Home > AMP Account User Guides > Roles and Permissions

Overview

In the Armor Management Portal (AMP)roles are similar to job titles that you can create and assign to your users. After you create a role, you can populate that role with specific permissions. For example, you can create a Billing role, and then you can add specific permissions that will give the assigned user permission to access billing-related permissions, such as Update Payment Information

To learn more about Roles and Permissions, see Review available permissions.

By default, a new administrator account contains an Admin role with all the available permissions selected.   

When you create a new user account, you must assign that user a role. Armor recommends that you create a default role that you can assign to a customer in order to complete the account-creation process.

Some popular roles to consider are Administrator, Audit, Billing, and Technical. 

To learn more about Roles and Permissions, see Review available permissions.



Create a role and add permissions

 


Assign a role to an existing user account

  1. In the Armor Management Portal (AMP), in the left-side navigation, click Account
  2. Click Roles + Permissions
  3. Locate and select the desired role. 
  4. Under the name of the role, click Members
  5. Click Edit Members
  6. Select and drag the desired user to the Chosen column. 
  7. Click the X at the top, right corner.  

Update a permission for a role 

Remember, when you update the permissions for a role, the users assigned to that role will automatically be able to use the newly added permissions.


  1. In the Armor Management Portal (AMP), in the left-side navigation, click Account
  2. Click Roles + Permissions
  3. Locate and select the desired role. 
  4. Select or deselect the desired permissions. 
  5. Click Save Role

Remove a role for a newly created or existing user

After you create a user account with an assigned role, the new user will receive an email to complete the login process. During this time, the account administrator has limited access to that user account; however, the account administrator can still update roles and permissions for the new user. 

  1. In the Armor Management Portal (AMP), in the left-side navigation, click Account
  2. Click Roles + Permissions
  3. In the search bar, enter the name of the newly created user, and then hit Enter. The table shows a list of roles associated with that user. 
  4. Locate and select the desired role. 
  5. Under the name of the role, click Members
  6. Click Edit Members
  7. Select and drag the desired user to the Chosen column. 
  8. Click the X at the top, right corner. 

Review available permissions

Review the following table to understand the permissions available for you to add to your Roles


Specific permissionDescriptionSuggested role
Read Orders

View account resources.

Technical, Billing
Write OrdersAdd additional account resources.Billing
Read Endpoint(s)

Write Endpoint(s)

Read Subscriber Key(s)

Write Subscriber Key(s)

Read Subscriber(s)

Write Subscriber(s)

Read IdentityView account information.Technical, Billing,
Write IdentityUpdate account information.Technical, Billing
Read Entity MetadataView notes and tags throughout the portalTechnical, Billing
Write Entity MetadataUpdate notes and tags throughout the portalTechnical, Billing
Read FirewallView account firewall rulesTechnical, Billing
Write FirewallAdd and edit account firewall rulesTechnical
Read Network IPView account IP allocations and assignments.Technical, Billing
Write Network IPAdd, update, and remove IP assignments throughout the account.Technical
Read Network L2LView L2L network tunnelsTechnical, Billing
Write Network L2LAdd, update, and remove L2L tunnelsTechnical
Read Network NatView DNAT assignments per VM.Technical, Billing
Write Network NatAdd and remove DNAT assignments.Technical
Read Network BandwidthView network transfer history.Technical, Billing
Read Notification(s)View account notifications.Technical, Billing
Read Ticket(s)View account tickets.Technical, Billing
Write Ticket(s)Create and update tickets, related servers, and recipients.Technical, Billing
Read Workload(s)View account workloads.Technical, Billing
Write WorkloadCreate, update, and remove account workloads.Technical
Read Location(s)Discover locations available for the account.Technical, Billing
Read MonitoringView account resources.Technical, Billing
Read AutoScaleView autoscale settings for workloads and VMs.
Write AutoScaleSet autoscale settings for workloads and VMs.
Read Virtual Machine StatsView graph data for VMs.Technical, Billing
Read StorageView disk and storage information for the account.Technical, Billing
Read Virtual Machine(s)View VM details.Technical, Billing
Write Virtual MachineCreate, update, and remove account VMs.Technical
Read Template(s)View template details.Technical, Billing
Write TemplateCreate, update, and remove account templates.Technical
Read Virtual Data CentersView account virtual data center details.
Write Virtual Data CentersCreate, edit, and remove account virtual data centers.
Read Connections

