Home > AMP Account User Guides > Roles and Permissions

Overview

In the Armor Management Portal (AMP)roles are similar to job titles that you can create and assign to your users. After you create a role, you can populate that role with specific permissions. For example, you can create a Billing role, and then you can add specific permissions that will give the assigned user permission to access billing-related permissions, such as Update Payment Information

To learn more about Roles and Permissions, see Review available permissions.

By default, a new administrator account contains an Admin role with all the available permissions selected.   

When you create a new user account, you must assign that user a role. Armor recommends that you create a default role that you can assign to a customer in order to complete the account-creation process.

Some popular roles to consider are Administrator, Audit, Billing, and Technical. 

To learn more about Roles and Permissions, see Review available permissions.



Create a role and add permissions

 


Assign a role to an existing user account

  1. In the Armor Management Portal (AMP), in the left-side navigation, click Account
  2. Click Roles + Permissions
  3. Locate and select the desired role. 
  4. Under the name of the role, click Members
  5. Click Edit Members
  6. Select and drag the desired user to the Chosen column. 
  7. Click the X at the top, right corner.  

Update a permission for a role 

Remember, when you update the permissions for a role, the users assigned to that role will automatically be able to use the newly added permissions.


  1. In the Armor Management Portal (AMP), in the left-side navigation, click Account
  2. Click Roles + Permissions
  3. Locate and select the desired role. 
  4. Select or deselect the desired permissions. 
  5. Click Save Role

Remove a role for a newly created or existing user

After you create a user account with an assigned role, the new user will receive an email to complete the login process. During this time, the account administrator has limited access to that user account; however, the account administrator can still update roles and permissions for the new user. 

  1. In the Armor Management Portal (AMP), in the left-side navigation, click Account
  2. Click Roles + Permissions
  3. In the search bar, enter the name of the newly created user, and then hit Enter. The table shows a list of roles associated with that user. 
  4. Locate and select the desired role. 
  5. Under the name of the role, click Members
  6. Click Edit Members
  7. Select and drag the desired user to the Chosen column. 
  8. Click the X at the top, right corner. 

Review available permissions

Review the following table to understand the permissions available for you to add to your Roles


Specific permissionDescriptionSuggested role
Read Orders

View account resources.

Technical, Billing
Write OrdersAdd additional account resources.Billing
Read Endpoint(s)

Write Endpoint(s)

Read Subscriber Key(s)

Write Subscriber Key(s)

Read Subscriber(s)

Write Subscriber(s)

Read IdentityView account information.Technical, Billing,
Write IdentityUpdate account information.Technical, Billing
Read Entity MetadataView notes and tags throughout the portalTechnical, Billing
Write Entity MetadataUpdate notes and tags throughout the portalTechnical, Billing
Read FirewallView account firewall rulesTechnical, Billing
Write FirewallAdd and edit account firewall rulesTechnical
Read Network IPView account IP allocations and assignments.Technical, Billing
Write Network IPAdd, update, and remove IP assignments throughout the account.Technical
Read Network L2LView L2L network tunnelsTechnical, Billing
Write Network L2LAdd, update, and remove L2L tunnelsTechnical
Read Network NatView DNAT assignments per VM.Technical, Billing
Write Network NatAdd and remove DNAT assignments.Technical
Read Network BandwidthView network transfer history.Technical, Billing
Read Notification(s)View account notifications.Technical, Billing
Read Ticket(s)View account tickets.Technical, Billing
Write Ticket(s)Create and update tickets, related servers, and recipients.Technical, Billing
Read Workload(s)View account workloads.Technical, Billing
Write WorkloadCreate, update, and remove account workloads.Technical
Read Location(s)Discover locations available for the account.Technical, Billing
Read MonitoringView account resources.Technical, Billing
Read AutoScaleView autoscale settings for workloads and VMs.
Write AutoScaleSet autoscale settings for workloads and VMs.
Read Virtual Machine StatsView graph data for VMs.Technical, Billing
Read StorageView disk and storage information for the account.Technical, Billing
Read Virtual Machine(s)View VM details.Technical, Billing
Write Virtual MachineCreate, update, and remove account VMs.Technical
Read Template(s)View template details.Technical, Billing
Write TemplateCreate, update, and remove account templates.Technical
Read Virtual Data CentersView account virtual data center details.
Write Virtual Data CentersCreate, edit, and remove account virtual data centers.
Read Connections

