Note
Home > AMP Account User Guides > Roles and Permissions

Anchor
Overview
Overview
Overview

In the Armor Management Portal (AMP), roles are similar to job titles that you can create and assign to your users. When you create a new role, you can populate that role with specific permissions. These permissions determine the type of access a user has in AMP. For example, you can create an Accounting role, and then you can add specific permissions to only give the user access to accounting-related features in AMP, such as the permission to view invoices in the Invoices screen.

When you create a new user, you must assign that user a role. You can create a new role, and then populate that role with your specified permissions. Or, you can use a default role with permissions already enabled in AMP.

For your convenience, when you create a new user, you can select and assign a default role (Admin, Billing, Technical) to that user.

The Admin role contains every permission available. In other words, there are no restrictions in AMP.
The Billing role contains mostly read-only permissions.
The Technical role contains reads-only and write-only permissions, with a focus on security and infrastructure resources.

Note
You cannot edit the permissions within the default roles.

Note
If your AMP account was created before May 2017, then by default, you will only see the Admin role, which contains all the available permissions.

Default roles and permissions

Expand

title	Permissions in the default Admin role

The default Admin role contains every permission available.

The Admin role is automatically assigned to a new administrator account.

To review every available permissions, see Review available permissions.

Expand

title	Permissions in the default Billing role

At a high-level, the default Billing role contains mostly read-only permissions.

Review the following table to better understand the specific permissions associated with the default Billing role.

AMP Screen	Permission	Description
Security Dashboard (landing page)	Read Dashboard Statistics	This permissions allows you to view the widgets (and corresponding data) that populate the security dashboard. These widgets display a high-level status of your virtual machines, agents, and open security incidents.
Malware Protection	Read AVAM	This permissions allows you to view antivirus and anti-malware (malware protection) details for each virtual machine.
FIM	Read FIM	This permissions allows you to view file integrity details for each virtual machine.
Patching	Read OS Packages	This permissions allows you to view details OS patching details for each virtual machine.
Log Management	Read LogManagement	This permissions allows you to view high-level information for log collection for each virtual machine, such as: Date logs were last received Average size of collected logs Log Status
Log Management	Read LogSearch	This permission allows you to view details for log collection, such as the specific log message, for each virtual machine.
Firewall	Read Firewall	This permissions allows you to view details for firewall rules for each virtual machine.
Marketplace	Read Product Catalog	This permission allows you to view available add-on products. You must have this permission enabled in your account in order to view purchased services and also to order new services in AMP.
Marketplace (and My Products)	View Subscriptions	This permission allows you to view subscription-based add-on products in the My Products screen of the User Details screen.
Workloads	Read Workload(s)	This permission allows you to view high-level data for workloads, such as the associated data center the number of tiers within the workload the number of virtual machines within the workload
Virtual Machines / VM Details	Write Orders	This permission allows you to provision a new virtual machine.
Virtual Machines / VM Details	Read Virtual Machine Stats	This permission allows you to view usage data for a virtual data. This data is displayed in a line graph.
Virtual Machines / VM Details	Read Virtual Machine(s)	This permission allows you to view data for a virtual machine, such as Operating system Size Corresponding workload Status
Virtual Machines / VM Details	Read Location(s)	This permission allows you to view a list of available Armor data centers when you manage your virtual machines.
Virtual Machines / VM Details	Read Virtual Data Centers	This permission allows you to view the list of virtual environments in your account.
Virtual Machines / VM Details	Read Server Replication	This permission allows you to view high-level data for the server replication (disaster recovery) add-on product. Specifically, this permission allows you to view: The status of the add-on product (configuring, enabled, disabled) The location of the primary data center The location of the failover data center The status of the replication
Virtual Machines / VM Details	Read Tasks	This permission allows you to view pending tasks, such as a scheduled delete or downsize of a virtual machine.
Virtual Machines / VM Details	Read Storage	This permission allows you to view disk and storage information for a virtual machine.
IP Addresses	Read Network IP	This permission allows you to view data for unassigned and assigned public and private IP addresses
IP Addresses	Read Network NAT	This permission allows you to view DNAT assignments.
L2L VPN	Read Network L2L	This permission allows you to view high-level data for your L2L network tunnels.
SSL/VPN	Read SSL VPN Devices and Users	This permission allows you to view the status of your users' SSL VPN client.
Compliance	Read Compliance	This permission allows you to view information for the vulnerability scanning add-on product information. Specifically, you will see the status of the add-on product.
Tickets + Notification	Read Ticket(s)	This permission allows you to view previous and current support tickets.
Tickets + Notification	Write Ticket(s)	This permission allows you to create and follow a support ticket.
Overview (Account screen)	Read Identity	This permission allows you to view the account-level information, such as Account overview Armor contacts User profiles Roles and permissions
User Detail	Update Personal Identity	This permission allows you to update your personal account information, such as your: Password Challenge Phrase Challenge Response
User Detail	Read Notification(s)	This permission allows you to view the notification preferences for your users, such as a user's preference to receive an email regarding technical updates.
Invoices	View Invoices	This permission allows you to view current and previous invoices.
Payment Methods	Read Payment Information	This permission allows you to view current payment information, such as the primary payment method.
Payment Methods	Write / Update Payment Information	This permission allows you to update the payment information, such as adding a new credit card or assigning a new primary payment method
Not applicable	Read Entity Metadata	This permission allows you to view optional notes and tags that have been added to various AMP resources, such as a note added to a virtual machine.
Not applicable	Write Entity Metadata	This permission allows you to add, update, and delete optional notes and tags to various AMP resource, such as adding a note to a virtual machine.
Not applicable	Global Search	This permission allows you to use the global search function throughout AMP.

