Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Note
Home > AMP Account User Guides > Roles and Permissions

...

Content Layer
id437218680
Content Column
id437218696
Content Block
background-color$lightGrayColor
id437218675

Topics Discussed

Table of Contents
maxLevel3
minLevel3

Content Block
id437218686

In the Armor Management Portal (AMP), roles are similar to job titles that you

...

must create and assign to your users. When you create a new role, you can populate that role with specific permissions. These permissions determine the type of access a user has in AMP.

For example, you can create an Accounting role, and then you can add specific permissions to only give the user access to accounting-related features in AMP, such as the permission to view invoices

...


Info

When you create a new user, you must assign that user a role.

...

 

There are two ways to assign a user to a role: 

  1. Assign a default role with permissions already enabled in AMP.

    For your convenience, when you create a new user, you can select and assign a default role (Admin, Billing, Technical) to that user.

    • The Admin role contains every permission available. In other words, there are no restrictions in AMP. 
    • The Billing role contains mostly read-only permissions.
    • The Technical role contains reads-only and write-only permissions, with a focus on security and infrastructure resources. 
    Note

    You cannot edit the permissions within the default roles. 

    1. Create a new role, populate that role with your preferred permissions, and then assign that role to a user. 
    Note

    To review Frequently Asked Questions (FAQs) regarding roles and permissions in AMP, see Introduction to Roles and Permissions.


    Anchor
    Assign a default role
    Assign a default role
    Assign a Default Role


    Anchor
    Review default roles and corresponding permissions
    Review default roles and corresponding permissions
    Step 1: Review default roles and corresponding permissions

    Note

    If your AMP account was created before May 2017, then by default, you will only see the Admin role

    , which contains all the available permissions.

    ...

    This permission allows you to create and follow a support ticket

    . This role contains every permission available.

    Note

    In AMP, you can easily identify a default role by the orange Armor badge that displays next to the role name.

    You cannot edit the permissions within the default roles. 

    Expand
    titlePermissions in the default Admin role

    The default Admin role contains every permission available.

    The Admin

    This role is automatically assigned to a new administrator account.

    To review every available permissions, see Review available permissions.

    Expand

    This role is automatically updated with new permissions after an AMP release.

    Note

    With the Admin role, you can also view the specific routes associated with each permission. 

    1. In the Armor Management Portal (AMP), in the left-side navigation, click Account
    2. Click Roles + Permissions
    3. Locate and select the desired role.
    4. Click the expand arrow for the permission that you want to view.
    Expand
    titlePermissions in the default Billing role

    At a high-level, the default Billing role contains mostly read-only permissions.

    Note

    This role is not automatically updated with new permissions after an AMP release.

    Review the following table to better understand the specific permissions associated with the default Billing role. 

    AMP ScreenPermissionDescription

    Security Dashboard (landing page)

    Read Dashboard StatisticsThis
    permissions
    permission allows you to view the widgets (and corresponding data) that populate the security dashboard. These widgets display a high-level status of your virtual machines, agents, and open security incidents.

    Malware Protection

    Read AVAMThis
    permissions
    permission allows you to view antivirus and anti-malware (malware protection) details for each virtual machine.

    FIM

    Read FIMThis
    permissions
    permission allows you to view file integrity details for each virtual machine.

    Patching

    Read OS PackagesThis
    permissions
    permission allows you to view details OS patching details for each virtual machine.
    Intrusion DetectionRead IDSThis permission allows you to view intrusion detection data.

    Log & Data Management

    Read LogManagement

    This

    permissions

    permission allows you to view high-level information for log collection for each virtual machine, such as:

    • Date logs were last received
    • Average size of collected logs
    • Log Status
    Log & Data Management

    Read LogSearch

    This permission allows you to view details for log collection, such as the specific log message, for each virtual machine.

    Firewall

    Read Firewall

    This

    permissions

    permission allows you to view details for firewall rules for each virtual machine.

    MarketplaceRead Product Catalog

    This permission allows you to view available add-on products.

    You must have this permission enabled in your account in order to view purchased services and also to order new services in AMP.