Write Connections

Write Secret

Read FIMView file integrity detailsTechnical, Billing
Read AVAMView antivirus and anti-malware (malware protection) detailsTechnical, Billing
Read Dashboard StatisticsView main security dashboardTechnical, Billing
Read OS PackagesView OS patching detailsTechnical, Billing
Read SSL VPN Devices and UsersView SSLVPN account users and detailsTechnical, Billing
Write SSL VPN Devices and UsersEnable SSLVPN for account usersTechnical
Update Personal IdentityUpdate Personal IdentityTechnical, Billing
View Core LicenseView Core License InformationTechnical, Billing
Update Payment InformationView/Create/Edit/Delete Payment InformationBilling
Write OrdersAdd additional account resources
Update Customer PasswordsUpdate another user's password
Read AutoscaleView autoscale settings for workloads and VMs.
Read Storage
View disk and storage information for the account.

View SubscriptionsView Marketplace subscriptions
Read TasksView task information
Write TasksUpdate task information
View InvoicesView Invoices
Read LogManagementView Log Management information
Read LogSearchView Log Search information
Write AccountUpdate account information
Read Product CatalogRead Product Catalog
Global SearchPerform Global Search
Write SubscriptionsWrite Subscriptions
Scale Virtual MachineScale up and down account VMs



What's the difference between system and resource?

add notes about roles and permissions to API

How can we group these based on the type of user, such as "account specialist" or "technical specialist?"

Account role

Technical role

Security role

Admin role

The admin role should have everything included


61


Specific permissionSystemResourceDescription
Read Network BandwidthNetworkNetworkView network transfer history
Read FirewallNetworkFirewallView account firewall rules
Write FirewallNetworkFirewallAdd and update firewall rules
Read Network IPNetworkIPView account IP allocations and assignments
Write Network IPNetworkIPAdd, update, and remove IP assignments
Read Network L2LNetworkL2LView L2L network tunnels
Write Network L2LNetworkL2LAdd, update, and remove L2L tunnels
Read Network NATNetworkNATView DNAT assignments per virtual machine
Write Network NATNetworkNATAdd and remove DNAT assignments
Read SSL VPN Devices and UsersNetworkSSL VPNView SSL VPN account users and details
Write SSL VPN Devices and UserNetworkSSL VPNEnable SSL VPN for account users
Specific permissionsSystemResourceDescription
Read IdentityIdentityAccountsView account information
Update Personal IdentityIdentityIdentity
Write AccountIdentityAccountsUpdate account information
Update Customer PasswordsIdentityRolesUpdate another user's password
Write IdentityIdentityRolesUpdate account information
Specific permissionsSystemResourceDescription
Read Workload(s)VPCAPPView account workloads
Write WorkloadVPCAPPCreate, update, and remove account workloads
Read Location(s)VPCLocationView locations available for this account
Read MonitoringVPCMonitoringView account resources
Read Virtual Machine StatsVPCStatsView graph data for virtual machines
Read StorageVPCStorageView disk and storage information for the account
Read Template(s)VPCTemplateView template details
Write TemplateVPCTemplateCreate, update, and remove account templates
Read Virtual Machine(s)VPCVMSView virtual machine details
Scale Virtual MachineVPCVMSUpgrade or downgrade the size of a virtual machine.
Write Virtual MachineVPCVMSCreate, update, and remove account virtual virtual machines
Read Server ReplicationVPCVMS
Writer Server ReplicationVPCVMS
Specific permissionsSystemResourceDescription
Update Payment InformationAccountBillingView, create, edit, and delete payment information.
Read Payment InformationAccountBillingView payment information.
Read ConnectionsAccountConnections
Write ConnectorsAccountConnectors
Read OrdersAccountOrdersView account resources
Write OrdersAccountOrdersAdd additional account resources
Write SecretAccountSecretCreate a password for your virtual machine?
Specific permissionsSystemResourceDescription
Read ComplianceComplianceCompliance
Write ComplianceComplianceCompliance
Specific permissionsSystemResourceDescription
Read AVAMCoreConnectionView Malware Protection details.
Read Dashboard StatisticsCoreConnectionDoes this apply now to the newly created dashboard?
Read FIMCoreConnectionView File Integrity Monitoring details.
View Core LicenseCoreLicensingIs this to view just your core information?
Read LogManagementCoreLogsView Log Management information
Read LogSearchCoreLogsView Log Search information
Write LogManagementCoreLogs
Read OS PackagesCorePackagesView OS patching details
View Vulnerability ScansCoreVulnerability Scanning
Specific permissionsSystemResourceDescription
View InvoicesBillingInvoices
Read Product CatalogBillingProducts
View SubscriptionBillingSubscriptions
Write SubscriptionsBillingSubscriptions
Specific permissionsSystemResourceDescription
Read Entity MetadataMetaNoteView notes and tags
Write Entity MetadataMetaNoteUpdates notes and tags
Read TasksMetaTaskView task information
Write TasksMetaTaskWrite task information
Specific permissionsSystemResourceDescription
Read Notification(s)NotificationNotifications

