Monitor > Edges > Select Edge | Top Sources | View Edge Sources | Grants ability to view Monitor Edge Sources tab |
Monitor > Firewall | Firewall Logging | View Firewall Logs | Grants ability to view collected firewall logs |
Monitor > Edges > Select Edge | Top Sources | View Flow Stats | Grants ability to view collected flow statistics |
Monitor > Firewall Logs | Firewall Logs | View Profile Firewall Logging | Grants ability to view the details of firewall logs originating from VMware SD-WAN Edges |
Configure > Profiles | Firewall | View Stateful Firewall | Grants ability to view collected flow statistics |
Configure > Profiles | Firewall tab > Configure Firewall > Syslog Forwarding | View Syslog Forwarding | Grants ability to view logs that are forwarded to a configured syslog collector |
Operator portal > Gateway Management | Gateways | View Tab Gateway List | Grants ability to view the Gateway list tab |
Operator portal > Administration | Operator Profiles | View Tab Operator Profile | Grants ability to view and configure settings within the Operator Profile menu tab |
Monitor > Edges > Select Edge | Top Sources | View User Identifiable Flow Stats | Grants ability to view potentially user identifiable flow source attributes |