This section lists all the privileges available in the Operator portal.
The columns in the table indicate the following:
- Allow Privilege – Do the privileges have allow access?
- Deny Privilege – Do the privileges have deny access?
- Customizable – Is the privilege available for customization in the Service Permissions tab?
| Feature | Name of the Privilege | Description | Allow Privilege | Deny Privilege | Customizable |
|---|---|---|---|---|---|
| Manage Customers | Create Customer | Grants ability to view and manage Enterprise Customers as an Operator or a Partner | Yes | No | No |
| Read Customer | |||||
| Update Customer | Yes | Yes | |||
| Delete Customer | No | No | |||
| Manage Customer | |||||
| Manage Partners | Create Partner | Grants ability to view and manage Partners | Yes | No | No |
| Read Partner | |||||
| Update Partner | |||||
| Delete Partner | |||||
| Manage Partner | |||||
| Software Images | Create Software Package | Grants access to upload and assign Edge Software Images and Application Maps | Yes | Yes | Yes |
| Read Software Package | |||||
| Update Software Package | |||||
| Delete Software Package | |||||
| Manage Software Package | |||||
| System Properties | Create System Property | Grants access to view and manage System Properties | Yes | Yes | No |
| Read System Property | Yes | ||||
| Update System Property | No | ||||
| Delete System Property | No | ||||
| Manage System Property | Yes | ||||
| Edit Restricted System Properties | Controls the ability of user to edit restricted system properties | Yes | No | No | |
| Operator Events | Create Operator Event | Grants ability to view Operator events | Yes | Yes | Yes |
| Read Operator Event | |||||
| Update Operator Event | |||||
| Delete Operator Event | |||||
| Manage Operator Event | |||||
| Operator Profiles | Create Operator Profile | Grants ability to view and manage Operator profiles | Yes | Yes | Yes |
| Read Operator Profile | |||||
| Update Operator Profile | |||||
| Delete Operator Profile | |||||
| Manage Operator Profile | |||||
| View Tab Operator Profile | Controls ability of the user to view and configure within the Operator profile menu | No | Yes | Yes | |
| Operator Users | Create Operator User | Grants ability to view and manage Operator administrative users | Yes | Yes | No |
| Read Operator User | Yes | ||||
| Update Operator User | No | ||||
| Delete Operator User | No | ||||
| Manage Operator User | Yes | ||||
| Operator Users > API Tokens | Create Operator Token | Grants ability to view and manage the operator Authentication Tokens | Yes | No | No |
| Read Operator Token | |||||
| Update Operator Token | |||||
| Delete Operator Token | |||||
| Manage Operator Token | |||||
| Gateway Pools Gateways Gateway Diagnostic bundles | Create Gateway | Grants ability to view and manage Gateway pools and Gateways as an Operator or a Partner | Yes | Yes | Yes |
| Read Gateway | |||||
| Update Gateway | |||||
| Delete Gateway | |||||
| Manage Gateway | |||||
| View Tab Gateway List | Controls the ability of user to view the list of Gateways | No | Yes | Yes | |
| Gateways > New Gateway | Create Operator PKI | Grants ability to view and manage Operator level PKI configuration including Gateway certificates and certificate authority | Yes | Yes | No |
| Gateway > Gateway Authentication Mode | Read Operator PKI | Yes | |||
| Update Operator PKI | No | ||||
| Manage Operator PKI | Yes | ||||
| Gateway Diagnostic bundles > Download Diagnostic Bundles | Download Gateway Diagnostics | Grants ability to download Gateway Diagnostics | No | Yes | Yes |
| Application Maps | Create Software Package | Grants access to upload and assign Edge software images and Application Maps | Yes | Yes | Yes |
| Read Software Package | |||||
| Update Software Package | |||||
| Delete Software Package | |||||
| Manage Software Package | |||||
| Service Permissions | Create Service Permissions Package | Grants access to manage Service Permissions packages | Yes | No | No |
| Read Service Permissions Package | |||||
| Update Service Permissions Package | |||||
| Delete Service Permissions Package | |||||
| Manage Service Permissions Package | |||||
| Edge Licensing | Create License | Grants ability to view and manage Edge licensing | Yes | No | No |
| Read License | Yes | Yes | |||
| Update License | |||||
| Delete License | No | No | |||
| Manage License | |||||
| CA Summary > Gateway Certificates > Revoke Certificate | Read Operator PKI | Grants ability to view and manage operator level PKI configuration including Gateway certificates and certificate authority | Yes | Yes | Yes |
| Delete Operator PKI | No | ||||
| Manage Operator PKI | Yes | ||||
| Read Customer PKI | Grants ability to view and manage Enterprise PKI settings | Yes | No | No | |
| Delete Customer PKI | |||||
| Manage Customer PKI | |||||
| Orchestrator Authentication > Operator Authentication | Create Operator Authentication | Grants ability to view and manage Operator authentication mode, like SSO, RADIUS, or Native | Yes | Yes | Yes |
| Read Operator Authentication | |||||