    Marketplace (and My Products)View SubscriptionsThis permission allows you to view subscription-based add-on products in the My Products screen of the User Details screen.
    WorkloadsRead Workload(s)

    This permission allows you to view high-level data for workloads, such as

    • the associated data center
    • the number of tiers within the workload
    • the number of virtual machines within the workload
    Virtual Machines
    / VM Details
    Write OrdersThis permission allows you to provision a new virtual machine.
    Virtual Machines
    / VM Details
    Read Virtual Machine StatsThis permission allows you to view usage data for a virtual data. This data is displayed in a line graph.
    Virtual Machines
    / VM Details
    Read Virtual Machine(s)

    This permission allows you to view data for a virtual machine, such as

    • Operating system
    • Size
    • Corresponding workload
    • Status
    Virtual Machines
    / VM Details
    Read Location(s)This permission allows you to view a list of available Armor data centers when you manage your virtual machines.
    Virtual Machines
    / VM Details
    Read Virtual Data CentersThis permission allows you to view the list of virtual environments in your account.
    Virtual Machines
    / VM Details
    Read Server Replication

    This permission allows you to view high-level data for the server replication (disaster recovery) add-on product. Specifically, this permission allows you to view:

    • The status of the add-on product (configuring, enabled, disabled)
    • The location of the primary data center
    • The location of the failover data center
    • The status of the replication
    Virtual Machines
    / VM Details
    Read TasksThis permission allows you to view pending tasks, such as a scheduled delete or downsize of a virtual machine.
    Virtual Machines
    / VM Details
    Read StorageThis permission allows you to view disk and storage information for a virtual machine.
    IP AddressesRead Network IPThis permission allows you to view data for unassigned and assigned public and private IP addresses
    IP AddressesRead Network NATThis permission allows you to view DNAT assignments.
    L2L VPNRead Network L2LThis permission allows you to view high-level data for your L2L network tunnels.
    SSL/VPNRead SSL VPN Devices and UsersThis permission allows you to view the status of your users' SSL VPN client.
    ComplianceRead ComplianceThis permission allows you to view information for the vulnerability scanning add-on product information. Specifically, you will see the status of the add-on product.

    Tickets

    + Notification

    Read Ticket(s)This permission allows you to view
    previous and current
    support tickets
    .
    Tickets + NotificationWrite Ticket(s)
    listed in the ViewArchivedTickets section.
    Overview (Account screen)Read Identity

    This permission allows you to view the account-level information, such as

    • Account overview
    • Armor contacts
    • User profiles
    • Roles and permissions
    User DetailUpdate Personal Identity

    This permission allows you to update your personal account information, such as your:

    • Password
    • Challenge Phrase
    • Challenge Response
    User DetailRead Notification(s)This permission allows you to view the notification preferences for your users, such as a user's preference to receive an email regarding technical updates.
    InvoicesView InvoicesThis permission allows you to view current and previous invoices.
    Payment MethodsRead Payment InformationThis permission allows you to view current payment information, such as the primary payment method.
    Payment MethodsWrite / Update Payment InformationThis permission allows you to update the payment information, such as adding a new credit card or assigning a new primary payment method
    Not applicableRead Entity Metadata

    This permission allows you to view optional notes and tags that have been added to various AMP resources, such as a note added to a virtual machine.

    Not applicableWrite Entity MetadataThis permission allows you to add, update, and delete optional notes and tags to various AMP resource, such as adding a note to a virtual machine.
    Not applicableGlobal SearchThis permission allows you to use the global search function throughout AMP.



    Expand
    titlePermissions in the default Technical role

    At a high-level, the default Technical role contains read-only and write-only permissions, with a focus on security and infrastructure resources in AMP.

    Note

    This role is not automatically updated with new permissions after an AMP release.

    Review the following table to better understand the specific permissions associated with the default Technical role. 

