Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Note
Home > AMP Account User Guides > Roles and Permissions

...

Content Layer
id437218680
Content Column
id437218696
Content Block
background-color$lightGrayColor
id437218675

Topics Discussed

Table of Contents
maxLevel3
minLevel3

Content Block
id437218686

In the Armor Management Portal (AMP)roles are similar to job titles that you

...

must create and assign to your users. When you create a new role, you can populate that role with specific permissions. These permissions determine the type of access a user has in AMP.

For example, you can create

...

an Accounting

...

 role, and then you can add specific permissions to only give the user access to accounting-related features in AMP, such as the permission to view invoices

...


Info

When you create a new user, you must assign that user a role.

...

Note

You cannot edit the permissions within the default roles. 

 

There are two ways to assign a user to a role: 

  1. Assign a default role with permissions already enabled in AMP.

...

  1. Create a new role, populate that role with your preferred permissions, and then assign that role to a user. 
Note

To review Frequently Asked Questions (FAQs) regarding roles and permissions in AMP, see Introduction to Roles and Permissions.


Anchor
Assign a default role
Assign a default role
Assign a Default Role


Anchor
Review default roles and corresponding permissions
Review default roles and corresponding permissions
Step 1: Review default roles and corresponding permissions

Note

If your AMP account was created before May 2017, then by default, you will only see the Admin role

, which contains all the available permissions.

. This role contains every permission available.

Note

In AMP, you can easily identify a default role by the orange Armor badge that displays next to the role name.

You cannot edit the permissions within the default roles. 

Expand
titlePermissions in the default Admin role
By default, the 

The default Admin role contains every permission available.

The Admin

By default, the Billing role contains the following permissions: 

PermissionDescription

Read Entity Metadata

View notes and tags
Read IdentityView account information
Read WorkloadsView account workloads
Read Payment InformationView payment information

Write Payment Information

Update payment information
Read ComplianceView vulnerability scanning product information
Read AVAMView Malware Protection detail
Read Dashboard StatisticsView the data that populates the security dashboard
Read FIMView File Integrity Monitoring details.
Read Connections
Read FirewallView account firewall rules
Update Personal IdentityUpdate the challenge phrase and challenge response
View InvoicesView the invoices associated with your account
Read Network IPView account IP allocations and assignments
Read Network L2LView L2L network tunnels
View Core LicenseView core license information for your account
Read LocationsView locations available for this account
Read LogManagementView Log Management information
Read LogSearchView Log Search information
Read MonitoringView account resources
Read Network NatView DNAT assignments per VM.
Read Network BandwidthView network transfer history
Write Entity MetadataUpdates notes and tags
Read NotificationsView account notifications
Read OrdersView account resources
Read OS PackagesView OS patching details
Read Product CatalogRead Product Catalog
Global SearchPerform Global Search
Read Endpoints
Read SSL VPN Devices and UsersView SSL VPN account users and details
Read Virtual Machine StatsView graph data for virtual machines
Read StorageView disk and storage information for the account
View SubscriptionsView subscriptions for your account
Read TasksView task information
Read TemplatesView template details
Read TicketsView open tickets in your account
Write TicketsCreate a support ticket
Read Virtual Data CentersView account virtual data center details.
Read Server Replication
Read Virtual MachinesView virtual machine details
View Vulnerability ScansView vulnerability scanning report details

This role is automatically assigned to a new administrator account.

Expand
titlePermissions in the Billing role

After you create a user account with an assigned role, the new user will receive an email to complete the login process. During this time, the account administrator has limited access to that user account; however, the account administrator can still update roles and permissions for the new user. 

  1. In the Armor Management Portal (AMP), in the left-side navigation, click Account
  2. Click Roles + Permissions
  3. In the search bar, enter the name of the newly created user, and then hit Enter. The table shows a list of roles associated with that user. 
  4. Locate and select the desired role. 
  5. Under the name of the role, click Members
  6. Click Edit Members
  7. Select and drag the desired user to the Chosen column. 
  8. Click the X at the top, right corner. 

...

Review the following table to understand the permissions available for you to add to your Roles

...

Armor Complete - Secure Hosting

Armor Anywhere - Security

...

Armor Complete - Secure Hosting

Armor Anywhere - Security

...

Armor Complete - Secure Hosting

Armor Anywhere - Security

...

Armor Complete - Secure Hosting

Armor Anywhere - Security

...

Armor Complete - Secure Hosting

Armor Anywhere - Security

...

Armor Complete - Secure Hosting

Armor Anywhere - Security

...

Armor Complete - Secure Hosting

Armor Anywhere - Security

...

Armor Complete - Secure Hosting

Armor Anywhere - Security

...

Armor Complete - Secure Hosting

Armor Anywhere - Security

...

Armor Complete - Secure Hosting

Armor Anywhere - Security

...

Armor Complete - Secure Hosting

Armor Anywhere - Security

...

Armor Complete - Secure Hosting

Armor Anywhere - Security

...

Armor Complete - Secure Hosting

Armor Anywhere - Security

...

Armor Complete - Secure Hosting

Armor Anywhere - Security

...

Armor Complete - Secure Hosting

...

Armor Complete - Secure Hosting

...

Armor Complete - Secure Hosting

Armor Anywhere - Security

...

Armor Complete - Secure Hosting

Armor Anywhere - Security

...

Armor Complete - Secure Hosting

Armor Anywhere - Security

...

Armor Complete - Secure Hosting

Armor Anywhere - Security

...

Billing / Accounting

...

Armor Complete - Secure Hosting

Armor Anywhere - Security

...

Billing / Accounting

Technical

...

Armor Complete - Secure Hosting

Armor Anywhere - Security

...

Billing / Accounting

Technical

...

Billing / Accounting

Technical

...

View account notifications

...

Billing / Accounting

Technical

...

Armor Complete - Secure Hosting

Armor Anywhere - Security

...

Billing / Accounting

Technical

...

Armor Complete - Secure Hosting

Armor Anywhere - Security

...

Billing / Accounting

Technical

...