Expand

title	Permissions in the default Technical role

At a high-level, the default Technical role contains read-only and write-only permissions, with a focus on security and infrastructure resources in AMP.

Review the following table to better understand the specific permissions associated with the default Technical role.

AMP Screen	Permission	Description
Security Dashboard (landing page)	Read Dashboard Statistics	This permissions allows you to view the widgets (and corresponding data) that populate the security dashboard. These widgets display a high-level status of your virtual machines, agents, and open security incidents.
Malware Protection	Read AVAM	This permissions allows you to view antivirus and anti-malware (malware protection) details for each virtual machine.
FIM	Read FIM	This permissions allows you to view file integrity details for each virtual machine.
Patching	Read OS Packages	This permissions allows you to view details OS patching details for each virtual machine.
Log Management	Read LogManagement	This permissions allows you to view high-level information for log collection for each virtual machine, such as: Date logs were last received Average size of collected logs Log Status
Log Management	Read LogSearch	This permission allows you to view details for log collection, such as the specific log message, for each virtual machine.
Log Management	Write LogManagement	This permission allows you to update the log management service, specifically the permission to upgrade the log retention plan.
Firewall	Read Firewall	This permissions allows you to view details for firewall rules for each virtual machine.
Firewall	Write Firewall	This permissions allows you to add, update, or delete firewall rules.
Marketplace	Read Product Catalog	This permission allows you to view available add-on products. You must have this permission enabled in your account in order to view purchased services and also to order new services in AMP.
Marketplace (and My Products)	View Subscriptions	This permission allows you to view subscription-based add-on products in the My Products screen of the User Details screen.
Marketplace (and My Products)	Write Subscriptions	This permission allows you to view the Armor Marketplace, as well as add and cancel subscription-based add-on products. Specifically, you can add the subscription in the Armor Marketplace, and then cancel the subscription in the My Products screen of the User Details screen.
Workloads	Read Workload(s)	This permission allows you to view high-level data for workloads, such as the associated data center the number of tiers within the workload the number of virtual machines within the workload
Workloads	Write Workload	This permission allows you to create, update, and remove workloads and tiers.
Virtual Machines / VM Details	Write Orders	This permission allows you to provision a new virtual machine.
Virtual Machines / VM Details	Read Virtual Machine Stats	This permission allows you to view usage data for a virtual data. This data is displayed in a line graph.
Virtual Machines / VM Details	Read Virtual Machine(s)	This permission allows you to view data for a virtual machine, such as Operating system Size Corresponding workload Status
Virtual Machines / VM Details	Scale Virtual Machine	This permission allows you upgrade or downgrade (resize) the size of a virtual machine.
Virtual Machines / VM Details	Write Virtual Machine	This permission allows you to create, update, and remove virtual machines.
Virtual Machines / VM Details	Read Location(s)	This permission allows you to view a list of available Armor data centers when you manage your virtual machines.
Virtual Machines / VM Detail	Read Virtual Data Centers	This permission allows you to view the list of virtual environments in your account.
Virtual Machines	Read Server Replication	This permission allows you to view high-level data for the server replication (disaster recovery) add-on product. Specifically, this permission allows you to view: The status of the add-on product (configuring, enabled, disabled) The location of the primary data center The location of the failover data center The status of the replication
Virtual Machines	Write Server Replication	This permission allows you to order and cancel the server replication add-on product.
Virtual Machines	Read Tasks	This permission allows you to view pending tasks, such as a scheduled delete or downsize of a virtual machine.
Virtual Machines	Write Tasks	This permission allows you to schedule a delete or downsize of a virtual machine.
Virtual Machines	Read Storage	This permission allows you to view disk and storage information for a virtual machine.
IP Addresses	Read Network IP	This permission allows you to view data for unassigned and assigned public and private IP addresses
IP Addresses	Write Network IP	This permission allows you to update an IP address, such as: Assign an IP addresses Unassign an IP addresses Delete IP address Request a new public IP address
IP Addresses	Read Network NAT	This permission allows you to view DNAT assignments.
IP Addresses	Write Network NAT	This permission allows you to add and remove DNAT assignments.
L2L VPN	Read Network L2L	This permission allows you to view high-level data for your L2L network tunnels.
L2L VPN	Write Network L2L	This permission allows you to add, update, and remove L2L tunnels.
SSL/VPN	Read SSL VPN Devices and Users	This permission allows you to view the status of your users' SSL VPN client.
SSL/VPN	Write SSL VPN Devices and User	This permission allows you to enable your users the ability to download and install the SSL VPN client.
Compliance	Read Compliance	This permission allows you to view information for the vulnerability scanning add-on product information. Specifically, you will see the status of the add-on product.
Compliance	Write Compliance	This permission allows you to upgrade, downgrade, or delete the vulnerability scanning add-on product.
Tickets + Notification	Read Ticket(s)	This permission allows you to view previous and current support tickets.
Tickets + Notification	Write Ticket(s)	This permission allows you to create and follow a support ticket.
Overview (Account screen)	Read Identity	This permission allows you to view the account-level information, such as Account overview Armor contacts User profiles Roles and permissions
User Detail	Update Personal Identity	This permission allows you to update your personal account information, such as your: Password Challenge Phrase Challenge Response
User Detail	Read Notification(s)	This permission allows you to view the notification preferences for your users, such as a user's preference to receive an email regarding technical updates.
Not applicable	Read Entity Metadata	This permission allows you to view optional notes and tags that have been added to various AMP resources, such as a note added to a virtual machine.
Not applicable	Write Entity Metadata	This permission allows you to add, update, and delete optional notes and tags to various AMP resource, such as adding a note to a virtual machine.
Not applicable	Global Search	This permission allows you to use the global search function throughout AMP.

