Page tree

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 32 Next »

Introduction

In the Armor user interface, roles are similar to job titles that you can create and assign to your users. After you create a role, you can populate that role with available permissions. For example, you can create a Billing role, and then you can add specific permissions that will give the assigned user permission to access billing-related permissions, such as Update Payment Information

To learn more about Roles and Permissions, see Roles and Permissions.

By default, a new administrator account contains an Admin role with all the available permissions selected.   

When you create a new user account, you must assign that user a role. Armor recommends that you create a default role that you can assign to a customer in order to complete the account-creation process.

Some popular roles to consider are Administrators, Audit, Billing, and Technical. 

To learn more about Roles and Permissions, see Roles and Permissions.

 


Create a role and add permissions

 

Create a role and add permissions (snippet)
  1. In the Armor Management Portal (AMP), in the left-side navigation, click Account
  2. Click Roles + Permissions
  3. Click the plus ( + ) icon. 
  4. In the top, right corner of the screen, hover over the gear icon. 
  5. Click the blue pencil (Rename) icon.
  6. In the window that appears, enter a descriptive name, and then click Rename Role.
  7. In the top menu, click Members
  8. In the field, enter and select the user (or users) to assign to the role. 
  9. In the top menu, click Permissions
  10. Mark the permissions to add to your role. 
  11. At the bottom of the screen, click Save Role

 


Assign a role to an existing user account

  1. In the Armor user interface, in the left-side navigation, click Account
  2. Click Roles + Permissions
  3. Search for and select the desired role. 
  4. Under the name of the role, click Members
  5. Click Edit Members
  6. Select and drag the desired user to the Chosen column. 
  7. Click the X at the top, right corner. 

 


Update permissions to a role 

 

Remember, when you update the permissions for a role, the users assigned to that role will automatically be able to use the newly added permissions.

 

  1. In the Armor user interface, in the left-side navigation, click Account
  2. Click Roles + Permissions
  3. Search for and select the desired role. 
  4. Select or deselect the desired permissions. 
  5. Click Save Role

Remove a role for a newly created or existing user

After you create a user account with an assigned role, the new user will receive an email to complete the login process. During this time, the account administrator has limited access to that user account; however, the account administrator can still update roles and permissions for the new user. 

  1. In the Armor user interface, in the left-side navigation, click Account
  2. Click Roles + Permissions
  3. In the search bar, enter the name of the newly created user, and then hit Enter. The table shows a list of roles associated with that user. 
  4. Search for and select the desired role. 
  5. Under the name of the role, click Members
  6. Click Edit Members
  7. Select and drag the desired user to the Chosen column. 
  8. Click the X at the top, right corner. 

Review available permissions

Review the following table to understand the permissions available for you to add to your Roles

 

Specific permissionDescriptionAPI routeSuggested role
Read Orders

View account resources.

  • GET orders/vm/options/software
  • GET software
  • GET usage
Technical, Billing
Write OrdersAdd additional account resources.
  • POST orders/submit/vm
Billing
Read Endpoint(s) 
  • GET security-endpoints
  • GET security-endpoints/{id}
  • GET security-endpoints/{id}/history
  • POST security-endpoints-search
  • POST security-endpoints/actions/ping

 
Write Endpoint(s) 
  • PATCH security-endpoints/{id}
  • POST security-endpoints/actions/register
 
Read Subscriber Key(s) 
  • GET security-subscriber-keys
 
Write Subscriber Key(s) 
  • DELETE security-subscriber-keys/{id}
  • POST security-subscriber-keys
  • POST security-subscriber-keys/{id}/actions/restore
 
Read Subscriber(s) 
  • GET security-subscribers
  • GET security-subscribers/{accountNumber}
  • GET security-subscribers/{subscriberId}
  • GET security-subscribers/{subscriberId}/keys
 
Write Subscriber(s) 
  • POST security-subscribers
  • POST security-subscribers/{subscriberId}/actions/deactivate
  • POST security-subscribers/{subscriberId}/actions/reactivate
 
