This section lists all the privileges available in the Operator portal.
The columns in the table indicate the following:
- Allow Privilege – Do the privileges have allow access?
- Deny Privilege – Do the privileges have deny access?
- Customizable – Is the privilege available for customization in the Service Permissions tab?
Feature | Name of the Privilege | Description | Allow Privilege | Deny Privilege | Customizable |
---|---|---|---|---|---|
Manage Customers | Create Customer | Grants ability to view and manage Enterprise Customers as an Operator or a Partner | Yes | No | No |
Read Customer | |||||
Update Customer | Yes | Yes | |||
Delete Customer | No | No | |||
Manage Customer | |||||
Manage Partners | Create Partner | Grants ability to view and manage Partners | Yes | No | No |
Read Partner | |||||
Update Partner | |||||
Delete Partner | |||||
Manage Partner | |||||
Software Images | Create Software Package | Grants access to upload and assign Edge Software Images and Application Maps | Yes | Yes | Yes |
Read Software Package | |||||
Update Software Package | |||||
Delete Software Package | |||||
Manage Software Package | |||||
System Properties | Create System Property | Grants access to view and manage System Properties | Yes | Yes | No |
Read System Property | Yes | ||||
Update System Property | No | ||||
Delete System Property | No | ||||
Manage System Property | Yes | ||||
Edit Restricted System Properties | Controls the ability of user to edit restricted system properties | Yes | No | No | |
Operator Events | Create Operator Event | Grants ability to view Operator events | Yes | Yes | Yes |
Read Operator Event | |||||
Update Operator Event | |||||
Delete Operator Event | |||||
Manage Operator Event | |||||
Operator Profiles | Create Operator Profile | Grants ability to view and manage Operator profiles | Yes | Yes | Yes |
Read Operator Profile | |||||
Update Operator Profile | |||||
Delete Operator Profile | |||||
Manage Operator Profile | |||||
View Tab Operator Profile | Controls ability of the user to view and configure within the Operator profile menu | No | Yes | Yes | |
Operator Users | Create Operator User | Grants ability to view and manage Operator administrative users | Yes | Yes | No |
Read Operator User | Yes | ||||
Update Operator User | No | ||||
Delete Operator User | No | ||||
Manage Operator User | Yes | ||||
Operator Users > API Tokens | Create Operator Token | Grants ability to view and manage the operator Authentication Tokens | Yes | No | No |
Read Operator Token | |||||
Update Operator Token | |||||
Delete Operator Token | |||||
Manage Operator Token | |||||
Gateway Pools Gateways Gateway Diagnostic bundles | Create Gateway | Grants ability to view and manage Gateway pools and Gateways as an Operator or a Partner | Yes | Yes | Yes |
Read Gateway | |||||
Update Gateway | |||||
Delete Gateway | |||||
Manage Gateway | |||||
View Tab Gateway List | Controls the ability of user to view the list of Gateways | No | Yes | Yes | |
Gateways > New Gateway | Create Operator PKI | Grants ability to view and manage Operator level PKI configuration including Gateway certificates and certificate authority | Yes | Yes | No |
Gateway > Gateway Authentication Mode | Read Operator PKI | Yes | |||
Update Operator PKI | No | ||||
Manage Operator PKI | Yes | ||||
Gateway Diagnostic bundles > Download Diagnostic Bundles | Download Gateway Diagnostics | Grants ability to download Gateway Diagnostics | No | Yes | Yes |
Application Maps | Create Software Package | Grants access to upload and assign Edge software images and Application Maps | Yes | Yes | Yes |
Read Software Package | |||||
Update Software Package | |||||
Delete Software Package | |||||
Manage Software Package | |||||
Service Permissions | Create Service Permissions Package | Grants access to manage Service Permissions packages | Yes | No | No |
Read Service Permissions Package | |||||
Update Service Permissions Package | |||||
Delete Service Permissions Package | |||||
Manage Service Permissions Package | |||||
Edge Licensing | Create License | Grants ability to view and manage Edge licensing | Yes | No | No |
Read License | Yes | Yes | |||
Update License | |||||
Delete License | No | No | |||
Manage License | |||||
CA Summary > Gateway Certificates > Revoke Certificate | Read Operator PKI | Grants ability to view and manage operator level PKI configuration including Gateway certificates and certificate authority | Yes | Yes | Yes |
Delete Operator PKI | No | ||||
Manage Operator PKI | Yes | ||||
Read Customer PKI | Grants ability to view and manage Enterprise PKI settings | Yes | No | No | |
Delete Customer PKI | |||||
Manage Customer PKI | |||||
Orchestrator Authentication > Operator Authentication | Create Operator Authentication | Grants ability to view and manage Operator authentication mode, like SSO, RADIUS, or Native | Yes | Yes | Yes |
Read Operator Authentication | |||||
Update Operator Authentication | |||||
