Page tree

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 5 Next »


When you first log into the Armor user interface, the Administrative role is created. You can create different roles with different permissions for yourself and for your users. 


Specific permissionDescriptionAPI route
Read Orders

View account resources.

  • GET orders/vm/options/software
  • GET software
  • GET usage
Write OrdersAdd additional account resources.
  • POST orders/submit/vm
Read Endpoint(s) 
  • GET security-endpoints
  • GET security-endpoints/{id}
  • GET security-endpoints/{id}/history
  • POST security-endpoints-search
  • POST security-endpoints/actions/ping

Write Endpoint(s) 
  • PATCH security-endpoints/{id}
  • POST security-endpoints/actions/register
Read Subscriber Key(s) 
  • GET security-subscriber-keys
Write Subscriber Key(s) 
  • DELETE security-subscriber-keys/{id}
  • POST security-subscriber-keys
  • POST security-subscriber-keys/{id}/actions/restore
Read Subscriber(s) 
  • GET security-subscribers
  • GET security-subscribers/{accountNumber}
  • GET security-subscribers/{subscriberId}
  • GET security-subscribers/{subscriberId}/keys
Write Subscriber(s) 
  • POST security-subscribers
  • POST security-subscribers/{subscriberId}/actions/deactivate
  • POST security-subscribers/{subscriberId}/actions/reactivate
Read IdentityView account information.
  • GET account/contacts
  • GET accounts
  • GET accounts/{accountId}
  • GET roles
  • GET roles/{id}
  • GET users
  • GET users/{id}
  • GET usersecurity/challengephrase
  • GET usersecurity/securityquestions
Write IdentityUpdate account information.
  • DELETE roles/{id}
  • DELETE roles/{id}/members/{userId}
  • POST reset/initiate
  • POST roles
  • POST roles/{id}
  • POST roles/{id}/members/{userId}
  • POST users
  • POST users/{id}/status/{isEnabled}
  • POST users/{userId}/invite
  • POST users/invitation/{key}
  • POST users/notifications
  • POST users/resetpassword
  • POST usersecurity/securityinformation/{referencekey}
  • PUT users/{id}
  • PUT usersecurity/challengephrase
  • PUT usersecurity/securityquestionanswer
Read Entity MetadataView notes and tags throughout the portal
  • GET {entityType}/{entityId}/notes
  • GET {entityType}/{entityId}/tags
Write Entity MetadataUpdate notes and tags throughout the portal
  • DELETE {entityType}/{entityId}/notes
  • DELETE {entityType}/{entityId}/tags
  • POST {entityType}/{entityId}/tags
  • PUT {entityType}/{entityId}/notes
Read FirewallView account firewall rules
  • GET firewall/{deviceId}/groups
  • GET firewall/{deviceId}/groups/{id}
  • GET firewall/{deviceId}/rules
  • GET firewall/{deviceId}/services
  • GET firewall/{deviceId}/services/{serviceGroupId}
  • GET firewalls
Write FirewallAdd and edit account firewall rules
  • DELETE firewall/{deviceId}/groups/{id}
  • DELETE firewall/{deviceId}/groups/appGroup/{id}
  • DELETE firewall/{deviceId}/rules
  • DELETE firewall/{deviceId}/services/{serviceGroupId}
  • POST firewall/{deviceId}/groups
  • POST firewall/{deviceId}/groups/appGroup/{id}
  • POST firewall/{deviceId}/rules
  • POST firewall/{deviceId}/services
  • PUT firewall/{deviceId}/groups/{id}
  • PUT firewall/{deviceId}/groups/appGroup/{id}
  • PUT firewall/{deviceId}/services/{serviceGroupId}
Read Network IPView account IP allocations and assignments.
  • GET ips/{orgVdcId}
  • GET ips/publicIps/location/{locationId}
