Page tree

Overview

This document applies to both Armor Complete and Armor Anywhere users.

In the Armor Management Portal (AMP), permissions allow you to control the way your users access their AMP account.

There are many shared permissions between Armor Complete and Armor Anywhere. As a result, this document applies to both Armor Complete and Armor Anywhere users. 

Review the Product compatibility column for product-specific permissions. 

In the Roles and Permissions screen, you may see permissions that only apply to Armor Complete or Armor Anywhere users. Your roles will not malfunction if you include a permission for a different product into your role.

Security screen permissions

ScreenPermissionDescriptionProduct compatibility

Security Health Dashboards

  • Health Overview (landing screen)
  • Protection
  • Detection
  • Response
  • Security Incidents
Read Dashboard StatisticsThis permission allows you to view the data that populates the security dashboards.
  • Armor Complete
  • Armor Anywhere

Malware Protection

Read AVAMThis permission allows you to view antivirus and anti-malware (malware protection) details for each virtual machine.
  • Armor Complete
  • Armor Anywhere
Malware ProtectionRead Trend Manual Scan This permission allows you to view which virtual machines are eligible for a manual scan.
  • Armor Complete
  • Armor Anywhere
Malware ProtectionWriter Trend Manual ScanThis permission allows you to start a manual scan for a virtual machine.
  • Armor Complete
  • Armor Anywhere

FIM

Read FIMThis permission allows you to view file integrity details for each virtual machine.
  • Armor Complete
  • Armor Anywhere

Patching

Read OS PackagesThis permission allows you to view details OS patching details for each virtual machine.
  • Armor Complete
  • Armor Anywhere
Intrusion DetectionRead IDSThis permission allows you to view intrusion detection data.
  • Armor Complete
  • Armor Anywhere

Log & Data Management

Read LogManagement

This permission allows you to view high-level information for log collection for each virtual machine, such as:

  • Date logs were last received
  • Average size of collected logs
  • Log Status
  • Armor Complete
  • Armor Anywhere

Log & Data Management

Write LogManagement

This permission allows you to update the log management service, specifically the permission to upgrade the log retention plan.
  • Armor Complete
  • Armor Anywhere
Log & Data Management

Read Log Management Plan Selection

This permission allows you to view additional log retention plans.
  • Armor Complete
  • Armor Anywhere
Log & Data ManagementWrite Log Management Plan SelectionThis permission allows you to change log retention plans.
  • Armor Complete
  • Armor Anywhere
Log & Data Management

Delete Log Management

This permission allows you to delete a log source.
  • Armor Complete
  • Armor Anywhere
Log & Data Management

Read Log Endpoints

This permission allows you to view an endpoint.
  • Armor Complete
  • Armor Anywhere
Log & Data Management

Write Log Endpoints

This permission allows you to create an endpoint.
  • Armor Complete
  • Armor Anywhere
Log & Data Management

Delete Log Endpoints

This permission allows you to delete an endpoint.

  • Armor Complete
  • Armor Anywhere
Vulnerability ScanningRead Compliance

This permission allows you to view information for the vulnerability scanning add-on product information. Specifically, you will see the status of the add-on product.

  • Armor Complete
Vulnerability ScanningWrite Compliance

This permission allows you to upgrade, downgrade, or delete the vulnerability scanning add-on product.

  • Armor Complete
Vulnerability ScanningView Vulnerability ScansThis permission allows you to view the data for a vulnerability scanning report, via a downloaded report or within AMP.
  • Armor Anywhere
Dynamic Threat BlockingRead Dynamic Threat Blocking Rule(s)This permission allows you to view IP rules that have been created.
  • Armor Complete
  • Armor Anywhere
Dynamic Threat BlockingWrite Dynamic Threat Blocking Rule(s)This permission allows you to create and delete an IP rule (whitelist or blacklist).
  • Armor Complete
  • Armor Anywhere
Dynamic Threat BlockingWrite Dynamic Threat Blocking Rule Never Expire IPThis permission allows you to create an IP rule (whitelist or blacklist) without an expiration date.
  • Armor Complete
  • Armor Anywhere
Dynamic Threat BlockingRead Dynamic Threat Blocking(s)This permission allows you to perform an IP lookup. Additionally, this permission allows you to view other IP lookups that have taken place in your account.
  • Armor Complete
  • Armor Anywhere

Firewall

Read Firewall

This permission allows you to view details for firewall rules for each virtual machine.