Write Connections

Write Secret

Read FIMView file integrity detailsTechnical, Billing
Read AVAMView antivirus and anti-malware (malware protection) detailsTechnical, Billing
Read Dashboard StatisticsView main security dashboardTechnical, Billing
Read OS PackagesView OS patching detailsTechnical, Billing
Read SSL VPN Devices and UsersView SSLVPN account users and detailsTechnical, Billing
Write SSL VPN Devices and UsersEnable SSLVPN for account usersTechnical
Update Personal IdentityUpdate Personal IdentityTechnical, Billing
View Core LicenseView Core License InformationTechnical, Billing
Update Payment InformationView/Create/Edit/Delete Payment InformationBilling
Write OrdersAdd additional account resources
Update Customer PasswordsUpdate another user's password
Read AutoscaleView autoscale settings for workloads and VMs.
Read Storage
View disk and storage information for the account.

View SubscriptionsView Marketplace subscriptions
Read TasksView task information
Write TasksUpdate task information
View InvoicesView Invoices
Read LogManagementView Log Management information
Read LogSearchView Log Search information
Write AccountUpdate account information
Read Product CatalogRead Product Catalog
Global SearchPerform Global Search
Write SubscriptionsWrite Subscriptions
Scale Virtual MachineScale up and down account VMs



What's the difference between system and resource?

add notes about roles and permissions to API

How can we group these based on the type of user, such as "account specialist" or "technical specialist?"

Account role

Technical role

Security role

Admin role

The admin role should have everything included


61


Specific permissionSystemResourceDescriptionRoleProducts
Read Network BandwidthNetworkNetworkView network transfer historyTechnicalArmor Complete - Secure Hosting
Read FirewallNetworkFirewallView account firewall rulesTechnicalArmor Complete - Secure Hosting
Write FirewallNetworkFirewallAdd and update firewall rulesTechnicalArmor Complete - Secure Hosting
Read Network IPNetworkIPView account IP allocations and assignmentsTechnicalArmor Complete - Secure Hosting
Write Network IPNetworkIPAdd, update, and remove IP assignmentsTechnicalArmor Complete - Secure Hosting
Read Network L2LNetworkL2LView L2L network tunnelsTechnicalArmor Complete - Secure Hosting
Write Network L2LNetworkL2LAdd, update, and remove L2L tunnelsTechnicalArmor Complete - Secure Hosting
Read Network NATNetworkNATView DNAT assignments per virtual machineTechnicalArmor Complete - Secure Hosting
Write Network NATNetworkNATAdd and remove DNAT assignmentsTechnicalArmor Complete - Secure Hosting
Read SSL VPN Devices and UsersNetworkSSL VPNView SSL VPN account users and detailsTechnicalArmor Complete - Secure Hosting
Write SSL VPN Devices and UserNetworkSSL VPNEnable SSL VPN for account usersTechnicalArmor Complete - Secure Hosting
Specific permissionsSystemResourceDescriptionRoleProducts
Read IdentityIdentityAccountsView account informationTechnicalArmor Complete - Secure Hosting, Armor Anywhere - Security
Update Personal IdentityIdentityIdentity
TechnicalArmor Complete - Secure Hosting, Armor Anywhere - Security
Write AccountIdentityAccountsUpdate account informationTechnicalArmor Complete - Secure Hosting, Armor Anywhere - Security
Update Customer PasswordsIdentityRolesUpdate another user's passwordTechnicalArmor Complete - Secure Hosting, Armor Anywhere - Security
Write IdentityIdentityRolesUpdate account informationTechnicalArmor Complete - Secure Hosting, Armor Anywhere - Security
Specific permissionsSystemResourceDescriptionRoleProducts
Read Workload(s)VPCAPPView account workloadsTechnicalArmor Complete - Secure Hosting
Write WorkloadVPCAPPCreate, update, and remove account workloadsTechnicalArmor Complete - Secure Hosting
Read Location(s)VPCLocationView locations available for this accountTechnicalArmor Complete - Secure Hosting
Read MonitoringVPCMonitoringView account resourcesTechnicalArmor Complete - Secure Hosting
Read Virtual Machine StatsVPCStatsView graph data for virtual machinesTechnicalArmor Complete - Secure Hosting
Read StorageVPCStorageView disk and storage information for the accountTechnicalArmor Complete - Secure Hosting
Read Template(s)VPCTemplateView template detailsTechnicalArmor Complete - Secure Hosting
Write TemplateVPCTemplateCreate, update, and remove account templatesTechnicalArmor Complete - Secure Hosting
Read Virtual Machine(s)VPCVMSView virtual machine detailsTechnical
Scale Virtual MachineVPCVMSUpgrade or downgrade the size of a virtual machine.Technical
Write Virtual MachineVPCVMSCreate, update, and remove account virtual virtual machinesTechnical
Read Server ReplicationVPCVMS
Technical
Writer Server ReplicationVPCVMS
Technical
Specific permissionsSystemResourceDescriptionRoleProducts
Update Payment InformationAccountBillingView, create, edit, and delete payment information.Billing / AccountingArmor Complete - Secure Hosting, Armor Anywhere - Security
Read Payment InformationAccountBillingView payment information.Billing / AccountingArmor Complete - Secure Hosting, Armor Anywhere - Security
Read ConnectionsAccountConnections