  • GET ips/publicIps/unassigned/{locationName}
  • GET ips/subnets/all
Write Network IPAdd, Update, and remove IP assignments throughout the account.
  • POST ips/assign
  • POST ips/fhmDnat
  • POST ips/fhmDnat/{vmId}
  • POST ips/publicIps/assign
  • POST ips/publicIps/quantity/{quantity}
  • POST ips/publicIps/reclaim/{extDnatId}
  • POST ips/publicIps/unassign/{extDnatId}
  • POST ips/subnets/{orgVdcId}
  • POST ips/subnets/assign/{orgVdcId}
  • POST ips/subnets/ssl/{esgId}
  • POST ips/subnets/ssl/assign/{esgId}
  • POST ips/subnets/ssl/unassign
  • POST ips/unassign
Read Network L2LView L2L network tunnels
  • GET l2l
  • GET l2l/{id}
Write Network L2LAdd, Update, and remove L2L tunnels
  • DELETE l2l/{id}
  • POST l2l
  • PUT l2l/{id}
  • PUT l2l/{id}/isEnabled/{isEnabled}
Read Network NatView DNAT assignments per VM.
  • GET nats
  • GET nats/vm/{vmId}
Write Network NatAdd and remove DNAT assignments.
  • DELETE nats
  • POST nats
  • POST nats/vm/{vmId}
Read Network BandwidthView network transfer history.
  • GET bandwidth
  • GET bandwidth/{edgeId}
Read Notification(s)View account notifications.
  • GET notifications
Read Ticket(s)View account tickets.
  • GET tickets
  • GET tickets/{pageSize}/{pageNumber}
  • GET tickets/{ticketNumber}
  • GET tickets/{ticketNumber}/attachment
  • GET tickets/{ticketNumber}/attachments
  • GET tickets/count
  • GET tickets/meta-data
  • GET tickets/vms/{vmId}
  • OPTIONS tickets/{ticketNumber}/attachments
Write Ticket(s)Create and update tickets, related servers, and recipients.
  • DELETE tickets/{ticketNumber}/recipients
  • DELETE tickets/{ticketNumber}/servers
  • DELETE tickets/{ticketNumber}/tag
  • DELETE tickets/{ticketNumber}/tickets
  • POST tickets/{ticketNumber}/attachments
  • POST tickets/{ticketNumber}/close
  • POST tickets/{ticketNumber}/comment
  • POST tickets/{ticketNumber}/comment/{commentId}/attachment
  • POST tickets/{ticketNumber}/comment/feedback
  • POST tickets/{ticketNumber}/create
  • POST tickets/{ticketNumber}/open
  • POST tickets/{ticketNumber}/rate
  • POST tickets/{ticketNumber}/read
  • POST tickets/{ticketNumber}/recipients
  • POST tickets/{ticketNumber}/servers
  • POST tickets/{ticketNumber}/star
  • POST tickets/{ticketNumber}/tag
  • POST tickets/{ticketNumber}/tickets
  • POST tickets/{ticketNumber}/update
  • POST tickets/create
Read Workload(s)View account workloads.
  • GET apps
  • GET apps/{appId}/tiers
  • GET apps/{appId}/tiers/{tierId}
  • GET apps/{id}
Write WorkloadCreate, update, and remove account workloads.
  • DELETE apps/{appId}/tiers/{tierId}
  • DELETE apps/{id}
  • POST apps
  • POST apps/{appId}/tiers
  • POST apps/{id}/power/{powerAction}
  • PUT apps/{appId}/tiers/{tierId}
  • PUT apps/{id}
Read Location(s)Discover locations available for the account.
  • GET locations
  • GET locations/preferred
Read MonitoringView account resources.
  • GET monitoring
Read AutoScaleView autoscale settings for workloads and VMs.
  • GET apps/{appId}/tiers/{tierId}/auto-scale
  • GET apps/{id}/auto-scale
  • GET vms/{id}/auto-scale
Write AutoScaleSet autoscale settings for workloads and VMs.
  • PUT apps/{appId}/tiers/{tierId}/auto-scale
  • PUT apps/{id}/auto-scale
  • PUT vms/{id}/auto-scale
Read Virtual Machine StatsView graph data for VMs.
  • GET stats/vms
  • GET stats/vms/{vmId}
  • GET stats/vms/{vmId}/{statType}