| Update Operator Authentication | |||||
| Delete Operator Authentication | |||||
| Manage Operator Authentication | |||||
| Orchestrator Authentication > Enterprise Authentication | Create Customer Authentication | Grants ability to view and manage Customer authentication mode, like RADIUS or Native | Yes | Yes | Yes |
| Read Customer Authentication | |||||
| Update Customer Authentication | |||||
| Delete Customer Authentication | |||||
| Manage Customer Authentication | |||||
| Replication | Create Replication | Grants access to view and configure Orchestrator disaster recovery | Yes | Yes | No |
| Read Replication | Yes | ||||
| Update Replication | No | ||||
| Delete Replication | |||||
| Manage Replication | Yes | ||||
| Orchestrator Diagnostics > Diagnostic Bundles | Create Orchestrator Diagnostics | Grants access to request and view Orchestrator diagnostic bundles | Yes | Yes | Yes |
| Orchestrator Diagnostics > Database Statistics | Read Orchestrator Diagnostics | ||||
| Update Orchestrator Diagnostics | |||||
| Delete Orchestrator Diagnostics | |||||
| Manage Orchestrator Diagnostics | |||||
| Orchestrator Upgrade for Standalone | Create Software Package | Grants access to upload and assign Edge software images and Application Maps | Yes | Yes | Yes |
| Read Software Package | |||||
| Update Software Package | |||||
| Delete Software Package | |||||
| Manage Software Package | |||||
| Orchestrator Upgrade for DR Setup | Create Replication | Grants access to view and configure Orchestrator disaster recovery | Yes | Yes | No |
| Read Replication | Yes | ||||
| Update Replication | No | ||||
| Delete Replication | |||||
| Manage Replication | Yes | ||||
| User Agreements | Create User Agreement | Grants access to configure the customer user agreement | Yes | No | No |
| Read User Agreement | |||||
| Update User Agreement | |||||
| Delete User Agreement | |||||
| Manage User Agreement | |||||
| Orchestrator Owners Manage Orchestrators Edge Inventory | Create Edge Inventory | Grants ability to view and manage Edge inventory as needed for Redirect configuration | Yes | No | No |
| Read Edge Inventory | |||||
| Update Edge Inventory | |||||
| Delete Edge Inventory | |||||
| Manage Edge Inventory |
When the corresponding user privilege is denied, the Orchestrator window displays the 404 resource not found error.
Below table provides a list of customizable feature privileges:
| Navigation Path in the Enterprise Portal | Name of the Tab | Name of the Privilege | Description |
|---|---|---|---|
| Configure > Edges > Select Edge | Overview | Assign Edge Profile | Grants ability to assign a Profile to Edges |
| Configure > Edges > Select Edge | Firewall | Configure Edge Firewall Logging | Grants ability to configure Edge level firewall logging |
| Configure > Profiles > Select Profile | Firewall | Configure Profile Firewall Logging | Grants ability to configure Profile level firewall logging |
| Diagnostics > Remote Actions | Select Edge > Deactivate | Deactivate Edge | Grants ability to reset the device configuration to its factory default state |
| Global Settings > Enterprise Settings > Information Privacy Settings > SD-WAN PCI | Enforce PCI Compliance | Deny PCI Operations | Denies access to sensitive Customer data including PCAPs, etc. on the Edges and Gateways, for all users including VMware Support |
| Diagnostics > Diagnostic Bundles | Select Edge > Download Bundle | Download Edge Diagnostics | Grants ability to download Edge Diagnostics |
| Gateway Management > Diagnostic Bundles | Select Gateway > Download Bundle | Download Gateway Diagnostics | Grants ability to download Gateway Diagnostics |
| Configure > Profiles | Duplicate | Duplicate Customer Profile | Grants ability to edit duplicate customer level Profiles |
| Configure > Segments / Configure > Profiles / Configure > Edges | Segments drop-down menu | Edit Tab Segments | Grants ability to edit within the Segments tab |
| Configure > Edges > Select Edge | Device | Enable HA Cluster | Grants ability to configure HA Clustering |
| Configure > Edges > Select Edge | Device | Enable HA Active/Standby Pair | Grants ability to configure active/standby HA |
| Configure > Edges > Select Edge | Device | Enable HA VRRP Pair | Grants ability to configure VRRP HA |
| Diagnostics > Remote Diagnostics | Clear ARP Cache | Remote Clear ARP Cache | Grants ability to clear the ARP cache for a given interface |
| Diagnostics > Remote Diagnostics > Gateway | Cloud Traffic Routing (drop-down menu) | Remote Cloud Traffic Routing | Grants ability to route cloud traffic remotely |
| Diagnostics > Remote Diagnostics | DNS/DHCP Service Restart | Remote DNS/DHCP Restart | Grants ability to restart the DNS/DHCP service |
| Diagnostics > Remote Diagnostics | Flush Flows | Remote Flush Flows | Grants ability to flush the Flow table, causing user traffic to be re-classified |
| Diagnostics > Remote Diagnostics | Flush NAT | Remote Flush NAT | Grants ability to flush the NAT table |
| Diagnostics > Remote Diagnostics > LTE SIM Switchover | LTE Switch SIM Slot
Note: This is for 610-LTE devices only.