  • Armor Complete
Firewall

Write Firewall

This permission allows you to add, update, or delete firewall rules.
  • Armor Complete
Security IncidentsRead Dashboard StatisticsThis permission allows you to view the data that populates the security dashboards, which includes open or pending security incidents.
  • Armor Complete
  • Armor Anywhere

Marketplace screen permissions

ScreenPermissionDescriptionProduct compatibility

Marketplace

Read Product Catalog

This permission allows you to view available add-on products.

You must have this permission enabled in your account in order to view purchased services and also to order new services in AMP.

  • Armor Complete
Marketplace and My ProductsView SubscriptionsThis permission allows you to view subscription-based add-on products in the My Products screen of the User Details screen.
  • Armor Complete
Marketplace (and My Products)Write Subscriptions

This permission allows you to view the Armor Marketplace, as well as add and cancel subscription-based add-on products.

Specifically, you can add the subscription in the Armor Marketplace, and then cancel the subscription in the My Products screen of the User Details screen.

  • Armor Complete


Infrastructure screen permissions

ScreenPermissionDescriptionProduct compatibility

Workloads

Read Workload(s)

This permission allows you to view high-level data for workloads, such as

  • the associated data center
  • the number of tiers within the workload
  • the number of virtual machines within the workload
  • Armor Complete
WorkloadsWrite WorkloadThis permission allows you to create, update, and remove workloads and tiers.
  • Armor Complete

Virtual machines

Read Virtual Machine Stats

This permission allows you to view usage data for a virtual data. This data is displayed in a line graph.

  • Armor Complete

Virtual Machines

Read Virtual Machine(s)

This permission allows you to view data for a virtual machine, such as

  • Operating system
  • Size
  • Corresponding workload
  • Status
  • Armor Complete
Virtual MachinesWrite Virtual MachineThis permission allows you to create, update, and remove virtual machines.
  • Armor Complete
  • Armor Anywhere

Virtual Machines

Scale Virtual MachineThis permission allows you upgrade or downgrade (resize) the size of a virtual machine.
  • Armor Complete
Virtual MachinesRead Location(s)This permission allows you to view a list of available Armor data centers when you manage your virtual machines.
  • Armor Complete
Virtual MachinesRead Virtual Data CentersThis permission allows you to view the list of virtual environments in your account.
  • Armor Complete

Virtual Machines

Read Server Replication

This permission allows you to view high-level data for the server replication (disaster recovery) add-on product. Specifically, this permission allows you to view:

  • The status of the add-on product (configuring, enabled, disabled)
  • The location of the primary data center
  • The location of the failover data center
  • The status of the replication
  • Armor Complete

Virtual Machines

Write Server ReplicationThis permission allows you to order and cancel the server replication add-on product.
  • Armor Complete

Virtual Machines

Read Tasks

This permission allows you to view pending tasks, such as a scheduled delete or downsize of a virtual machine.
  • Armor Complete

Virtual Machines

Write TasksThis permission allows you to schedule a delete or downsize of a virtual machine.
  • Armor Complete

Virtual Machines

Read StorageThis permission allows you to view disk and storage information for a virtual machine.
  • Armor Complete
Virtual MachinesView Core LicenseThis permission allows you to view the core license, which is necessary to download and install the Anywhere agent.
  • Armor Anywhere
Virtual MachinesRead UtilizationThis permission allows you to export the usage for your virtual machine.
  • Armor Anywhere

IP Addresses

Read Network IP

This permission allows you to view data for unassigned and assigned public and private IP addresses

  • Armor Complete
IP AddressesWrite Network IP

This permission allows you to update an IP address, such as:

  • Assign an IP addresses
  • Unassign an IP addresses
  • Delete IP address
  • Request a new public IP address
  • Armor Complete
IP AddressesRead Network NATThis permission allows you to view DNAT assignments.
  • Armor Complete
IP AddressesWrite Network NATThis permission allows you to add and remove DNAT assignments.
  • Armor Complete

L2L VPN

Read Network L2L

This permission allows you to view high-level data for your L2L network tunnels.

  • Armor Complete
L2L VPNWrite Network L2LThis permission allows you to add, update, and remove L2L tunnels.
  • Armor Complete

SSL/VPN

Read SSL VPN Devices and Users

This permission allows you to view the status of your users' SSL VPN client.

  • Armor Complete
SSL/VPNWrite SSL VPN Devices and UserThis permission allows you to enable your users the ability to download and install the SSL VPN client.
  • Armor Complete
Advanced BackupCommit Advanced Backup Restore

This permission allows you to commit a snapshot after the restoration is complete.