Armor Complete - Secure Hosting, Armor Anywhere - Security
Write ConnectorsAccountConnectors

Armor Complete - Secure Hosting, Armor Anywhere - Security
Read OrdersAccountOrdersView account resourcesBilling / AccountingArmor Complete - Secure Hosting, Armor Anywhere - Security
Write OrdersAccountOrdersAdd additional account resourcesBilling / AccountingArmor Complete - Secure Hosting, Armor Anywhere - Security
Write SecretAccountSecretCreate a password for your virtual machine?TechnicalArmor Complete - Secure Hosting, Armor Anywhere - Security
Specific permissionsSystemResourceDescription
Read ComplianceComplianceCompliance
Write ComplianceComplianceCompliance
Specific permissionsSystemResourceDescription
Read AVAMCoreConnectionView Malware Protection details.
Read Dashboard StatisticsCoreConnectionDoes this apply now to the newly created dashboard?
Read FIMCoreConnectionView File Integrity Monitoring details.
View Core LicenseCoreLicensingIs this to view just your core information?
Read LogManagementCoreLogsView Log Management information
Read LogSearchCoreLogsView Log Search information
Write LogManagementCoreLogs
Read OS PackagesCorePackagesView OS patching details
View Vulnerability ScansCoreVulnerability Scanning
Specific permissionsSystemResourceDescriptionRolesProduct compatibility
View InvoicesBillingInvoices
  • Billing / Accounting
  • Technical

Read Product CatalogBillingProducts


View SubscriptionBillingSubscriptions


Write SubscriptionsBillingSubscriptions


Specific permissionsSystemResourceDescriptionRolesProduct compatibility
Read Entity MetadataMetaNoteView notes and tagsTechnicalArmor Complete - Secure Hosting
Write Entity MetadataMetaNoteUpdates notes and tagsTechnical Armor Complete - Secure Hosting
Read TasksMetaTaskView task informationTechnical Armor Complete - Secure Hosting
Write TasksMetaTaskWrite task informationTechnical Armor Complete - Secure Hosting
Specific permissionsSystemResourceDescriptionRolesProduct compatibility
Read Notification(s)NotificationNotifications

View account notifications.