|
Remote LTE Switch SIM Slot | Grants ability to activate the SIM Switchover feature. After the test is successful, you can check the status from Monitor > Edges > Overview tab |
| Diagnostics > Remote Diagnostics | List Paths | Remote List Paths | Grants ability to view the list of active paths between local WAN links and each peer |
| Diagnostics > Remote Diagnostics | List current IKE Child SAs | Remote List current IKE Child SAs | Grants ability to use filters to view the exact Child SAs you want to see |
| Diagnostics > Remote Diagnostics | List current IKE SAs | Remote List Current IKE SAs | Grants ability to use filters to view the exact SAs you want to see |
| Diagnostics > Remote Diagnostics | MIBs for Edge | Remote MIBS for Edge | Grants ability to dump Edge MIBs |
| Diagnostics > Remote Diagnostics | NAT Table Dump | Remote NAT Table Dump | Grants ability to view the contents of the NAT table |
| Diagnostics > Remote Diagnostics | Select Edge > Rebalance Hub Cluster | Remote Rebalance Hub Cluster | Grants ability to either redistribute Spokes in Hub Cluster or redistribute Spokes excluding this Hub |
| Diagnostics > Remote Diagnostics | Select Edge (with SFP module) > Reset SFP Firmware Configuration | Remote Reset SFP Firmware Configuration | Grants ability to reset the SFP Firmware Configuration |
| Diagnostics > Remote Actions | Reset USB Modem | Remote Reset USB Modem | Grants ability to execute the Edge USB modem reset remote action |
| Diagnostics > Remote Diagnostics | Scan for WiFi Access Points | Remote Scan for WiFi Access Points | Grants ability to scan the Wi-Fi functionality for the VMware SD-WAN Edge |
| Diagnostics > Remote Diagnostics | System Information | Remote System Information | Grants ability to view system information such as system load, recent WAN stability statistics, monitoring services |
| Diagnostics > Remote Diagnostics | VPN Test | Remote VPN Test | Grants ability to execute the Edge VPN test remote action |
| Diagnostics > Remote Diagnostics | WAN Link Bandwidth Test | Remote WAN link Bandwidth Test | Grants ability to re-test the bandwidth of a WAN link |
| Diagnostics > Remote Actions | Select Edge > Shutdown | Shutdown Edge | Grants ability to execute the Edge shutdown remote action |
| Service Settings > Alerts & Notifications | Notifications > Email/SMS | Update Customer SMS Alert | Grants ability to configure SMS alerts at the customer level |
| Monitor > Edges > Select Edge | Top Sources | View Edge Sources | Grants ability to view Monitor Edge Sources tab |
| Monitor > Firewall | Firewall Logging | View Firewall Logs | Grants ability to view collected firewall logs |
| Monitor > Edges > Select Edge | Top Sources | View Flow Stats | Grants ability to view collected flow statistics |
| Monitor > Firewall Logs | Firewall Logs | View Profile Firewall Logging | Grants ability to view the details of firewall logs originating from VMware VMware SD-WAN Edges |
| Configure > Profiles | Firewall | View Stateful Firewall | Grants ability to view collected flow statistics |
| Configure > Profiles | Firewall tab > Configure Firewall > Syslog Forwarding | View Syslog Forwarding | Grants ability to view logs that are forwarded to a configured syslog collector |
| Operator portal > Gateway Management | Gateways | View Tab Gateway List | Grants ability to view the Gateway list tab |
| Operator portal > Administration | Operator Profiles | View Tab Operator Profile | Grants ability to view and configure settings within the Operator Profile menu tab |
| Monitor > Edges > Select Edge | Top Sources | View User Identifiable Flow Stats | Grants ability to view potentially user identifiable flow source attributes |