Read IdentityView account information.
  • GET account/contacts
  • GET accounts
  • GET accounts/{accountId}
  • GET roles
  • GET roles/{id}
  • GET users
  • GET users/{id}
  • GET usersecurity/challengephrase
  • GET usersecurity/securityquestions
Technical, Billing,
Write IdentityUpdate account information.
  • DELETE roles/{id}
  • DELETE roles/{id}/members/{userId}
  • POST reset/initiate
  • POST roles
  • POST roles/{id}
  • POST roles/{id}/members/{userId}
  • POST users
  • POST users/{id}/status/{isEnabled}
  • POST users/{userId}/invite
  • POST users/invitation/{key}
  • POST users/notifications
  • POST users/resetpassword
  • POST usersecurity/securityinformation/{referencekey}
  • PUT users/{id}
  • PUT usersecurity/challengephrase
  • PUT usersecurity/securityquestionanswer
Technical, Billing
Read Entity MetadataView notes and tags throughout the portal
  • GET {entityType}/{entityId}/notes
  • GET {entityType}/{entityId}/tags
Technical, Billing
Write Entity MetadataUpdate notes and tags throughout the portal
  • DELETE {entityType}/{entityId}/notes
  • DELETE {entityType}/{entityId}/tags
  • POST {entityType}/{entityId}/tags
  • PUT {entityType}/{entityId}/notes
Technical, Billing
Read FirewallView account firewall rules
  • GET firewall/{deviceId}/groups
  • GET firewall/{deviceId}/groups/{id}
  • GET firewall/{deviceId}/rules
  • GET firewall/{deviceId}/services
  • GET firewall/{deviceId}/services/{serviceGroupId}
  • GET firewalls
Technical, Billing
Write FirewallAdd and edit account firewall rules
  • DELETE firewall/{deviceId}/groups/{id}
  • DELETE firewall/{deviceId}/groups/appGroup/{id}
  • DELETE firewall/{deviceId}/rules
  • DELETE firewall/{deviceId}/services/{serviceGroupId}
  • POST firewall/{deviceId}/groups
  • POST firewall/{deviceId}/groups/appGroup/{id}
  • POST firewall/{deviceId}/rules
  • POST firewall/{deviceId}/services
  • PUT firewall/{deviceId}/groups/{id}
  • PUT firewall/{deviceId}/groups/appGroup/{id}
  • PUT firewall/{deviceId}/services/{serviceGroupId}
Technical
Read Network IPView account IP allocations and assignments.
  • GET ips/{orgVdcId}
  • GET ips/publicIps/location/{locationId}
  • GET ips/publicIps/unassigned/{locationName}
  • GET ips/subnets/all
Technical, Billing
Write Network IPAdd, Update, and remove IP assignments throughout the account.
  • POST ips/assign
  • POST ips/fhmDnat
  • POST ips/fhmDnat/{vmId}
  • POST ips/publicIps/assign
  • POST ips/publicIps/quantity/{quantity}
  • POST ips/publicIps/reclaim/{extDnatId}
  • POST ips/publicIps/unassign/{extDnatId}
  • POST ips/subnets/{orgVdcId}
  • POST ips/subnets/assign/{orgVdcId}
  • POST ips/subnets/ssl/{esgId}
  • POST ips/subnets/ssl/assign/{esgId}
  • POST ips/subnets/ssl/unassign
  • POST ips/unassign
Technical
Read Network L2LView L2L network tunnels
  • GET l2l
  • GET l2l/{id}
Technical, Billing
Write Network L2LAdd, Update, and remove L2L tunnels
  • DELETE l2l/{id}
  • POST l2l
  • PUT l2l/{id}
  • PUT l2l/{id}/isEnabled/{isEnabled}
Technical
Read Network NatView DNAT assignments per VM.
  • GET nats
  • GET nats/vm/{vmId}
Technical, Billing
Write Network NatAdd and remove DNAT assignments.
  • DELETE nats
  • POST nats
  • POST nats/vm/{vmId}
Technical
Read Network BandwidthView network transfer history.
  • GET bandwidth
  • GET bandwidth/{edgeId}
Technical, Billing
Read Notification(s)View account notifications.
  • GET notifications
Technical, Billing
Read Ticket(s)View account tickets.
  • GET tickets
  • GET tickets/{pageSize}/{pageNumber}
  • GET tickets/{ticketNumber}
  • GET tickets/{ticketNumber}/attachment
  • GET tickets/{ticketNumber}/attachments
  • GET tickets/count
  • GET tickets/meta-data
  • GET tickets/vms/{vmId}
  • OPTIONS tickets/{ticketNumber}/attachments
Technical, Billing
Write Ticket(s)Create and update tickets, related servers, and recipients.
  • DELETE tickets/{ticketNumber}/recipients
  • DELETE tickets/{ticketNumber}/servers
  • DELETE tickets/{ticketNumber}/tag
  • DELETE tickets/{ticketNumber}/tickets
  • POST tickets/{ticketNumber}/attachments
  • POST tickets/{ticketNumber}/close
  • POST tickets/{ticketNumber}/comment
  • POST tickets/{ticketNumber}/comment/{commentId}/attachment
  • POST tickets/{ticketNumber}/comment/feedback
  • POST tickets/{ticketNumber}/create
  • POST tickets/{ticketNumber}/open
  • POST tickets/{ticketNumber}/rate
  • POST tickets/{ticketNumber}/read
  • POST tickets/{ticketNumber}/recipients
  • POST tickets/{ticketNumber}/servers
  • POST tickets/{ticketNumber}/star
  • POST tickets/{ticketNumber}/tag
  • POST tickets/{ticketNumber}/tickets
  • POST tickets/{ticketNumber}/update
  • POST tickets/create
Technical, Billing
Read Workload(s)View account workloads.
  • GET apps
  • GET apps/{appId}/tiers
  • GET apps/{appId}/tiers/{tierId}
  • GET apps/{id}
Technical, Billing
Write WorkloadCreate, update, and remove account workloads.
  • DELETE apps/{appId}/tiers/{tierId}
  • DELETE apps/{id}
  • POST apps
  • POST apps/{appId}/tiers
  • POST apps/{id}/power/{powerAction}
  • PUT apps/{appId}/tiers/{tierId}
  • PUT apps/{id}
Technical
Read Location(s)Discover locations available for the account.
  • GET locations
  • GET locations/preferred
Technical, Billing
Read MonitoringView account resources.
  • GET monitoring
Technical, Billing
Read AutoScaleView autoscale settings for workloads and VMs.
  • GET apps/{appId}/tiers/{tierId}/auto-scale
  • GET apps/{id}/auto-scale
  • GET vms/{id}/auto-scale
 