Armor Complete - Secure Hosting

Armor Anywhere - Security

...

Billing / Accounting

Technical

...

Armor Complete - Secure Hosting

Armor Anywhere - Security

...

61 in total

Technical
Excerpt
hiddentrue
Specific permissionDescriptionSuggested role
Read Orders

View account resources.

Technical, Billing
Write OrdersAdd additional account resources.Billing
Read Endpoint(s)Write Endpoint(s)Read Subscriber Key(s)Write Subscriber Key(s)Read Subscriber(s)Write Subscriber(s)
Read IdentityView account information.Technical, Billing,
Write IdentityUpdate account information.Technical, Billing
Read Entity MetadataView notes and tags throughout the portalTechnical, Billing
Write Entity MetadataUpdate notes and tags throughout the portalTechnical, Billing
Read FirewallView account firewall rulesTechnical, Billing
Write FirewallAdd and edit account firewall rulesTechnical
Read Network IPView account IP allocations and assignments.Technical, Billing
Write Network IPAdd, update, and remove IP assignments throughout the account.Technical
Read Network L2LView L2L network tunnelsTechnical, Billing
Write Network L2LAdd, update, and remove L2L tunnelsTechnical
Read Network NatView DNAT assignments per VM.Technical, Billing
Write Network NatAdd and remove DNAT assignments.Technical
Read Network BandwidthView network transfer history.Technical, Billing
Read Notification(s)View account notifications.Technical, Billing
Read Ticket(s)View account tickets.Technical, Billing
Write Ticket(s)Create and update tickets, related servers, and recipients.Technical, Billing
Read Workload(s)View account workloads.Technical, Billing
Write WorkloadCreate, update, and remove account workloads.Technical
Read Location(s)Discover locations available for the account.Technical, Billing
Read MonitoringView account resources.Technical, Billing
Read AutoScaleView autoscale settings for workloads and VMs.Write AutoScaleSet autoscale settings for workloads and VMs.
Read Virtual Machine StatsView graph data for VMs.Technical, Billing
Read StorageView disk and storage information for the account.Technical, Billing
Read Virtual Machine(s)View VM details.Technical, Billing
Write Virtual MachineCreate, update, and remove account VMs.Technical
Read Template(s)View template details.Technical, Billing
Write TemplateCreate, update, and remove account templates.Technical
Read Virtual Data CentersView account virtual data center details.Write Virtual Data CentersCreate, edit, and remove account virtual data centers.Read ConnectionsWrite ConnectionsWrite Secret
Read FIMView file integrity detailsTechnical, Billing
Read AVAMView antivirus and anti-malware (malware protection) detailsTechnical, Billing
Read Dashboard StatisticsView main security dashboardTechnical, Billing
Read OS PackagesView OS patching detailsTechnical, Billing
Read SSL VPN Devices and UsersView SSLVPN account users and detailsTechnical, Billing
Write SSL VPN Devices and UsersEnable SSLVPN for account usersTechnical
Update Personal IdentityUpdate Personal IdentityTechnical, Billing
View Core LicenseView Core License InformationTechnical, Billing
Update Payment InformationView/Create/Edit/Delete Payment InformationBilling
Write OrdersAdd additional account resourcesUpdate Customer PasswordsUpdate another user's passwordRead AutoscaleView autoscale settings for workloads and VMs.Read Storage
View disk and storage information for the account.
View SubscriptionsView Marketplace subscriptionsRead TasksView task informationWrite TasksUpdate task informationView InvoicesView InvoicesRead LogManagementView Log Management informationRead LogSearchView Log Search informationWrite AccountUpdate account informationRead Product CatalogRead Product CatalogGlobal SearchPerform Global SearchWrite SubscriptionsWrite SubscriptionsScale Virtual MachineScale up and down account VMs
Excerpt
hiddentrue

This role is automatically updated with new permissions after an AMP release.

Note

With the Admin role, you can also view the specific routes associated with each permission. 

  1. In the Armor Management Portal (AMP), in the left-side navigation, click Account
  2. Click Roles + Permissions
  3. Locate and select the desired role.
  4. Click the expand arrow for the permission that you want to view.
Expand
titlePermissions in the
PermissionSystemResourceDescriptionRecommended roleProduct compatibility
Read Network BandwidthNetworkNetworkView network transfer historyTechnicalArmor Complete - Secure Hosting
Read FirewallNetworkFirewallView account firewall rulesTechnicalArmor Complete - Secure Hosting
Write FirewallNetworkFirewallAdd and update firewall rulesTechnicalArmor Complete - Secure Hosting
Read Network IPNetworkIPView account IP allocations and assignmentsTechnicalArmor Complete - Secure Hosting
Write Network IPNetworkIPAdd, update, and remove IP assignmentsTechnicalArmor Complete - Secure Hosting
Read Network L2LNetworkL2LView L2L network tunnelsTechnicalArmor Complete - Secure Hosting
Write Network L2LNetworkL2LAdd, update, and remove L2L tunnelsTechnicalArmor Complete - Secure Hosting
Read Network NATNetworkNATView DNAT assignments per virtual machineTechnicalArmor Complete - Secure Hosting
Write Network NATNetworkNATAdd and remove DNAT assignmentsTechnicalArmor Complete - Secure Hosting
Read SSL VPN Devices and UsersNetworkSSL VPNView SSL VPN account users and detailsTechnicalArmor Complete - Secure Hosting
Write SSL VPN Devices and UserNetworkSSL VPNEnable SSL VPN for account usersTechnicalArmor Complete - Secure Hosting
Read IdentityIdentityAccountsView account informationTechnical

Armor Complete - Secure Hosting

Armor Anywhere - Security

Update Personal IdentityIdentityIdentityUpdate the challenge phrase and challenge responseTechnical