    AMP ScreenPermissionDescription

    Security Dashboard (landing page)

    Read Dashboard StatisticsThis
    permissions
    permission allows you to view the widgets (and corresponding data) that populate the security dashboard. These widgets display a high-level status of your virtual machines, agents, and open security incidents.
    Malware ProtectionRead AVAMThis
    permissions
    permission allows you to view antivirus and anti-malware (malware protection) details for each virtual machine.
    FIMRead FIMThis
    permissions
    permission allows you to view file integrity details for each virtual machine.
    PatchingRead OS PackagesThis
    permissions
    permission allows you to view details OS patching details for each virtual machine.
    Intrusion DetectionRead IDSThis permission allows you to view intrusion detection data.
    Log & Data ManagementRead LogManagement

    This

    permissions

    permission allows you to view high-level information for log collection for each virtual machine, such as:

    • Date logs were last received
    • Average size of collected logs
    • Log Status
    Log ManagementRead LogSearchThis permission allows you to view details for log collection, such as the specific log message, for each virtual machine.
    Log Management

    Write LogManagement

    This permission allows you to update the log management service, specifically the permission to upgrade the log retention plan.
    FirewallRead FirewallThis
    permissions
    permission allows you to view details for firewall rules for each virtual machine.
    FirewallWrite FirewallThis
    permissions
    permission allows you to add, update, or delete firewall rules.
    MarketplaceRead Product Catalog

    This permission allows you to view available add-on products.

    You must have this permission enabled in your account in order to view purchased services and also to order new services in AMP.

    Marketplace (and My Products)View SubscriptionsThis permission allows you to view subscription-based add-on products in the My Products screen of the User Details screen.
    Marketplace (and My Products)Write Subscriptions

    This permission allows you to view the Armor Marketplace, as well as add and cancel subscription-based add-on products.

    Specifically, you can add the subscription in the Armor Marketplace, and then cancel the subscription in the My Products screen of the User Details screen.

    WorkloadsRead Workload(s)

    This permission allows you to view high-level data for workloads, such as

    • the associated data center
    • the number of tiers within the workload
    • the number of virtual machines within the workload
    WorkloadsWrite WorkloadThis permission allows you to create, update, and remove workloads and tiers.
    Virtual Machines / VM DetailsWrite OrdersThis permission allows you to provision a new virtual machine.
    Virtual Machines / VM DetailsRead Virtual Machine StatsThis permission allows you to view usage data for a virtual data. This data is displayed in a line graph.
    Virtual Machines / VM DetailsRead Virtual Machine(s)

    This permission allows you to view data for a virtual machine, such as

    • Operating system
    • Size
    • Corresponding workload
    • Status
    Virtual Machines / VM DetailsScale Virtual MachineThis permission allows you upgrade or downgrade (resize) the size of a virtual machine.
    Virtual Machines / VM DetailsWrite Virtual MachineThis permission allows you to create, update, and remove virtual machines.
    Virtual Machines / VM DetailsRead Location(s)This permission allows you to view a list of available Armor data centers when you manage your virtual machines.
    Virtual Machines / VM DetailRead Virtual Data CentersThis permission allows you to view the list of virtual environments in your account.
    Virtual MachinesRead Server Replication

    This permission allows you to view high-level data for the server replication (disaster recovery) add-on product. Specifically, this permission allows you to view:

    • The status of the add-on product (configuring, enabled, disabled)
    • The location of the primary data center
    • The location of the failover data center
    • The status of the replication
    Virtual MachinesWrite Server ReplicationThis permission allows you to order and cancel the server replication add-on product.
    Virtual MachinesRead TasksThis permission allows you to view pending tasks, such as a scheduled delete or downsize of a virtual machine.
    Virtual MachinesWrite TasksThis permission allows you to schedule a delete or downsize of a virtual machine.
    Virtual MachinesRead StorageThis permission allows you to view disk and storage information for a virtual machine.
    IP AddressesRead Network IPThis permission allows you to view data for unassigned and assigned public and private IP addresses
    IP AddressesWrite Network IP

    This permission allows you to update an IP address, such as:

