Overview
In the Armor Management Portal (AMP), roles are similar to job titles that you can create and assign to your users. After you create a role, you can populate that role with specific permissions. For example, you can create a Billing role, and then you can add specific permissions that will give the assigned user permission to access billing-related permissions, such as Update Payment Information.
To learn more about Roles and Permissions, see Review available permissions.
By default, a new administrator account contains an Admin role with all the available permissions selected.
When you create a new user account, you must assign that user a role. Armor recommends that you create a default role that you can assign to a customer in order to complete the account-creation process.
Some popular roles to consider are Administrator, Audit, Billing, and Technical.
To learn more about Roles and Permissions, see Review available permissions.
Create a role and add permissions
Assign a role to an existing user account
- In the Armor Management Portal (AMP), in the left-side navigation, click Account.
- Click Roles + Permissions.
- Locate and select the desired role.
- Under the name of the role, click Members.
- Click Edit Members.
- Select and drag the desired user to the Chosen column.
- Click the X at the top, right corner.
Update a permission for a role
Remember, when you update the permissions for a role, the users assigned to that role will automatically be able to use the newly added permissions.
- In the Armor Management Portal (AMP), in the left-side navigation, click Account.
- Click Roles + Permissions.
- Locate and select the desired role.
- Select or deselect the desired permissions.
- Click Save Role.
Remove a role for a newly created or existing user
After you create a user account with an assigned role, the new user will receive an email to complete the login process. During this time, the account administrator has limited access to that user account; however, the account administrator can still update roles and permissions for the new user.
- In the Armor Management Portal (AMP), in the left-side navigation, click Account.
- Click Roles + Permissions.
- In the search bar, enter the name of the newly created user, and then hit Enter. The table shows a list of roles associated with that user.
- Locate and select the desired role.
- Under the name of the role, click Members.
- Click Edit Members.
- Select and drag the desired user to the Chosen column.
- Click the X at the top, right corner.
Review available permissions
Review the following table to understand the permissions available for you to add to your Roles.
| Specific permission | Description | Suggested role |
|---|---|---|
| Read Orders | View account resources. | Technical, Billing |
| Write Orders | Add additional account resources. | Billing |
| Read Endpoint(s) | ||
| Write Endpoint(s) | ||
| Read Subscriber Key(s) | ||
| Write Subscriber Key(s) | ||
| Read Subscriber(s) | ||
| Write Subscriber(s) | ||
| Read Identity | View account information. | Technical, Billing, |
| Write Identity | Update account information. | Technical, Billing |
| Read Entity Metadata | View notes and tags throughout the portal | Technical, Billing |
| Write Entity Metadata | Update notes and tags throughout the portal | Technical, Billing |
| Read Firewall | View account firewall rules | Technical, Billing |
| Write Firewall | Add and edit account firewall rules | Technical |
| Read Network IP | View account IP allocations and assignments. | Technical, Billing |
| Write Network IP | Add, update, and remove IP assignments throughout the account. | Technical |
| Read Network L2L | View L2L network tunnels | Technical, Billing |
| Write Network L2L | Add, update, and remove L2L tunnels | Technical |
| Read Network Nat | View DNAT assignments per VM. | Technical, Billing |
| Write Network Nat | Add and remove DNAT assignments. | Technical |
| Read Network Bandwidth | View network transfer history. | Technical, Billing |
| Read Notification(s) | View account notifications. | Technical, Billing |
| Read Ticket(s) | View account tickets. | Technical, Billing |
| Write Ticket(s) | Create and update tickets, related servers, and recipients. | Technical, Billing |
| Read Workload(s) | View account workloads. | Technical, Billing |
| Write Workload | Create, update, and remove account workloads. | Technical |
| Read Location(s) | Discover locations available for the account. | Technical, Billing |
| Read Monitoring | View account resources. | Technical, Billing |
| Read AutoScale | View autoscale settings for workloads and VMs. | |
| Write AutoScale | Set autoscale settings for workloads and VMs. | |
| Read Virtual Machine Stats | View graph data for VMs. | Technical, Billing |
| Read Storage | View disk and storage information for the account. | Technical, Billing |
| Read Virtual Machine(s) | View VM details. | Technical, Billing |
| Write Virtual Machine | Create, update, and remove account VMs. | Technical |
| Read Template(s) | View template details. | Technical, Billing |
| Write Template | Create, update, and remove account templates. | Technical |
| Read Virtual Data Centers | View account virtual data center details. | |
| Write Virtual Data Centers | Create, edit, and remove account virtual data centers. | |
| Read Connections | ||
| Write Connections | ||
| Write Secret | ||
| Read FIM | View file integrity details | Technical, Billing |
| Read AVAM | View antivirus and anti-malware (malware protection) details | Technical, Billing |
| Read Dashboard Statistics | View main security dashboard | Technical, Billing |
| Read OS Packages | View OS patching details | Technical, Billing |
| Read SSL VPN Devices and Users | View SSLVPN account users and details | Technical, Billing |
| Write SSL VPN Devices and Users | Enable SSLVPN for account users | Technical |
| Update Personal Identity | Update Personal Identity | Technical, Billing |
| View Core License | View Core License Information | Technical, Billing |
| Update Payment Information | View/Create/Edit/Delete Payment Information | Billing |
| Write Orders | Add additional account resources | |
| Update Customer Passwords | Update another user's password | |
| Read Autoscale | View autoscale settings for workloads and VMs. | |
| Read Storage | View disk and storage information for the account. | |
| View Subscriptions | View Marketplace subscriptions | |
| Read Tasks | View task information | |
| Write Tasks | Update task information | |
| View Invoices | View Invoices | |
| Read LogManagement | View Log Management information | |
| Read LogSearch | View Log Search information | |
| Write Account | Update account information | |
| Read Product Catalog | Read Product Catalog | |
| Global Search | Perform Global Search | |
| Write Subscriptions | Write Subscriptions | |
| Scale Virtual Machine | Scale up and down account VMs |