Armor Complete - Secure Hosting

Armor Anywhere - Security

Write AccountIdentityAccountsUpdate account informationTechnical

Armor Complete - Secure Hosting

Armor Anywhere - Security

Update Customer PasswordsIdentityRolesUpdate another user's passwordTechnical

Armor Complete - Secure Hosting

Armor Anywhere - Security

Write IdentityIdentityRolesUpdate account informationTechnical

Armor Complete - Secure Hosting

Armor Anywhere - Security

Read Workload(s)VPCAPPView account workloadsTechnicalArmor Complete - Secure Hosting
Write WorkloadVPCAPPCreate, update, and remove account workloadsTechnicalArmor Complete - Secure Hosting
Read Location(s)VPCLocationView locations available for this accountTechnicalArmor Complete - Secure Hosting
Read MonitoringVPCMonitoringView account resourcesTechnicalArmor Complete - Secure Hosting
Read Virtual Machine StatsVPCStatsView graph data for virtual machinesTechnicalArmor Complete - Secure Hosting
Read StorageVPCStorageView disk and storage information for the accountTechnicalArmor Complete - Secure Hosting
Read Template(s)VPCTemplateView template detailsTechnicalArmor Complete - Secure Hosting
Write TemplateVPCTemplateCreate, update, and remove account templatesTechnicalArmor Complete - Secure Hosting
Read Virtual Machine(s)VPCVMSView virtual machine detailsTechnicalArmor Complete - Secure Hosting
Scale Virtual MachineVPCVMSUpgrade or downgrade the size of a virtual machine.TechnicalArmor Complete - Secure Hosting
Write Virtual MachineVPCVMSCreate, update, and remove account virtual virtual machinesTechnicalArmor Complete - Secure Hosting
Read Server ReplicationVPCVMSTechnicalWrite Server ReplicationVPCVMSTechnical
Update Payment InformationAccountBillingView, create, edit, and delete payment information.Billing / Accounting

Armor Complete - Secure Hosting

Armor Anywhere - Security

Read Payment InformationAccountBillingView payment information.Billing / Accounting

Armor Complete - Secure Hosting

Armor Anywhere - Security

Read ConnectionsAccountConnections

Armor Complete - Secure Hosting

Armor Anywhere - Security

Write ConnectorsAccountConnectors

Armor Complete - Secure Hosting

Armor Anywhere - Security

Read OrdersAccountOrdersView account resourcesBilling / Accounting

Armor Complete - Secure Hosting

Armor Anywhere - Security

Write OrdersAccountOrdersAdd additional account resourcesBilling / Accounting

Armor Complete - Secure Hosting

Armor Anywhere - Security

Write SecretAccountSecretCreate a password for your virtual machine?Technical

Armor Complete - Secure Hosting

Armor Anywhere - Security

Read ComplianceComplianceComplianceView vulnerability scanning product informationTechnical

Armor Complete - Secure Hosting

Write ComplianceComplianceComplianceUpdate (upgrade, downgrade or delete) vulnerability scanning optionsTechnical

Armor Complete - Secure Hosting

Read AVAMCoreConnectionView Malware Protection details.TechnicalArmor Anywhere - Security
Read Dashboard StatisticsCoreConnectionDoes this apply now to the newly created dashboard?TechnicalArmor Anywhere - Security
Read FIMCoreConnectionView File Integrity Monitoring details.TechnicalArmor Anywhere - Security
View Core LicenseCoreLicensingIs this to view just your core information?TechnicalArmor Anywhere - Security
Read LogManagementCoreLogsView Log Management informationTechnical

Armor Complete - Secure Hosting

Armor Anywhere - Security

Read LogSearchCoreLogsView Log Search informationTechnical

Armor Complete - Secure Hosting

Armor Anywhere - Security

Write LogManagementCoreLogsUpdate log management servicesTechnical

Armor Complete - Secure Hosting

Armor Anywhere - Security

Read OS PackagesCorePackagesView OS patching detailsTechnical

Armor Complete - Secure Hosting

Armor Anywhere - Security

View Vulnerability ScansCoreVulnerability ScanningView vulnerability scanning report detailsTechnicalArmor Anywhere - Security
PermissionSystemResourceDescriptionRecommended roleProduct compatibility
View InvoicesBillingInvoicesView the invoices associated with your account

Billing / Accounting

Armor Complete - Secure Hosting

Armor Anywhere - Security

Read Product CatalogBillingProductsView available products to add to your account

Billing / Accounting

Technical

Armor Complete - Secure Hosting

Armor Anywhere - Security

View SubscriptionBillingSubscriptionsView subscriptions for your account

Billing / Accounting

Technical

Armor Complete - Secure Hosting
Write SubscriptionsBillingSubscriptionsAdd subscriptions to your account

Billing / Accounting

Technical

Armor Complete - Secure Hosting
Read Entity MetadataMetaNoteView notes and tagsTechnicalArmor Complete - Secure Hosting
Write Entity MetadataMetaNoteUpdates notes and tagsTechnicalArmor Complete - Secure Hosting
Read TasksMetaTaskView task informationTechnicalArmor Complete - Secure Hosting
Write TasksMetaTaskWrite task informationTechnicalArmor Complete - Secure Hosting
Read Notification(s)NotificationNotifications