    • Assign an IP addresses
    • Unassign an IP addresses
    • Delete IP address
    • Request a new public IP address
    IP AddressesRead Network NATThis permission allows you to view DNAT assignments.
    IP AddressesWrite Network NATThis permission allows you to add and remove DNAT assignments.
    L2L VPNRead Network L2LThis permission allows you to view high-level data for your L2L network tunnels. 
    L2L VPNWrite Network L2LThis permission allows you to add, update, and remove L2L tunnels.
    SSL/VPNRead SSL VPN Devices and UsersThis permission allows you to view the status of your users' SSL VPN client.
    SSL/VPNWrite SSL VPN Devices and UserThis permission allows you to enable your users the ability to download and install the SSL VPN client.
    ComplianceRead ComplianceThis permission allows you to view information for the vulnerability scanning add-on product information. Specifically, you will see the status of the add-on product.
    ComplianceWrite ComplianceThis permission allows you to upgrade, downgrade, or delete the vulnerability scanning add-on product.
    Tickets
    + Notification
    Read Ticket(s)This permission allows you to view
    previous and current
    support tickets
    .Tickets + NotificationWrite Ticket(s)This permission allows you to create and follow a support ticket
    listed in the ViewArchivedTickets section.
    Overview (Account screen)Read Identity

    This permission allows you to view the account-level information, such as

    • Account overview
    • Armor contacts
    • User profiles
    • Roles and permissions
    User DetailUpdate Personal Identity

    This permission allows you to update your personal account information, such as your:

    • Password
    • Challenge Phrase
    • Challenge Response
    User DetailRead Notification(s)This permission allows you to view the notification preferences for your users, such as a user's preference to receive an email regarding technical updates.
    Not applicableRead Entity MetadataThis permission allows you to view optional notes and tags that have been added to various AMP resources, such as a note added to a virtual machine.
    Not applicableWrite Entity MetadataThis permission allows you to add, update, and delete optional notes and tags to various AMP resource, such as adding a note to a virtual machine.
    Not applicableGlobal SearchThis permission allows you to use the global search function throughout AMP.




    Step 2: Assign a default role

    1. In the Armor Management Portal (AMP), in the left-side navigation, click Account
    2. Click Roles + Permissions
    3. Locate and select the desired default role (Admin, Billing, or Technical). 
    4. Click Members
    5. Under Members, enter and select the name of the user. 


    Anchor
    Create and assign a new role

    ...

    Create and assign a new role
    Create and assign a new role

    ...


    Step 1: Create a role and add permissions

    Excerpt Include
    ESLP:Create a role and add permissions (snippet)
    ESLP:Create a role and add permissions (snippet)
    nopaneltrue
     

    ...

    Step 2: Assign a role to an existing user account

    Excerpt Include
    ESLP:Assign a role to an existing user account (snippet)
    ESLP:Assign a role to an existing user account

    ...

    1. In the Armor Management Portal (AMP), in the left-side navigation, click Account
    2. Click Roles + Permissions
    3. Locate and select the desired role. 
    4. Under the name of the role, click Members
    5. Click Edit Members
    6. Select and drag the desired user to the Chosen column. 
    7. Click the X at the top, right corner.  

    (snippet)
    nopaneltrue


    Anchor
    Update permissions to a role
    Update permissions to a role
    Update a permission for a

    ...

    role

    Note

    Remember, when you update the permissions for a role, the users assigned to that role will automatically be able to use the newly added permissions.

    ...


    Excerpt Include
    ESLP:Update a permission for a role (snippet)
    ESLP:Update a permission for a role (snippet)
    nopaneltrue


    Anchor
    Remove a role for a newly created or existing user
    Remove a role for a newly created or existing user
    Remove a role for a newly created or existing user

    After you create a user account with an assigned role, the new user will receive an email to complete the login process. During this time, the account administrator has limited access to that user account; however, the account administrator can still update roles and permissions for the new user. 

    1. In the Armor Management Portal (AMP), in the left-side navigation, click Account
    2. Click Roles + Permissions
    3. In the search bar, enter the name of the newly created user, and then hit Enter. The table shows a list of roles associated with that user. 
    4. Locate and select the desired role. 
    5. Under the name of the role, click Members
    6. Click Edit Members
    7. Select and drag the desired user to the Chosen column. 
    8. Click the X at the top, right corner. 

    ...

    You can add the following permissions to newly created roles.

    Security screen permissions

    ...