View account notifications.


Specific permissionsSystemResourceDescription
Read Ticket(s)TicketTicketsView open tickets in your account.
Write Ticket(s)TicketTicketsCreate a support ticket.
Specific permissionsSystemResourceDescription
Global SearchSearchSearchSearch throughout AMP for various resource needs
Specific permissionsSystemResourceDescription
Read Endpoint(s)ArmorSecurityendpoints





Permissions for technical roles

PermissionsDescriptionProduct Compatibility
Network
Armor Complete - Secure Hosting
Firewall
Armor Complete - Secure Hosting
IP
Armor Complete - Secure Hosting
L2L
Armor Complete - Secure Hosting
NAT
Armor Complete - Secure Hosting
SSL VPN
Armor Complete - Secure Hosting



Accounts
Armor Complete - Secure Hosting, Armor Anywhere - Security
Identity
Armor Complete - Secure Hosting, Armor Anywhere - Security
Roles
Armor Complete - Secure Hosting, Armor Anywhere - Security



APP
Armor Complete - Secure Hosting
Location
Armor Complete - Secure Hosting
Monitoring
Armor Complete - Secure Hosting
Stats
Armor Complete - Secure Hosting
Storage
Armor Complete - Secure Hosting
Template
Armor Complete - Secure Hosting
VMS
Armor Complete - Secure Hosting, Armor Anywhere - Security



Secret
Armor Complete - Secure Hosting, Armor Anywhere - Security



Compliance
Armor Complete - Secure Hosting



Connection
Armor Anywhere - Security
Licensing
Armor Anywhere - Security
Logs
Armor Complete - Secure Hosting, Armor Anywhere - Security
Packages
Armor Complete - Secure Hosting, Armor Anywhere - Security
Vulnerability Scanning
Armor Anywhere - Security



Note
Armor Complete - Secure Hosting, Armor Anywhere - Security
Task
Armor Complete - Secure Hosting, Armor Anywhere - Security



Notification
Armor Complete - Secure Hosting, Armor Anywhere - Security



Tickets
Armor Complete - Secure Hosting, Armor Anywhere - Security



Search
Armor Complete - Secure Hosting, Armor Anywhere - Security


Permissions for billing / accounting roles


PermissionsDescriptionProduct Compatibility
Billing
Armor Complete - Secure Hosting, Armor Anywhere - Security
Orders
Armor Complete - Secure Hosting, Armor Anywhere - Security



Invoices
Armor Complete - Secure Hosting, Armor Anywhere - Security
Products
Armor Complete - Secure Hosting, Armor Anywhere - Security
Subscriptions
Armor Complete - Secure Hosting



Notification
Armor Complete - Secure Hosting, Armor Anywhere - Security



Tickets
Armor Complete - Secure Hosting, Armor Anywhere - Security



Search
Armor Complete - Secure Hosting, Armor Anywhere - Security



System

Resource

Role

Complete and/or Anywhere





 

 

 

 





 

 

 

 

Meta

Note

Technical

Both

 

Task

Technical

Both

 

 

 

 

Notification

Notifications

Technical, Billing / Accounting

Both

 

 

 

 

Ticket

Tickets

Billing / Accounting

Both

 

 

 

 

Search

Search

Technical, Billing / Accounting

Both

 

 

 

 

Armor

Secure Endpoints

Technical

?