View account notifications

Billing / Accounting

Technical

Armor Complete - Secure Hosting

Armor Anywhere - Security

Read Ticket(s)TicketTicketsView open tickets in your account

Billing / Accounting

Technical

Armor Complete - Secure Hosting

Armor Anywhere - Security

Write Ticket(s)TicketTicketsCreate a support ticket

Billing / Accounting

Technical

Armor Complete - Secure Hosting

Armor Anywhere - Security

Global SearchSearchSearchSearch throughout AMP for various resource needs

Billing / Accounting

Technical

Armor Complete - Secure Hosting

Armor Anywhere - Security

Read Endpoint(s)ArmorSecurityendpointsTechnical
PermissionSystemResourceDescriptionRecommended roleProduct compatibility
Read Network BandwidthNetworkNetworkView network transfer historyTechnicalArmor Complete - Secure Hosting
Read FirewallNetworkFirewallView account firewall rulesTechnicalArmor Complete - Secure Hosting
Write FirewallNetworkFirewallAdd and update firewall rulesTechnicalArmor Complete - Secure Hosting
Read Network IPNetworkIPView account IP allocations and assignmentsTechnicalArmor Complete - Secure Hosting
Write Network IPNetworkIPAdd, update, and remove IP assignmentsTechnicalArmor Complete - Secure Hosting
Read Network L2LNetworkL2LView L2L network tunnelsTechnicalArmor Complete - Secure Hosting
Write Network L2LNetworkL2LAdd, update, and remove L2L tunnelsTechnicalArmor Complete - Secure Hosting
Read Network NATNetworkNATView DNAT assignments per virtual machineTechnicalArmor Complete - Secure Hosting
Write Network NATNetworkNATAdd and remove DNAT assignmentsTechnicalArmor Complete - Secure Hosting
Read SSL VPN Devices and UsersNetworkSSL VPNView SSL VPN account users and detailsTechnicalArmor Complete - Secure Hosting
Write SSL VPN Devices and UserNetworkSSL VPNEnable SSL VPN for account usersTechnicalArmor Complete - Secure Hosting
PermissionSystemResourceDescriptionRecommended roleProduct compatibility
Read IdentityIdentityAccountsView account informationTechnicalArmor Complete - Secure Hosting, Armor Anywhere - Security
Update Personal IdentityIdentityIdentityUpdate the challange phrase and challenge responseTechnicalArmor Complete - Secure Hosting, Armor Anywhere - Security
Write AccountIdentityAccountsUpdate account informationTechnicalArmor Complete - Secure Hosting, Armor Anywhere - Security
Update Customer PasswordsIdentityRolesUpdate another user's passwordTechnicalArmor Complete - Secure Hosting, Armor Anywhere - Security
Write IdentityIdentityRolesUpdate account informationTechnicalArmor Complete - Secure Hosting, Armor Anywhere - Security
PermissionSystemResourceDescriptionRecommended roleProduct compatibility
Read Workload(s)VPCAPPView account workloadsTechnicalArmor Complete - Secure Hosting
Write WorkloadVPCAPPCreate, update, and remove account workloadsTechnicalArmor Complete - Secure Hosting
Read Location(s)VPCLocationView locations available for this accountTechnicalArmor Complete - Secure Hosting
Read MonitoringVPCMonitoringView account resourcesTechnicalArmor Complete - Secure Hosting
Read Virtual Machine StatsVPCStatsView graph data for virtual machinesTechnicalArmor Complete - Secure Hosting
Read StorageVPCStorageView disk and storage information for the accountTechnicalArmor Complete - Secure Hosting
Read Template(s)VPCTemplateView template detailsTechnicalArmor Complete - Secure Hosting
Write TemplateVPCTemplateCreate, update, and remove account templatesTechnicalArmor Complete - Secure Hosting
Read Virtual Machine(s)VPCVMSView virtual machine detailsTechnicalArmor Complete - Secure Hosting
Scale Virtual MachineVPCVMSUpgrade or downgrade the size of a virtual machine.TechnicalArmor Complete - Secure Hosting
Write Virtual MachineVPCVMSCreate, update, and remove account virtual virtual machinesTechnicalArmor Complete - Secure Hosting
Read Server ReplicationVPCVMSTechnicalWrite Server ReplicationVPCVMSTechnical
PermissionSystemResourceDescriptionRecommended roleProduct compatibility
Update Payment InformationAccountBillingView, create, edit, and delete payment information.Billing / Accounting

Armor Complete - Secure Hosting

Armor Anywhere - Security

Read Payment InformationAccountBillingView payment information.Billing / Accounting

Armor Complete - Secure Hosting

Armor Anywhere - Security

Read ConnectionsAccountConnections

Armor Complete - Secure Hosting

Armor Anywhere - Security

Write ConnectorsAccountConnectors

Armor Complete - Secure Hosting

Armor Anywhere - Security

Read OrdersAccountOrdersView account resourcesBilling / Accounting

Armor Complete - Secure Hosting

Armor Anywhere - Security

Write OrdersAccountOrdersAdd additional account resourcesBilling / Accounting

Armor Complete - Secure Hosting

Armor Anywhere - Security

Write SecretAccountSecretCreate a password for your virtual machine?Technical

Armor Complete - Secure Hosting

Armor Anywhere - Security

PermissionSystemResourceDescriptionRecommended roleProduct compatibility
Read ComplianceComplianceComplianceView vulnerability scanning product informationTechnical

Armor Complete - Secure Hosting

Write ComplianceComplianceComplianceUpdate (upgrade, downgrade or delete) vulnerability scanning optionsTechnical

Armor Complete - Secure Hosting

PermissionSystemResourceDescriptionRecommended roleProduct compatibility
Read AVAMCoreConnectionView Malware Protection details.TechnicalArmor Anywhere - Security
Read Dashboard StatisticsCoreConnectionDoes this apply now to the newly created dashboard?TechnicalArmor Anywhere - Security
Read FIMCoreConnectionView File Integrity Monitoring details.TechnicalArmor Anywhere - Security
View Core LicenseCoreLicensingIs this to view just your core information?TechnicalArmor Anywhere - Security
Read LogManagementCoreLogsView Log Management informationTechnical

Armor Complete - Secure Hosting

Armor Anywhere - Security

Read LogSearchCoreLogsView Log Search informationTechnical

Armor Complete - Secure Hosting

Armor Anywhere - Security

Write LogManagementCoreLogsUpdate log management servicesTechnical

Armor Complete - Secure Hosting

Armor Anywhere - Security

Read OS PackagesCorePackagesView OS patching detailsTechnical

Armor Complete - Secure Hosting

Armor Anywhere - Security

View Vulnerability ScansCoreVulnerability ScanningView vulnerability scanning report detailsTechnicalArmor Anywhere - Security
PermissionSystemResourceDescriptionRecommended roleProduct compatibility
View InvoicesBillingInvoicesView the invoices associated with your account

Billing / Accounting

Armor Complete - Secure Hosting

Armor Anywhere - Security

Read Product CatalogBillingProductsView available products to add to your account