    Security Dashboard (AMP landing page)

    ...

    Malware Protection

    ...

    FIM

    ...

    Patching

    ...

    Log Management

    ...

    Read LogManagement

    ...

    This permissions allows you to view high-level information for log collection for each virtual machine, such as:

    • Date logs were last received
    • Average size of collected logs
    • Log Status

    ...

    Log Management

    ...

    Write LogManagement

    ...

    Firewall

    ...

    Read Firewall

    ...

    This permissions allows you to view details for firewall rules for each virtual machine.

    ...

    Write Firewall

    ...

    Marketplace screen permissions

    ...

    Marketplace

    ...

    Read Product Catalog

    ...

    This permission allows you to view available add-on products.

    You must have this permission enabled in your account in order to view purchased services and also to order new services in AMP.

    ...

    This permission allows you to view the Armor Marketplace, as well as add and cancel subscription-based add-on products.

    Specifically, you can add the subscription in the Armor Marketplace, and then cancel the subscription in the My Products screen of the User Details screen.

    Infrastructure screen permissions

    ...

    Workloads

    ...

    Read Workload(s)

    ...

    This permission allows you to view high-level data for workloads, such as

    • the associated data center
    • the number of tiers within the workload
    • the number of virtual machines within the workload

    ...

    Virtual machines / VM Details

    ...

    Read Virtual Machine Stats

    ...

    This permission allows you to view usage data for a virtual data. This data is displayed in a line graph.

    ...

    Virtual Machines / VM Detail

    ...

    This permission allows you to view data for a virtual machine, such as

    • Operating system
    • Size
    • Corresponding workload
    • Status

    ...

    Virtual Machines / VM Detail

    ...

    Virtual Machines / VM Detail

    ...

    This permission allows you to view high-level data for the server replication (disaster recovery) add-on product. Specifically, this permission allows you to view:

    • The status of the add-on product (configuring, enabled, disabled)
    • The location of the primary data center
    • The location of the failover data center
    • The status of the replication

    ...

    Virtual Machines / VM Detail

    ...

    Virtual Machines / VM Detail

    ...

    Read Tasks

    ...

    Virtual Machines / VM Detail

    ...

    Virtual Machines / VM Detail

    ...

    IP Addresses

    ...

    Read Network IP

    ...

    This permission allows you to view data for unassigned and assigned public and private IP addresses

    ...

    This permission allows you to update an IP address, such as:

    • Assign an IP addresses
    • Unassign an IP addresses
    • Delete IP address
    • Request a new public IP address

    ...

    L2L VPN

    ...

    Read Network L2L

    ...

    This permission allows you to view high-level data for your L2L network tunnels.

    ...

    SSL/VPN

    ...

    Read SSL VPN Devices and Users

    ...

    This permission allows you to view the status of your users' SSL VPN client.

    ...

    Compliance screen permissions

    ...

    Compliance

    ...

    Read Compliance

    ...

    This permission allows you to view information for the vulnerability scanning add-on product information. Specifically, you will see the status of the add-on product.

    ...

    Support screen permissions

    ...

    Tickets + Notification

    ...

    Read Ticket(s)

    ...

    This permission allows you to view previous and current support tickets.

    ...

    Account screen permissions

    ...

    Read Identity

    ...

    This permission allows you to view the account-level information, such as

    • Account overview
    • Armor contacts
    • User profiles
    • Roles and permissions

    ...

    This permissions allows you to update account-level information, such as:

    • Invite and remove users
    • Create, update, and remove roles
    • Assign and unassign roles to users
    • Unlock a user after several failed login attempts

    ...

    Update Customer Passwords

    ...

    This permission allows you to update your password

    ...

    This permission allows you to update your personal account information, such as your:

    • Password
    • Challenge Phrase
    • Challenge Response

    ...

    This permission allows you to view the notification preferences for your users, such as a user's preference to receive an email regarding technical updates.

    ...

    Invoices

    ...

    Payment Methods

    ...

    Read Payment Information

    ...

    This permission allows you to view current payment information, such as the primary payment method.

    ...

    Payment Methods

    ...