Anchor
Create a role and add permissions
Create a role and add permissions
Create a role and add permissions

Excerpt Include

	Create a role and add permissions (snippet)
	Create a role and add permissions (snippet)
nopanel	true

Anchor
Assign a role to an existing user account
Assign a role to an existing user account
Assign a role to an existing user account

In the Armor Management Portal (AMP), in the left-side navigation, click Account.
Click Roles + Permissions.
Locate and select the desired role.
Under the name of the role, click Members.
Click Edit Members.
Select and drag the desired user to the Chosen column.
Click the X at the top, right corner.

Anchor
Update permissions to a role
Update permissions to a role
Update a permission for a role

Note
Remember, when you update the permissions for a role, the users assigned to that role will automatically be able to use the newly added permissions.

In the Armor Management Portal (AMP), in the left-side navigation, click Account.
Click Roles + Permissions.
Locate and select the desired role.
Select or deselect the desired permissions.
Click Save Role.

Anchor
Remove a role for a newly created or existing user
Remove a role for a newly created or existing user
Remove a role for a newly created or existing user

After you create a user account with an assigned role, the new user will receive an email to complete the login process. During this time, the account administrator has limited access to that user account; however, the account administrator can still update roles and permissions for the new user.

In the Armor Management Portal (AMP), in the left-side navigation, click Account.
Click Roles + Permissions.
In the search bar, enter the name of the newly created user, and then hit Enter. The table shows a list of roles associated with that user.
Locate and select the desired role.
Under the name of the role, click Members.
Click Edit Members.
Select and drag the desired user to the Chosen column.
Click the X at the top, right corner.

Anchor
Review available permissions
Review available permissions
Review available permissions

You can add the following permissions to newly created roles.