Billing / Accounting

Technical

Armor Complete - Secure Hosting

Armor Anywhere - Security

View SubscriptionBillingSubscriptionsView subscriptions for your account

Billing / Accounting

Technical

Armor Complete - Secure Hosting
Write SubscriptionsBillingSubscriptionsAdd subscriptions to your account

Billing / Accounting

Technical

Armor Complete - Secure Hosting
PermissionSystemResourceDescriptionRecommended roleProduct compatibility
Read Entity MetadataMetaNoteView notes and tagsTechnicalArmor Complete - Secure Hosting
Write Entity MetadataMetaNoteUpdates notes and tagsTechnical Armor Complete - Secure Hosting
Read TasksMetaTaskView task informationTechnical Armor Complete - Secure Hosting
Write TasksMetaTaskWrite task informationTechnical Armor Complete - Secure Hosting
PermissionSystemResourceDescriptionRecommended roleProduct compatibility
Read Notification(s)NotificationNotifications

View account notifications

Billing / Accounting

Technical

Armor Complete - Secure Hosting

Armor Anywhere - Security

Specific permissionsSystemResourceDescriptionRecommended roleProduct compatibility
Read Ticket(s)TicketTicketsView open tickets in your account

Billing / Accounting

Technical

Armor Complete - Secure Hosting

Armor Anywhere - Security

Write Ticket(s)TicketTicketsCreate a support ticket

Billing / Accounting

Technical

Armor Complete - Secure Hosting

Armor Anywhere - Security

Specific permissionsSystemResourceDescriptionRecommended roleProduct compatibility
Global SearchSearchSearchSearch throughout AMP for various resource needs

Billing / Accounting

Technical

Armor Complete - Secure Hosting

Armor Anywhere - Security

Specific permissionsSystemResourceDescriptionRecommended roleProduct compatibility
Read Endpoint(s)ArmorSecurityendpointsTechnical
default Billing role

By default, the Technical role contains the following permissions: 

PermissionDescriptionRead Entity MetadataView notes and tags

Read Identity

View account information

Read Workloads

View account workloads

Write Workload

Create, update, and remove account workloads

Read Compliance

View vulnerability scanning product information

Write Compliance

Update (upgrade, downgrade or delete) vulnerability scanning options

Read AVAM

View Malware Protection detail

Read Dashboard Statistics

View the data that populates the security dashboard

Read FIM

View File Integrity Monitoring details.

Read Connections

Write Connectors

Read Firewall

View firewall rules

Write Firewall

Add and update firewall rules

Update Personal Identity

Update the challenge phrase and challenge response

Read Network IP

View IP address allocations and assignments

Write Network IP

Add, update, and remove IP address assignments

Read Network L2L

View L2L network tunnels

Write Network L2L

Add, update, and remove L2L tunnels

View Core License

View core license information for your account

Read Locations

View locations available for this account

Read LogManagement

View Log Management information

Read LogSearch

View Log Search information

Write LogManagement

Update log management services

Read Monitoring

View account resources

Read Network Nat

View DNAT assignments per virtual machine

Write Network Nat

Add and remove DNAT assignments

Read Network Bandwidth

View network transfer history

Write Entity Metadata

Updates notes and tags

Read Notifications

View account notifications

Read Orders

View account resources

Write Orders

Add additional account resources

Read OS Packages

View OS patching details

Read Product Catalog

View available products to add to your account

Global Search

Search throughout AMP for various resource needs

Write Secret

Read Endpoints

Read SSL VPN Devices and Users

View SSL VPN users and details

Read Virtual Machine Stats

View graph data for virtual machines

Read Storage

View disk and storage information for your account

View Subscriptions

View current subscriptions for your account

Write Subscriptions

Add subscriptions to your account

Read Tasks

View task information

Write Tasks

Write task information

Read Templates

View template details

Write Templates

Create, update, and remove account templates

Read Tickets

View open tickets

Write Tickets

Create a support ticket

Read Virtual Data Centers

Read Server Replication

Read Virtual Machines

View virtual machine details

Scale Virtual Machine

Upgrade or downgrade the size of a virtual machine

Write Server Replication

Write Virtual Machine

Create, update, and remove virtual machinesView Vulnerability ScanView vulnerability scanning report details

...

  1. In the Armor Management Portal (AMP), in the left-side navigation, click Account
  2. Click Roles + Permissions
  3. Locate and select the desired role. 
  4. Under the name of the role, click Members
  5. Click Edit Members
  6. Select and drag the desired user to the Chosen column. 
  7. Click the X at the top, right corner.  

...

Note

Remember, when you update the permissions for a role, the users assigned to that role will automatically be able to use the newly added permissions.

  1. In the Armor Management Portal (AMP), in the left-side navigation, click Account
  2. Click Roles + Permissions
  3. Locate and select the desired role. 
  4. Select or deselect the desired permissions. 
  5. Click Save Role

...

At a high-level, the default Billing role contains mostly read-only permissions.

Note

This role is not automatically updated with new permissions after an AMP release.

Review the following table to better understand the specific permissions associated with the default Billing role. 

AMP ScreenPermissionDescription

Security Dashboard (landing page)

Read Dashboard StatisticsThis permission allows you to view the widgets (and corresponding data) that populate the security dashboard. These widgets display a high-level status of your virtual machines, agents, and open security incidents.

Malware Protection

Read AVAMThis permission allows you to view antivirus and anti-malware (malware protection) details for each virtual machine.

FIM

Read FIMThis permission allows you to view file integrity details for each virtual machine.

Patching

Read OS PackagesThis permission allows you to view details OS patching details for each virtual machine.
Intrusion DetectionRead IDSThis permission allows you to view intrusion detection data.

Log & Data Management

Read LogManagement

This permission allows you to view high-level information for log collection for each virtual machine, such as:

  • Date logs were last received
  • Average size of collected logs
  • Log Status
Log & Data Management

Read LogSearch

This permission allows you to view details for log collection, such as the specific log message, for each virtual machine.

Firewall

Read Firewall

This permission allows you to view details for firewall rules for each virtual machine.

MarketplaceRead Product Catalog

This permission allows you to view available add-on products.