    This permission allows you to view optional notes and tags that have been added to various AMP resources, such as a note added to a virtual machine.

    ...


    Excerpt Include
    ESLP:Remove a role for a newly created or existing user (snippet)
    ESLP:Remove a role for a newly created or existing user (snippet)
    nopaneltrue


    Anchor
    Delete a role
    Delete a role
    Delete A Role


    Excerpt Include
    ESLP:Delete a role (snippet)
    ESLP:Delete a role (snippet)
    nopaneltrue



    Additional Documentation

    To view every permission available in AMP, see Review All Permissions.

    Note

    In the Roles and Permissions screen, you may see permissions that only apply to Armor Complete or Armor Anywhere users. Your roles will not malfunction if you happen to add a permission for a different product to your role.




    Was this helpful?
    Rate Macro

    Scrolltotop



    Excerpt
    hiddentrue

    test

    Review permissions for popular AMP screens

    Review the following tables to understand the permissions needed to interact with popular screens in AMP. 

    Note

    To view every permission available in AMP, see Review All Permissions.

    Note

    In the Roles and Permissions screen in AMP, you may see permissions that only apply to Armor Anywhere users. Your roles will not malfunction if you happen to add an Armor Anywhere permission to your role.



    Permissions for virtual machines and workloads

    Screen / FeatureActionsPermissionsAdditional information
    Virtual Machines and Workloads
    • Create a virtual machine 
    • Reboot, reset, or turn off a virtual machine
    • Delete a virtual machine
    • Resize a virtual machine
    • Upgrade a virtual machine
    • Downgrade a virtual machine
    • Add disk space to an existing virtual machine
    • Export virtual machine data
    • View a workload
    • Create a workload

    • Read Workload(s)
    • Write Workload
    • Read Virtual Machine Stats
    • Read Virtual Machine(s)
    • Write Virtual Machine
    • Scale Virtual Machine
    • Read Location(s)
    • Read Virtual Data Centers
    • Read Tasks
    • Write Tasks
    • Read Storage
    • Read Network L2L
    • Write Network L2L
    • Read SSL VPN Devices and Users
    • Write SSL VPN Devices and User
    Note

    If you ordered the Continuous Server Replication (Data Recovery) add-on product, then you must also have the following permissions:

    • Read Server Replication
    • Write Server Replication
    Note

    To learn more about the Virtual Machines screen, see Virtual Machines.



    Permissions for IP addresses

    Screen / FeatureActionsPermissionsAdditional information
    IP Addresses
    • Assign a new public IP address to virtual machine
    • Assign an existing public IP address to a virtual machine
    • Remove an existing public IP address from a virtual machine
    • Delete an unassigned public IP address
    • Delete an assigned public IP address
    • Assign an available private IP address to a virtual machine
    • Unassign a secondary private IP address from a virtual machine
    • Read Network IP
    • Write Network IP
    • Read Network NAT
    • Write Network NAT
    • Read Location(s)
    • Read Virtual Data Centers
    Note

    To learn more about the IP Addresses screen, see IP Address.



    Permissions for firewall rules

    Screen / FeatureActionsPermissionsAdditional information
    Firewall
    • Create a firewall rule with a new IP address group
    • Create a firewall rule with an existing IP address group
    • Edit a firewall rule
    • Edit name
    • Edit source
    • Edit destination
    • Edit action
    • Edit services
    • Enable or disable a firewall rule
    • Delete a firewall rule
    • Export firewall data
    • Create an IP group
    • Create a service group
    • Write Network IP Addresses 
    • Read Firewall 
    • Write Firewall 
    • Read Location(s)
    • Read Virtual Data Centers
    Note

    To learn more about the Firewall screen, see Firewall Rules.






    Permissions for L2L VPN tunnels

    Screen / FeatureActionsPermissionsAdditional information
    L2L VPN
    • Create an L2L VPN tunnel with a new workload
    • Edit an L2L VPN tunnel
    • Enable, disable, or delete an L2L VPN tunnel

    • Read Network L2L
    • Write Network L2L
    • Read Location(s)
    • Read Virtual Data Centers

    Note

    To learn more about the L2L VPN screen, see L2L VPN Tunnel.