  • Billing / Accounting
  • Technical
  • Armor Complete - Secure Hosting
  • Armor Anywhere - Security
Specific permissionsSystemResourceDescriptionRolesProduct compatibility
Read Ticket(s)TicketTicketsView open tickets in your account.
  • Billing / Accounting
  • Technical
  • Armor Complete - Secure Hosting
  • Armor Anywhere - Security
Write Ticket(s)TicketTicketsCreate a support ticket.
  • Billing / Accounting
  • Technical
  • Armor Complete - Secure Hosting
  • Armor Anywhere - Security
Specific permissionsSystemResourceDescriptionRolesProduct compatibility
Global SearchSearchSearchSearch throughout AMP for various resource needs
  • Billing / Accounting
  • Technical
  • Armor Complete - Secure Hosting
  • Armor Anywhere - Security
Specific permissionsSystemResourceDescriptionRolesProduct compatibility
Read Endpoint(s)ArmorSecurityendpoints
Technical





Permissions for technical roles

PermissionsDescriptionProduct Compatibility
Network
Armor Complete - Secure Hosting
Firewall
Armor Complete - Secure Hosting
IP
Armor Complete - Secure Hosting
L2L
Armor Complete - Secure Hosting
NAT
Armor Complete - Secure Hosting
SSL VPN
Armor Complete - Secure Hosting



Accounts
Armor Complete - Secure Hosting, Armor Anywhere - Security
Identity
Armor Complete - Secure Hosting, Armor Anywhere - Security
Roles
Armor Complete - Secure Hosting, Armor Anywhere - Security



APP
Armor Complete - Secure Hosting
Location
Armor Complete - Secure Hosting
Monitoring
Armor Complete - Secure Hosting
Stats
Armor Complete - Secure Hosting
Storage
Armor Complete - Secure Hosting
Template
Armor Complete - Secure Hosting
VMS
Armor Complete - Secure Hosting, Armor Anywhere - Security



Secret
Armor Complete - Secure Hosting, Armor Anywhere - Security



Compliance
Armor Complete - Secure Hosting



Connection
Armor Anywhere - Security
Licensing
Armor Anywhere - Security
Logs
Armor Complete - Secure Hosting, Armor Anywhere - Security
Packages
Armor Complete - Secure Hosting, Armor Anywhere - Security
Vulnerability Scanning
Armor Anywhere - Security



Note
Armor Complete - Secure Hosting, Armor Anywhere - Security
Task
Armor Complete - Secure Hosting, Armor Anywhere - Security



Notification
Armor Complete - Secure Hosting, Armor Anywhere - Security



Tickets
Armor Complete - Secure Hosting, Armor Anywhere - Security



Search
Armor Complete - Secure Hosting, Armor Anywhere - Security


Permissions for billing / accounting roles


PermissionsDescriptionProduct Compatibility
Billing
Armor Complete - Secure Hosting, Armor Anywhere - Security
Orders
Armor Complete - Secure Hosting, Armor Anywhere - Security



Invoices
Armor Complete - Secure Hosting, Armor Anywhere - Security
Products
Armor Complete - Secure Hosting, Armor Anywhere - Security
Subscriptions
Armor Complete - Secure Hosting



Notification
Armor Complete - Secure Hosting, Armor Anywhere - Security



Tickets
Armor Complete - Secure Hosting, Armor Anywhere - Security



Search
Armor Complete - Secure Hosting, Armor Anywhere - Security



System

Resource

Role

Complete and/or Anywhere

















Meta

Note

Technical

Both


Task

Technical

Both





Notification

Notifications

Technical, Billing / Accounting

Both





Ticket

Tickets

Billing / Accounting

Both





Search

Search

Technical, Billing / Accounting

Both





Armor

Secure Endpoints

Technical

?