Permission typeSpecific permissionDescriptionAPI route
AdministrativeRead Network BandwidthView network transfer historyGET /bandwidth
 Read IdentityView account information

GET /accounts

GET /accounts/{accountld}

GET /roles

GET /roles/{id}

GET /users

GET /users/{id}

GET /usersecurity/challengephrase

GET /usersecurity/securityquestions

 Write WorkloadCreate, update, and remove account workloads

POST /apps

PUT /apps/{id}

DELETE /apps/{id}

POST /apps/{id}/power/{powerAction}

POST /apps/{appsId}/tiers

PUT /apps/{appId}/tiers/{tierID}

DELETE /apps/{appId}/tiers/{tierId}

 Read AVAMView antivirus and antimalware details

GET /core/avam

GET /core/avam/statistics

GET /core/avam/statistics/{securityDataType}

 Read Dashboard StatisticsView main security dashboard

GET /core/dashboard/statistics

GET /core/security-dashboard/stats/overview

GET /core/security-dashboard/stats/overall

GET /core/security-dashboard/{fromdate}/{todate}

 Read FIMView file integrity details

GET /core/fim

GET /core/fim/statistics

GET /core/fim/statistics/{securityDataType}

 Read Connections 

GET /connections

GET /connections/summary

 Write Connections 

POST /connections

DELETE /connects/{id}

 Writer Connectors POST /connectors
 View Core LicenseView Core license informationGET /core/license
 Read FirewallView account firewall rules

GET /firewall/{deviceId}/groups

GET /firewall/{deviceId}/groups/{Id}

GET /firewall/{deviceId}/rules

GET /firewalls

GET /firewall/{deviceId}/services

GET /firewall/{deviceId}/services/{serviceGroupId}

 Write FirewallAdd and edit account firewall rules 
Permission typeSpecific permissionDescription
AdministrativeView UsersAuthorizes users to view existing users associated with the environment within the portal. 
AdministrativeAdd/Edit UsersAuthorizes users to add, remove and edit other users within the portal. 
AdministrativePassword Reset (Others)Authorizes users to issue password reset emails for other users. 
AdministrativeCancel AccountAuthorizes users to cancel the account with Armor. 
AdministrativeChange OwnershipAuthorizes users to change ownership of the account with Armor.
AdministrativeAuthorized SignatoryAuthorizes a user the ability to accept the terms and conditions for the environment. Modifications to the environment cannot be made until the terms and conditions are approved by an authorized signatory.
TechnicalView/troubleshoot ServicesAuthorizes users to view tickets and troubleshoot services within the environment. 
TechnicalRestart ServicesAuthorizes users to restart services, which includes secure cloud servers and appliances. 
TechnicalScale Servers & Load BalancersAuthorizes users to scale secure cloud servers and appliances through the portal. This grants the ability to affect invoicing only as it relates to scaled resources on secure cloud servers or appliances. 
TechnicalAccess Global Security ViewAuthorizes users to view the global security dashboard in the portal. 
TechnicalOpen/Close PortsAuthorizes users to open and close firewall ports on the environment and gives users access to the port opening request form found under the security tab in the portal. 
TechnicalNew Relic Account AccessAuthorizes users the ability to access the New Relic application monitoring account associated with the environment.
BillingAdd or Remove Billable ItemsAuthorizes users to add, delete or modify billable services for the environment which have an impact on your invoice.
BillingEdit Company InformationAuthorizes users to edit the company information fields which can be found by clicking the account tab within the portal. 
BillingView/Edit Payment InformationAuthorizes users to add and remove payment methods from the payment methods sub-tab within the account section of the portal.
NotificationReceive account notifications  
NotificationReceive technical notifications  
NotificationReceive billing notifications 
  • No labels

This page has no comments.