    Permissions for SSL/VPN 

    Screen / FeatureActionsPermissionsAdditional information
    SSL/VPN
    • Enable and install your SSL/VPN access
    • Enable SSL/VPN access for your user
    • Disable SSL/VPN for your user
    • Read Network L2L
    • Write Network L2L
    • Read Location(s)
    • Read Virtual Data Centers

    Note

    To access a virtual machine, you must download and install the SSL/VPN client. An account administrator must first enable their users the ability to download the client. As a result, an account administrator must have the following permissions enabled in their account: 

    • Read SSL VPN Devices and Users
    • Write SSL VPN Devices and Users
    • Read Location(s)
    • Read Virtual Data Centers
    Note

    To learn more about the SSL/VPN screen, see SSL VPN.



    Permissions for support tickets

    Screen / FeatureActionsPermissionsAdditional information
    Tickets
    • Create a support ticket
    • View a support ticket
    • View an archived ticket
    • Add a recipient to an existing support ticket
    • Chat with Armor
    • Read Ticket(s)
    • Read Ticket Group(s)
    • Write Ticket Group(s)
    Note

    In addition to these permissions, in order to view a ticket, you must be listed as a recipient. For example, if a user in your account sends a support ticket, and you are not listed as a recipient, then you will not be able to see this ticket.

    Note

    To learn more about the Tickets screen, see Armor Support.



    Excerpt
    hiddentrue

    Permissions for Advanced Backup 

    Screen / FeatureActionsPermissionsAdditional information
    Advanced Backup
    • Create a snapshot policy
    • Assign a policy to a virtual machine
    • Restore a virtual machine from a backup 
    • Read Avanced Backup Plans
    • Commit Advanced Backup Restore
    • Create Advanced Backup Policy
    • Read Advanced Backup
    • Read Advanced Backup Policy
    • Read Advanced Backup Snapshots
    • Read Advanced Backup Vms
    • Refresh Advanced Backup Snapshots
    • Remote Advanced Backup
    • Request Advanced Backup Restore
    • Update Advanced Backup Policy
    • Write Advanced Backup 
    Note

    Additionally, you must have all the permissions for the Virtual Machines screen.

    Note

    To learn more about the Advanced Backup screen, see Advanced Backup.



    Permissions for Continuous Server Replication (Disaster Recovery)

    Screen / FeatureActionsPermissionsAdditional information
    Continuous Server Replication (Disaster Recovery)
    • Order Continuous Server Replication (Disaster Recovery) 
    • Request a test failover
    • Request a live failover
    • Read Server Replication
    • Write Server Replication 
    Note

    Additionally, you must have all the permissions for the Virtual Machines screen.

    Note

    To learn more about Continuous Server Replication (Disaster Recovery):



    Permissions for Log & Data Management

    Screen / FeatureActionsPermissionsAdditional information
    Log & Data Management
    • View collected logs in the Search section
    • View the status of the logging subagent in the Sources section
    • Write LogManagement
    • Read LogManagement 
    Note

    To learn more about Log Management, seeNOT PUBLISHED: Log Management.



     


    Permissions for Armor Marketplace

    Screen / FeatureActionsPermissionsAdditional information
    Armor Marketplace
    • View available add-on products
    • View subscription-based add-on products
    • Add and cancel products
    • Read Product Catalog
    • View Subscriptions
    • Write Subscriptions
    Note

    To learn more about the Armor Marketplace screen, see Armor Marketplace.



    Permissions for the Health Dashboards

    Screen / FeatureActionsPermissionsAdditional information
    • Health Overview (landing screen)
      • Protection
      • Detection
      • Response
      • Security Incidents
    • View the data that populates the security dashboards
    • Read Dashboard Statistics
    Note

    To learn more about the dashboards, see Health Overview Dashboard.



    Permissions for Security screens

    Screen / FeatureActionsPermissionsAdditional information
    • Security screens
      • Malware Protection
      • File Integrity Monitoring (FIM)
      • Patching
    • View the data that populates the security-focused screens
    • Read AVAM
    • Read FIM
    • Read OS Packages