Security screen permissions

Screen	Permission	Description
Security Dashboard (AMP landing page)	Read Dashboard Statistics	This permissions allows you to view the widgets (and corresponding data) that populate the security dashboard. These widgets display a high-level status of your virtual machines, agents, and open security incidents.
Malware Protection	Read AVAM	This permissions allows you to view antivirus and anti-malware (malware protection) details for each virtual machine.
FIM	Read FIM	This permissions allows you to view file integrity details for each virtual machine.
Patching	Read OS Packages	This permissions allows you to view details OS patching details for each virtual machine.
Log Management	Read LogManagement	This permissions allows you to view high-level information for log collection for each virtual machine, such as: Date logs were last received Average size of collected logs Log Status
Log Management	Write LogManagement	This permission allows you to update the log management service, specifically the permission to upgrade the log retention plan.
Log Management	Read LogSearch	This permission allows you to view details for log collection, such as the specific log message, for each virtual machine.
Firewall	Read Firewall	This permissions allows you to view details for firewall rules for each virtual machine.
Firewall	Write Firewall	This permissions allows you to add, update, or delete firewall rules.

Marketplace screen permissions

Screen

Permission

Description

Marketplace

Read Product Catalog

This permission allows you to view available add-on products.

You must have this permission enabled in your account in order to view purchased services and also to order new services in AMP.

Marketplace and My Products

View Subscriptions

This permission allows you to view subscription-based add-on products in the My Products screen of the User Details screen.

Marketplace (and My Products)

Write Subscriptions

This permission allows you to view the Armor Marketplace, as well as add and cancel subscription-based add-on products.

Specifically, you can add the subscription in the Armor Marketplace, and then cancel the subscription in the My Products screen of the User Details screen.

Infrastructure screen permissions

Screen	Permission	Description
Workloads	Read Workload(s)	This permission allows you to view high-level data for workloads, such as the associated data center the number of tiers within the workload the number of virtual machines within the workload
Workloads	Write Workload	This permission allows you to create, update, and remove workloads and tiers.
Virtual machines / VM Details	Read Virtual Machine Stats	This permission allows you to view usage data for a virtual data. This data is displayed in a line graph.
Virtual Machines / VM Detail	Read Virtual Machine(s)	This permission allows you to view data for a virtual machine, such as Operating system Size Corresponding workload Status
Virtual Machines / VM Detail	Write Virtual Machine	This permission allows you to create, update, and remove virtual machines.
Virtual Machines / VM Detail	Scale Virtual Machine	This permission allows you upgrade or downgrade (resize) the size of a virtual machine.
Virtual Machines / VM Detail	Read Location(s)	This permission allows you to view a list of available Armor data centers when you manage your virtual machines.
Virtual Machines / VM Detail	Read Virtual Data Centers	This permission allows you to view the list of virtual environments in your account.
Virtual Machines / VM Detail	Read Server Replication	This permission allows you to view high-level data for the server replication (disaster recovery) add-on product. Specifically, this permission allows you to view: The status of the add-on product (configuring, enabled, disabled) The location of the primary data center The location of the failover data center The status of the replication
Virtual Machines / VM Detail	Write Server Replication	This permission allows you to order and cancel the server replication add-on product.
Virtual Machines / VM Detail	Read Tasks	This permission allows you to view pending tasks, such as a scheduled delete or downsize of a virtual machine.
Virtual Machines / VM Detail	Write Tasks	This permission allows you to schedule a delete or downsize of a virtual machine.
Virtual Machines / VM Detail	Read Storage	This permission allows you to view disk and storage information for a virtual machine.
IP Addresses	Read Network IP	This permission allows you to view data for unassigned and assigned public and private IP addresses
IP Addresses	Write Network IP	This permission allows you to update an IP address, such as: Assign an IP addresses Unassign an IP addresses Delete IP address Request a new public IP address
IP Addresses	Read Network NAT	This permission allows you to view DNAT assignments.
IP Addresses	Write Network NAT	This permission allows you to add and remove DNAT assignments.
L2L VPN	Read Network L2L	This permission allows you to view high-level data for your L2L network tunnels.
L2L VPN	Write Network L2L	This permission allows you to add, update, and remove L2L tunnels.
SSL/VPN	Read SSL VPN Devices and Users	This permission allows you to view the status of your users' SSL VPN client.
SSL/VPN	Write SSL VPN Devices and User	This permission allows you to enable your users the ability to download and install the SSL VPN client.

Compliance screen permissions

Screen	Permission	Description
Compliance	Read Compliance	This permission allows you to view information for the vulnerability scanning add-on product information. Specifically, you will see the status of the add-on product.
Compliance	Write Compliance	This permission allows you to upgrade, downgrade, or delete the vulnerability scanning add-on product.