You must have this permission enabled in your account in order to view purchased services and also to order new services in AMP.

Marketplace (and My Products)View SubscriptionsThis permission allows you to view subscription-based add-on products in the My Products screen of the User Details screen.
WorkloadsRead Workload(s)

This permission allows you to view high-level data for workloads, such as

  • the associated data center
  • the number of tiers within the workload
  • the number of virtual machines within the workload
Virtual MachinesWrite OrdersThis permission allows you to provision a new virtual machine.
Virtual MachinesRead Virtual Machine StatsThis permission allows you to view usage data for a virtual data. This data is displayed in a line graph.
Virtual MachinesRead Virtual Machine(s)

This permission allows you to view data for a virtual machine, such as

  • Operating system
  • Size
  • Corresponding workload
  • Status
Virtual MachinesRead Location(s)This permission allows you to view a list of available Armor data centers when you manage your virtual machines.
Virtual MachinesRead Virtual Data CentersThis permission allows you to view the list of virtual environments in your account.
Virtual MachinesRead Server Replication

This permission allows you to view high-level data for the server replication (disaster recovery) add-on product. Specifically, this permission allows you to view:

  • The status of the add-on product (configuring, enabled, disabled)
  • The location of the primary data center
  • The location of the failover data center
  • The status of the replication
Virtual MachinesRead TasksThis permission allows you to view pending tasks, such as a scheduled delete or downsize of a virtual machine.
Virtual MachinesRead StorageThis permission allows you to view disk and storage information for a virtual machine.
IP AddressesRead Network IPThis permission allows you to view data for unassigned and assigned public and private IP addresses
IP AddressesRead Network NATThis permission allows you to view DNAT assignments.
L2L VPNRead Network L2LThis permission allows you to view high-level data for your L2L network tunnels.
SSL/VPNRead SSL VPN Devices and UsersThis permission allows you to view the status of your users' SSL VPN client.
ComplianceRead ComplianceThis permission allows you to view information for the vulnerability scanning add-on product information. Specifically, you will see the status of the add-on product.

Tickets

Read Ticket(s)This permission allows you to view support tickets listed in the ViewArchivedTickets section.
Overview (Account screen)Read Identity

This permission allows you to view the account-level information, such as

  • Account overview
  • Armor contacts
  • User profiles
  • Roles and permissions
User DetailUpdate Personal Identity

This permission allows you to update your personal account information, such as your:

  • Password
  • Challenge Phrase
  • Challenge Response
User DetailRead Notification(s)This permission allows you to view the notification preferences for your users, such as a user's preference to receive an email regarding technical updates.
InvoicesView InvoicesThis permission allows you to view current and previous invoices.
Payment MethodsRead Payment InformationThis permission allows you to view current payment information, such as the primary payment method.
Payment MethodsWrite / Update Payment InformationThis permission allows you to update the payment information, such as adding a new credit card or assigning a new primary payment method
Not applicableRead Entity Metadata

This permission allows you to view optional notes and tags that have been added to various AMP resources, such as a note added to a virtual machine.

Not applicableWrite Entity MetadataThis permission allows you to add, update, and delete optional notes and tags to various AMP resource, such as adding a note to a virtual machine.
Not applicableGlobal SearchThis permission allows you to use the global search function throughout AMP.



Expand
titlePermissions in the default Technical role

At a high-level, the default Technical role contains read-only and write-only permissions, with a focus on security and infrastructure resources in AMP.

Note

This role is not automatically updated with new permissions after an AMP release.

Review the following table to better understand the specific permissions associated with the default Technical role. 

AMP ScreenPermissionDescription

Security Dashboard (landing page)

Read Dashboard StatisticsThis permission allows you to view the widgets (and corresponding data) that populate the security dashboard. These widgets display a high-level status of your virtual machines, agents, and open security incidents.
Malware ProtectionRead AVAMThis permission allows you to view antivirus and anti-malware (malware protection) details for each virtual machine.
FIMRead FIMThis permission allows you to view file integrity details for each virtual machine.
PatchingRead OS PackagesThis permission allows you to view details OS patching details for each virtual machine.
Intrusion DetectionRead IDSThis permission allows you to view intrusion detection data.
Log & Data ManagementRead LogManagement

This permission allows you to view high-level information for log collection for each virtual machine, such as:

  • Date logs were last received
  • Average size of collected logs
  • Log Status
Log ManagementRead LogSearchThis permission allows you to view details for log collection, such as the specific log message, for each virtual machine.
Log Management

Write LogManagement

This permission allows you to update the log management service, specifically the permission to upgrade the log retention plan.
FirewallRead FirewallThis permission allows you to view details for firewall rules for each virtual machine.
FirewallWrite FirewallThis permission allows you to add, update, or delete firewall rules.
MarketplaceRead Product Catalog

This permission allows you to view available add-on products.

You must have this permission enabled in your account in order to view purchased services and also to order new services in AMP.

Marketplace (and My Products)View SubscriptionsThis permission allows you to view subscription-based add-on products in the My Products screen of the User Details screen.
Marketplace (and My Products)Write Subscriptions

This permission allows you to view the Armor Marketplace, as well as add and cancel subscription-based add-on products.

Specifically, you can add the subscription in the Armor Marketplace, and then cancel the subscription in the My Products screen of the User Details screen.