Delete Operator Authentication | |||||
Manage Operator Authentication | |||||
Orchestrator Authentication > Enterprise Authentication | Create Customer Authentication | Grants ability to view and manage Customer authentication mode, like RADIUS or Native | Yes | Yes | Yes |
Read Customer Authentication | |||||
Update Customer Authentication | |||||
Delete Customer Authentication | |||||
Manage Customer Authentication | |||||
Replication | Create Replication | Grants access to view and configure Orchestrator disaster recovery | Yes | Yes | No |
Read Replication | Yes | ||||
Update Replication | No | ||||
Delete Replication | |||||
Manage Replication | Yes | ||||
Orchestrator Diagnostics > Diagnostic Bundles | Create Orchestrator Diagnostics | Grants access to request and view Orchestrator diagnostic bundles | Yes | Yes | Yes |
Orchestrator Diagnostics > Database Statistics | Read Orchestrator Diagnostics | ||||
Update Orchestrator Diagnostics | |||||
Delete Orchestrator Diagnostics | |||||
Manage Orchestrator Diagnostics | |||||
Orchestrator Upgrade for Standalone | Create Software Package | Grants access to upload and assign Edge software images and Application Maps | Yes | Yes | Yes |
Read Software Package | |||||
Update Software Package | |||||
Delete Software Package | |||||
Manage Software Package | |||||
Orchestrator Upgrade for DR Setup | Create Replication | Grants access to view and configure Orchestrator disaster recovery | Yes | Yes | No |
Read Replication | Yes | ||||
Update Replication | No | ||||
Delete Replication | |||||
Manage Replication | Yes | ||||
User Agreements | Create User Agreement | Grants access to configure the customer user agreement | Yes | No | No |
Read User Agreement | |||||
Update User Agreement | |||||
Delete User Agreement | |||||
Manage User Agreement | |||||
Orchestrator Owners Manage Orchestrators Edge Inventory | Create Edge Inventory | Grants ability to view and manage Edge inventory as needed for Redirect configuration | Yes | No | No |
Read Edge Inventory | |||||
Update Edge Inventory | |||||
Delete Edge Inventory | |||||
Manage Edge Inventory |
When the corresponding user privilege is denied, the Orchestrator window displays the 404 resource not found error.
Below table provides a list of customizable feature privileges:
Navigation Path in the Enterprise Portal | Name of the Tab | Name of the Privilege | Description |
---|---|---|---|
Configure > Edges > Select Edge | Overview | Assign Edge Profile | Grants ability to assign a Profile to Edges |
Configure > Edges > Select Edge | Firewall | Configure Edge Firewall Logging | Grants ability to configure Edge level firewall logging |
Configure > Profiles > Select Profile | Firewall | Configure Profile Firewall Logging | Grants ability to configure Profile level firewall logging |
Diagnostics > Remote Actions | Select Edge > Deactivate | Deactivate Edge | Grants ability to reset the device configuration to its factory default state |
Global Settings > Enterprise Settings > Information Privacy Settings > SD-WAN PCI | Enforce PCI Compliance | Deny PCI Operations | Denies access to sensitive Customer data including PCAPs, etc. on the Edges and Gateways, for all users including VMware Support |
Diagnostics > Diagnostic Bundles | Select Edge > Download Bundle | Download Edge Diagnostics | Grants ability to download Edge Diagnostics |
Gateway Management > Diagnostic Bundles | Select Gateway > Download Bundle | Download Gateway Diagnostics | Grants ability to download Gateway Diagnostics |
Configure > Profiles | Duplicate | Duplicate Customer Profile | Grants ability to edit duplicate customer level Profiles |
Configure > Segments / Configure > Profiles / Configure > Edges | Segments drop-down menu | Edit Tab Segments | Grants ability to edit within the Segments tab |
Configure > Edges > Select Edge | Device | Enable HA Cluster | Grants ability to configure HA Clustering |
Configure > Edges > Select Edge | Device | Enable HA Active/Standby Pair | Grants ability to configure active/standby HA |
Configure > Edges > Select Edge | Device | Enable HA VRRP Pair | Grants ability to configure VRRP HA |
Diagnostics > Remote Diagnostics | Clear ARP Cache | Remote Clear ARP Cache | Grants ability to clear the ARP cache for a given interface |
Diagnostics > Remote Diagnostics > Gateway | Cloud Traffic Routing (drop-down menu) | Remote Cloud Traffic Routing | Grants ability to route cloud traffic remotely |
Diagnostics > Remote Diagnostics | DNS/DHCP Service Restart | Remote DNS/DHCP Restart | Grants ability to restart the DNS/DHCP service |
Diagnostics > Remote Diagnostics | Flush Flows | Remote Flush Flows | Grants ability to flush the Flow table, causing user traffic to be re-classified |
Diagnostics > Remote Diagnostics | Flush NAT | Remote Flush NAT | Grants ability to flush the NAT table |
Diagnostics > Remote Diagnostics > LTE SIM Switchover | LTE Switch SIM Slot
Note: This is for 610-LTE devices only.