Support screen permissions

Screen	Permission	Description
Tickets + Notification	Read Ticket(s)	This permission allows you to view previous and current support tickets.
Tickets + Notification	Write Ticket(s)	This permission allows you to create and follow a support ticket.

Account screen permissions

Screen	Permission	Description
Overview (Account screen)	Read Identity	This permission allows you to view the account-level information, such as Account overview Armor contacts User profiles Roles and permissions
Overview (Account screen)	Write Identity	This permissions allows you to update account-level information, such as: Invite and remove users Create, update, and remove roles Assign and unassign roles to users Unlock a user after several failed login attempts
Overview (Account screen)	Write Account	This permission allows you to update your company profile, such as the address.
Cloud Connections	Read Cloud Connections	This permission allows you to view public cloud accounts that have been synced with AMP.
Cloud Connections	Write Cloud Connections	This permission allows you to add a new public cloud account to sync with AMP.
(Deprecated ~~User Detail~~	~~Update Customer Passwords~~	~~This permission allows you to update your password~~
(Deprecated) ~~User Detail~~	~~Update Personal Identity~~	~~This permission allows you to update your personal account information, such as your:~~ ~~Password~~ ~~Challenge Phrase~~ ~~Challenge Response~~
User Detail	Read Notification(s)	This permission allows you to view the notification preferences for your users, such as a user's preference to receive an email regarding technical updates.
Invoices	View Invoices	This permission allows you to view current and previous invoices.
Payment Methods	Read Payment Information	This permission allows you to view current payment information, such as the primary payment method.
Payment Methods	Update Payment Information	This permission allows you to update the payment information, such as adding a new credit card or assigning a new primary payment method
Not applicable	Read Entity Metadata	This permission allows you to view optional notes and tags that have been added to various AMP resources, such as a note added to a virtual machine.
Not applicable	Write Entity Metadata	This permission allows you to add, update, and delete optional notes and tags to various AMP resource, such as adding a note to a virtual machine.
Not applicable	Global Search	This permission allows you to use the global search function throughout AMP.

Space shortcuts

Page tree

Theme Press Tour Guide

com.brikit.tour.guide.title

EXTRA LAYER

NOTES

Not the Real Navigation

Dolor Sit Amet

Internal

Customer

Versions Compared

Old Version 102

New Version 103

Key

Anchor
Overview
Overview
Overview

Default roles and permissions

Anchor
Create a role and add permissions
Create a role and add permissions
Create a role and add permissions

Anchor
Assign a role to an existing user account
Assign a role to an existing user account
Assign a role to an existing user account

Anchor
Update permissions to a role
Update permissions to a role
Update a permission for a role

Anchor
Remove a role for a newly created or existing user
Remove a role for a newly created or existing user
Remove a role for a newly created or existing user

Anchor
Review available permissions
Review available permissions
Review available permissions

Security screen permissions

Marketplace screen permissions

Infrastructure screen permissions

Compliance screen permissions

Support screen permissions

Account screen permissions

Armor Defense Inc. Copyright © 2020. All rights reserved.

Space shortcuts

Page tree

Theme Press Tour Guide

com.brikit.tour.guide.title

EXTRA LAYER

NOTES

Not the Real Navigation

Dolor Sit Amet

Internal

Customer

Versions Compared

Old Version 102

New Version 103

Key

AnchorOverviewOverviewOverview

Default roles and permissions

AnchorCreate a role and add permissionsCreate a role and add permissionsCreate a role and add permissions

AnchorAssign a role to an existing user accountAssign a role to an existing user accountAssign a role to an existing user account

AnchorUpdate permissions to a role Update permissions to a role Update a permission for a role

AnchorRemove a role for a newly created or existing userRemove a role for a newly created or existing userRemove a role for a newly created or existing user

AnchorReview available permissionsReview available permissionsReview available permissions

Security screen permissions

Marketplace screen permissions

Infrastructure screen permissions

Compliance screen permissions

Support screen permissions

Account screen permissions

Armor Defense Inc. Copyright © 2020. All rights reserved.

Anchor
Overview
Overview
Overview

Anchor
Create a role and add permissions
Create a role and add permissions
Create a role and add permissions

Anchor
Assign a role to an existing user account
Assign a role to an existing user account
Assign a role to an existing user account

Anchor
Update permissions to a role
Update permissions to a role
Update a permission for a role

Anchor
Remove a role for a newly created or existing user
Remove a role for a newly created or existing user
Remove a role for a newly created or existing user

Anchor
Review available permissions
Review available permissions
Review available permissions