WorkloadsRead Workload(s)

This permission allows you to view high-level data for workloads, such as

  • the associated data center
  • the number of tiers within the workload
  • the number of virtual machines within the workload
WorkloadsWrite WorkloadThis permission allows you to create, update, and remove workloads and tiers.
Virtual Machines / VM DetailsWrite OrdersThis permission allows you to provision a new virtual machine.
Virtual Machines / VM DetailsRead Virtual Machine StatsThis permission allows you to view usage data for a virtual data. This data is displayed in a line graph.
Virtual Machines / VM DetailsRead Virtual Machine(s)

This permission allows you to view data for a virtual machine, such as

  • Operating system
  • Size
  • Corresponding workload
  • Status
Virtual Machines / VM DetailsScale Virtual MachineThis permission allows you upgrade or downgrade (resize) the size of a virtual machine.
Virtual Machines / VM DetailsWrite Virtual MachineThis permission allows you to create, update, and remove virtual machines.
Virtual Machines / VM DetailsRead Location(s)This permission allows you to view a list of available Armor data centers when you manage your virtual machines.
Virtual Machines / VM DetailRead Virtual Data CentersThis permission allows you to view the list of virtual environments in your account.
Virtual MachinesRead Server Replication

This permission allows you to view high-level data for the server replication (disaster recovery) add-on product. Specifically, this permission allows you to view:

  • The status of the add-on product (configuring, enabled, disabled)
  • The location of the primary data center
  • The location of the failover data center
  • The status of the replication
Virtual MachinesWrite Server ReplicationThis permission allows you to order and cancel the server replication add-on product.
Virtual MachinesRead TasksThis permission allows you to view pending tasks, such as a scheduled delete or downsize of a virtual machine.
Virtual MachinesWrite TasksThis permission allows you to schedule a delete or downsize of a virtual machine.
Virtual MachinesRead StorageThis permission allows you to view disk and storage information for a virtual machine.
IP AddressesRead Network IPThis permission allows you to view data for unassigned and assigned public and private IP addresses
IP AddressesWrite Network IP

This permission allows you to update an IP address, such as:

  • Assign an IP addresses
  • Unassign an IP addresses
  • Delete IP address
  • Request a new public IP address
IP AddressesRead Network NATThis permission allows you to view DNAT assignments.
IP AddressesWrite Network NATThis permission allows you to add and remove DNAT assignments.
L2L VPNRead Network L2LThis permission allows you to view high-level data for your L2L network tunnels. 
L2L VPNWrite Network L2LThis permission allows you to add, update, and remove L2L tunnels.
SSL/VPNRead SSL VPN Devices and UsersThis permission allows you to view the status of your users' SSL VPN client.
SSL/VPNWrite SSL VPN Devices and UserThis permission allows you to enable your users the ability to download and install the SSL VPN client.
ComplianceRead ComplianceThis permission allows you to view information for the vulnerability scanning add-on product information. Specifically, you will see the status of the add-on product.
ComplianceWrite ComplianceThis permission allows you to upgrade, downgrade, or delete the vulnerability scanning add-on product.
TicketsRead Ticket(s)This permission allows you to view support tickets listed in the ViewArchivedTickets section.
Overview (Account screen)Read Identity

This permission allows you to view the account-level information, such as

  • Account overview
  • Armor contacts
  • User profiles
  • Roles and permissions
User DetailUpdate Personal Identity

This permission allows you to update your personal account information, such as your:

  • Password
  • Challenge Phrase
  • Challenge Response
User DetailRead Notification(s)This permission allows you to view the notification preferences for your users, such as a user's preference to receive an email regarding technical updates.
Not applicableRead Entity MetadataThis permission allows you to view optional notes and tags that have been added to various AMP resources, such as a note added to a virtual machine.
Not applicableWrite Entity MetadataThis permission allows you to add, update, and delete optional notes and tags to various AMP resource, such as adding a note to a virtual machine.
Not applicableGlobal SearchThis permission allows you to use the global search function throughout AMP.




Step 2: Assign a default role

  1. In the Armor Management Portal (AMP), in the left-side navigation, click Account
  2. Click Roles + Permissions
  3. Locate and select the desired default role (Admin, Billing, or Technical). 
  4. Click Members
  5. Under Members, enter and select the name of the user. 


Anchor
Create and assign a new role
Create and assign a new role
Create and assign a new role


Step 1: Create a role and add permissions

Excerpt Include
ESLP:Create a role and add permissions (snippet)
ESLP:Create a role and add permissions (snippet)
nopaneltrue
 

Step 2: Assign a role to an existing user account

Excerpt Include
ESLP:Assign a role to an existing user account (snippet)
ESLP:Assign a role to an existing user account (snippet)
nopaneltrue


Anchor
Update permissions to a role
Update permissions to a role
Update a permission for a role


Excerpt Include
ESLP:Update a permission for a role (snippet)
ESLP:Update a permission for a role (snippet)
nopaneltrue


Anchor
Remove a role for a newly created or existing user
Remove a role for a newly created or existing user
Remove a role for a newly created or existing user


Excerpt Include
ESLP:Remove a role for a newly created or existing user (snippet)
ESLP:Remove a role for a newly created or existing user (snippet)
nopaneltrue


Anchor
Delete a role
Delete a role
Delete A Role


Excerpt Include
ESLP:Delete a role (snippet)
ESLP:Delete a role (snippet)
nopaneltrue



Additional Documentation

To view every permission available in AMP, see Review All Permissions.

Note

In the Roles and Permissions screen, you may see permissions that only apply to Armor Complete or Armor Anywhere users. Your roles will not malfunction if you happen to add a permission for a different product to your role.




Was this helpful?
Rate Macro

Scrolltotop



Excerpt
hiddentrue

test

Review permissions for popular AMP screens

Review the following tables to understand the permissions needed to interact with popular screens in AMP. 

Note

To view every permission available in AMP, see Review All Permissions.

Note

In the Roles and Permissions screen in AMP, you may see permissions that only apply to Armor Anywhere users. Your roles will not malfunction if you happen to add an Armor Anywhere permission to your role.



Permissions for virtual machines and workloads

Screen / FeatureActionsPermissionsAdditional information
Virtual Machines and Workloads
  • Create a virtual machine 
  • Reboot, reset, or turn off a virtual machine
  • Delete a virtual machine
  • Resize a virtual machine
  • Upgrade a virtual machine
  • Downgrade a virtual machine
  • Add disk space to an existing virtual machine
  • Export virtual machine data
  • View a workload
  • Create a workload

  • Read Workload(s)
  • Write Workload
  • Read Virtual Machine Stats
  • Read Virtual Machine(s)
  • Write Virtual Machine
  • Scale Virtual Machine
  • Read Location(s)
  • Read Virtual Data Centers
  • Read Tasks
  • Write Tasks
  • Read Storage
  • Read Network L2L
  • Write Network L2L
  • Read SSL VPN Devices and Users
  • Write SSL VPN Devices and User
Note

If you ordered the Continuous Server Replication (Data Recovery) add-on product, then you must also have the following permissions:

  • Read Server Replication
  • Write Server Replication
Note

To learn more about the Virtual Machines screen, see Virtual Machines.