|
Remote LTE Switch SIM Slot | Grants ability to activate the SIM Switchover feature. After the test is successful, you can check the status from Monitor > Edges > Overview tab |
Diagnostics > Remote Diagnostics | List Paths | Remote List Paths | Grants ability to view the list of active paths between local WAN links and each peer |
Diagnostics > Remote Diagnostics | List current IKE Child SAs | Remote List current IKE Child SAs | Grants ability to use filters to view the exact Child SAs you want to see |
Diagnostics > Remote Diagnostics | List current IKE SAs | Remote List Current IKE SAs | Grants ability to use filters to view the exact SAs you want to see |
Diagnostics > Remote Diagnostics | MIBs for Edge | Remote MIBS for Edge | Grants ability to dump Edge MIBs |
Diagnostics > Remote Diagnostics | NAT Table Dump | Remote NAT Table Dump | Grants ability to view the contents of the NAT table |
Diagnostics > Remote Diagnostics | Select Edge > Rebalance Hub Cluster | Remote Rebalance Hub Cluster | Grants ability to either redistribute Spokes in Hub Cluster or redistribute Spokes excluding this Hub |
Diagnostics > Remote Diagnostics | Select Edge (with SFP module) > Reset SFP Firmware Configuration | Remote Reset SFP Firmware Configuration | Grants ability to reset the SFP Firmware Configuration |
Diagnostics > Remote Actions | Reset USB Modem | Remote Reset USB Modem | Grants ability to execute the Edge USB modem reset remote action |
Diagnostics > Remote Diagnostics | Scan for WiFi Access Points | Remote Scan for WiFi Access Points | Grants ability to scan the Wi-Fi functionality for the VMware SD-WAN Edge |
Diagnostics > Remote Diagnostics | System Information | Remote System Information | Grants ability to view system information such as system load, recent WAN stability statistics, monitoring services |
Diagnostics > Remote Diagnostics | VPN Test | Remote VPN Test | Grants ability to execute the Edge VPN test remote action |
Diagnostics > Remote Diagnostics | WAN Link Bandwidth Test | Remote WAN link Bandwidth Test | Grants ability to re-test the bandwidth of a WAN link |
Diagnostics > Remote Actions | Select Edge > Shutdown | Shutdown Edge | Grants ability to execute the Edge shutdown remote action |
Service Settings > Alerts & Notifications | Notifications > Email/SMS | Update Customer SMS Alert | Grants ability to configure SMS alerts at the customer level |
Monitor > Edges > Select Edge | Top Sources | View Edge Sources | Grants ability to view Monitor Edge Sources tab |
Monitor > Firewall | Firewall Logging | View Firewall Logs | Grants ability to view collected firewall logs |
Monitor > Edges > Select Edge | Top Sources | View Flow Stats | Grants ability to view collected flow statistics |
Monitor > Firewall Logs | Firewall Logs | View Profile Firewall Logging | Grants ability to view the details of firewall logs originating from VMware VMware SD-WAN Edges |
Configure > Profiles | Firewall | View Stateful Firewall | Grants ability to view collected flow statistics |
Configure > Profiles | Firewall tab > Configure Firewall > Syslog Forwarding | View Syslog Forwarding | Grants ability to view logs that are forwarded to a configured syslog collector |
Operator portal > Gateway Management | Gateways | View Tab Gateway List | Grants ability to view the Gateway list tab |
Operator portal > Administration | Operator Profiles | View Tab Operator Profile | Grants ability to view and configure settings within the Operator Profile menu tab |
Monitor > Edges > Select Edge | Top Sources | View User Identifiable Flow Stats | Grants ability to view potentially user identifiable flow source attributes |