Write AutoScaleSet autoscale settings for workloads and VMs.
  • PUT apps/{appId}/tiers/{tierId}/auto-scale
  • PUT apps/{id}/auto-scale
  • PUT vms/{id}/auto-scale
 
Read Virtual Machine StatsView graph data for VMs.
  • GET stats/vms
  • GET stats/vms/{vmId}
  • GET stats/vms/{vmId}/{statType}
Technical, Billing
Read StorageView disk and storage information for the account.
  • GET storage
  • GET storage/summary
Technical, Billing
Read Virtual Machine(s)View VM details.
  • GET core/instance
  • GET vms
  • GET vms/{id}
  • GET vms/{vmId}/availableStorage
  • GET vms/{vmId}/disk
  • GET vms/core
  • GET vms/core/security
Technical, Billing
Write Virtual MachineCreate, update, and remove account VMs.
  • DELETE vms/{Id}
  • DELETE vms/{vmId}/disk/{diskId}
  • POST vms/{id}/power/{powerAction}
  • POST vms/{vmId}/adjustDisk
  • POST vms/{vmId}/disk
  • PUT vms/{Id}
Technical
Read Template(s)View template details.
  • GET templates
  • GET templates/{id}
Technical, Billing
Write TemplateCreate, update, and remove account templates.
  • DELETE templates/{id}
  • PATCH templates/{id}
  • POST apps/{id}/template/{name}
  • POST templates/{id}/deploy
Technical
Read Virtual Data CentersView account virtual data center details.
  • GET vdc
  • GET vdc/{id}
  • GET vdc/{id}/networks
  • GET vdc/{id}/networks/{networkId}
 
Write Virtual Data CentersCreate, edit, and remove account virtual data centers.
  • DELETE vdc/{id}
  • DELETE vdc/{id}/networks/{networkId}
  • POST vdc
  • POST vdc/{id}/networks
  • PUT vdc/{id}
  • PUT vdc/{vcdId}/networks/{networkId}
 
Read Connections 
  • GET connections
  • GET connections/summary
 
Write Connections 
  • DELETE connections/{id}
  • POST connections
  • POST connectors
 
Write Secret 
  • POST secret
 
Read FIMView file integrity details
  • GET core/fim
  • GET core/fim/statistics
  • GET core/fim/statistics/{securityDataType}
Technical, Billing
Read AVAMView antivirus and antimalware details
  • GET core/avam
  • GET core/avam/statistics
  • GET core/avam/statistics/{securityDataType}
Technical, Billing
Read Dashboard StatisticsView main security dashboard
  • GET core/dashboard/statistics
  • GET core/security-dashboard/{fromdate}/{todate}
  • GET core/security-dashboard/stats/overall
  • GET core/security-dashboard/stats/overview
Technical, Billing
Read OS PackagesView OS patching details
  • GET core/packages/gettotalstatus
  • GET core/packages/status
Technical, Billing
Read SSL VPN Devices and UsersView SSLVPN account users and details
  • GET sslvpn
  • POST sslvpn/installClient
Technical, Billing
Write SSL VPN Devices and UsersEnable SSLVPN for accoutn users
  • POST sslvpn/enable
Technical
Update Personal IdentityUpdate Personal Identity
  • GET challengephrase
  • GET securityquestions
  • POST securityinformation/{referencekey}
  • PUT challengephrase
  • PUT securityquestionanswer
Technical, Billing
View Core LicenseView Core License Information
  • GET core/license
Technical, Billing
Update Payment InformationView/Create/Edit/Delete Payment Information
  • DELETE paymentmethods/{id}
  • GET paymentmethods
  • GET paymentmethods/{id}
  • GET paymentmethods/billingaccount}
  • POST paymentmethods
  • POST paymentmethods/{id}
Billing

 

 

 



In this topic



Have a suggestion for the Armor Knowledge Base? Send a message to kb@armor.com.