  • Armor Complete
Advanced BackupCreate Advanced Backup PolicyThis permission allows you to create a new policy.
  • Armor Complete
Advanced BackupRead Advanced Backup This permission allows you to view the Advanced Backup screen.
  • Armor Complete
Advanced BackupRead Advanced Backup PolicyThis permission allows you to view policy information and details.
  • Armor Complete
Advanced BackupRead Advanced Backup Snapshots This permission allows you to view a list of snapshots (backups) for a virtual machine.
  • Armor Complete
Advanced BackupRead Advanced Backup VmsThis permission allows you to view the virtual machines that are subscribed to Advanced Backup.
  • Armor Complete
Advanced BackupRefreshed Advanced Backup SnapshotsThis permission allows you to refresh the current list of available snapshots (backups) for a virtual machine.
  • Armor Complete
Advanced BackupRemove Advanced BackupThis permission allows you to remove Advanced Backup from a virtual machine.
  • Armor Complete
Advanced BackupRequest Advanced Backup RestoreThis permission allows you to initiate a restoration of a snapshot (backup).
  • Armor Complete
Advanced BackupUpdate Advanced Backup PolicyThis permission allows you to update the configurations of a policy.
  • Armor Complete
Advanced BackupWrite Advanced BackupThis permission allows you to create a policy.
  • Armor Complete
Advanced BackupRead Advanced Backup PlansThis permission allows you to view a list of policies.
  • Armor Complete

Support screen permissions

ScreenPermissionDescriptionProduct compatibility

Tickets

Read Ticket(s)

This permission allows you to view support tickets listed in the View Archived Tickets section.

  • Armor Complete
  • Armor Anywhere
TicketsRead Ticket Group(s)This permission allows you to view and follow a support ticket, as well as access the Organization features of the ticket.
  • Armor Complete
  • Armor Anywhere
TicketsWrite Ticket Group(s)This permission allows you to create and follow a support ticket, as well as access the Organization features of the ticket.
  • Armor Complete
  • Armor Anywhere


Account screen permissions

ScreenPermissionDescriptionProduct compatibility
Overview (Account screen)

Read Identity

This permission allows you to view the account-level information, such as

  • Account overview
  • Armor contacts
  • User profiles
  • Roles and permissions
  • Armor Complete
  • Armor Anywhere
Overview (Account screen)Write Identity

This permission allows you to update account-level information, such as:

  • Invite and remove users
  • Create, update, and remove roles
  • Assign and unassign roles to users
  • Unlock a user after several failed login attempts
  • Armor Complete
  • Armor Anywhere
Overview (Account screen)Write AccountThis permission allows you to update your company profile, such as the address.
  • Armor Complete
  • Armor Anywhere
(Deprecated) User Detail

Update Customer Passwords

This permission allows you to update your password

  • Armor Complete
  • Armor Anywhere
(Deprecated) User Detail Update Personal Identity

This permission allows you to update your personal account information, such as your:

  • Password
  • Challenge Phrase
  • Challenge Response
  • Armor Complete
  • Armor Anywhere
Cloud ConnectionsRead Cloud ConnectionsThis permission allows you to view public cloud accounts that have been synced with AMP.
  • Armor Anywhere
Cloud ConnectionsWrite Cloud ConnectionsThis permission allows you to add a new public cloud account to sync with AMP.
  • Armor Anywhere
User DetailRead Notification(s)

This permission allows you to view the notification preferences for your users, such as a user's preference to receive an email regarding technical updates.

  • Armor Complete
  • Armor Anywhere

Invoices + Payments

View InvoicesThis permission allows you to view current and previous invoices.
  • Armor Complete
  • Armor Anywhere

Payment Methods

Read Payment Information

This permission allows you to view current payment information, such as the primary payment method.

  • Armor Complete
  • Armor Anywhere

Payment Methods

Update Payment InformationThis permission allows you to update the payment information, such as adding a new credit card or assigning a new primary payment method
  • Armor Complete
  • Armor Anywhere
Not applicableRead Entity Metadata

This permission allows you to view optional notes and tags that have been added to various AMP resources, such as a note added to a virtual machine.

  • Armor Complete
  • Armor Anywhere
Not applicableWrite Entity MetadataThis permission allows you to add, update, and delete optional notes and tags to various AMP resource, such as adding a note to a virtual machine.
  • Armor Complete
  • Armor Anywhere
API Keys (Users screen)API Keys All ReadThis permission allows you to view API keys that have been created. 
  • Armor Complete
  • Armor Anywhere
API Keys (Users screen)API Keys All DeleteThis permission allows you to delete an API key. 
  • Armor Complete
  • Armor Anywhere
API Keys (Users screen)API Keys Self ManangeThis permission allows you to create an API key. 
  • Armor Complete
  • Armor Anywhere
ActivityView Account ActivityThis permission allows you to view the account activity for your users.
  • Armor Complete
  • Armor Anywhere