Permissions for IP addresses

Screen / FeatureActionsPermissionsAdditional information
IP Addresses
  • Assign a new public IP address to virtual machine
  • Assign an existing public IP address to a virtual machine
  • Remove an existing public IP address from a virtual machine
  • Delete an unassigned public IP address
  • Delete an assigned public IP address
  • Assign an available private IP address to a virtual machine
  • Unassign a secondary private IP address from a virtual machine
  • Read Network IP
  • Write Network IP
  • Read Network NAT
  • Write Network NAT
  • Read Location(s)
  • Read Virtual Data Centers
Note

To learn more about the IP Addresses screen, see IP Address.



Permissions for firewall rules

Screen / FeatureActionsPermissionsAdditional information
Firewall
  • Create a firewall rule with a new IP address group
  • Create a firewall rule with an existing IP address group
  • Edit a firewall rule
  • Edit name
  • Edit source
  • Edit destination
  • Edit action
  • Edit services
  • Enable or disable a firewall rule
  • Delete a firewall rule
  • Export firewall data
  • Create an IP group
  • Create a service group
  • Write Network IP Addresses 
  • Read Firewall 
  • Write Firewall 
  • Read Location(s)
  • Read Virtual Data Centers
Note

To learn more about the Firewall screen, see Firewall Rules.






Permissions for L2L VPN tunnels

Screen / FeatureActionsPermissionsAdditional information
L2L VPN
  • Create an L2L VPN tunnel with a new workload
  • Edit an L2L VPN tunnel
  • Enable, disable, or delete an L2L VPN tunnel

  • Read Network L2L
  • Write Network L2L
  • Read Location(s)
  • Read Virtual Data Centers

Note

To learn more about the L2L VPN screen, see L2L VPN Tunnel.



Permissions for SSL/VPN 

Screen / FeatureActionsPermissionsAdditional information
SSL/VPN
  • Enable and install your SSL/VPN access
  • Enable SSL/VPN access for your user
  • Disable SSL/VPN for your user
  • Read Network L2L
  • Write Network L2L
  • Read Location(s)
  • Read Virtual Data Centers

Note

To access a virtual machine, you must download and install the SSL/VPN client. An account administrator must first enable their users the ability to download the client. As a result, an account administrator must have the following permissions enabled in their account: 

  • Read SSL VPN Devices and Users
  • Write SSL VPN Devices and Users
  • Read Location(s)
  • Read Virtual Data Centers
Note

To learn more about the SSL/VPN screen, see SSL VPN.



Permissions for support tickets

Screen / FeatureActionsPermissionsAdditional information
Tickets
  • Create a support ticket
  • View a support ticket
  • View an archived ticket
  • Add a recipient to an existing support ticket
  • Chat with Armor
  • Read Ticket(s)
  • Read Ticket Group(s)
  • Write Ticket Group(s)
Note

In addition to these permissions, in order to view a ticket, you must be listed as a recipient. For example, if a user in your account sends a support ticket, and you are not listed as a recipient, then you will not be able to see this ticket.

Note

To learn more about the Tickets screen, see Armor Support.



Excerpt
hiddentrue

Permissions for Advanced Backup 

Screen / FeatureActionsPermissionsAdditional information
Advanced Backup
  • Create a snapshot policy
  • Assign a policy to a virtual machine
  • Restore a virtual machine from a backup 
  • Read Avanced Backup Plans
  • Commit Advanced Backup Restore
  • Create Advanced Backup Policy
  • Read Advanced Backup
  • Read Advanced Backup Policy
  • Read Advanced Backup Snapshots
  • Read Advanced Backup Vms
  • Refresh Advanced Backup Snapshots
  • Remote Advanced Backup
  • Request Advanced Backup Restore
  • Update Advanced Backup Policy
  • Write Advanced Backup 
Note

Additionally, you must have all the permissions for the Virtual Machines screen.

Note

To learn more about the Advanced Backup screen, see Advanced Backup.



Permissions for Continuous Server Replication (Disaster Recovery)

Screen / FeatureActionsPermissionsAdditional information
Continuous Server Replication (Disaster Recovery)
  • Order Continuous Server Replication (Disaster Recovery) 
  • Request a test failover
  • Request a live failover
  • Read Server Replication
  • Write Server Replication 
Note

Additionally, you must have all the permissions for the Virtual Machines screen.

Note

To learn more about Continuous Server Replication (Disaster Recovery):



Permissions for Log & Data Management

Screen / FeatureActionsPermissionsAdditional information
Log & Data Management
  • View collected logs in the Search section
  • View the status of the logging subagent in the Sources section
  • Write LogManagement
  • Read LogManagement 
Note

To learn more about Log Management, seeNOT PUBLISHED: Log Management.



 


Permissions for Armor Marketplace

Screen / FeatureActionsPermissionsAdditional information
Armor Marketplace
  • View available add-on products
  • View subscription-based add-on products
  • Add and cancel products
  • Read Product Catalog
  • View Subscriptions
  • Write Subscriptions
Note

To learn more about the Armor Marketplace screen, see Armor Marketplace.



Permissions for the Health Dashboards

Screen / FeatureActionsPermissionsAdditional information
  • Health Overview (landing screen)
    • Protection
    • Detection
    • Response
    • Security Incidents
  • View the data that populates the security dashboards
  • Read Dashboard Statistics
Note

To learn more about the dashboards, see Health Overview Dashboard.



Permissions for Security screens

Screen / FeatureActionsPermissionsAdditional information
  • Security screens
    • Malware Protection
    • File Integrity Monitoring (FIM)
    • Patching
  • View the data that populates the security-focused screens
  • Read AVAM
  • Read FIM
  • Read OS Packages