Topics Discussed

In the Armor Management Portal (AMP), permissions allow you to control the way your users access their AMP account.

There are many shared permissions between Armor's private cloud and Armor Anywhere. As a result, this document applies to both Armor's private cloud and Armor Anywhere users. 

Review the Product compatibility column for product-specific permissions. 

In the Roles and Permissions screen, you may see permissions that only apply to Armor's private cloud or Armor Anywhere users. Your roles will not malfunction if you include a permission for a different product into your role.



Security Permissions



ScreenPermissionDescriptionProduct compatibility

Security Health Dashboards

  • Health Overview (landing screen)
  • Protection
  • Detection
  • Response
  • Security Incidents
Read Dashboard StatisticsThis permission allows you to view the data that populates the security dashboards.
  • Armor's private cloud
  • Armor Anywhere

Malware Protection

Read AVAMThis permission allows you to view antivirus and anti-malware (malware protection) details for each virtual machine.
  • Armor's private cloud
  • Armor Anywhere
Malware ProtectionRead Trend Manual Scan This permission allows you to view which virtual machines are eligible for a manual scan.
  • Armor's private cloud
  • Armor Anywhere
Malware ProtectionWriter Trend Manual ScanThis permission allows you to start a manual scan for a virtual machine.
  • Armor's private cloud
  • Armor Anywhere

FIM

Read FIMThis permission allows you to view file integrity details for each virtual machine.
  • Armor's private cloud
  • Armor Anywhere

Patching

Read OS PackagesThis permission allows you to view details OS patching details for each virtual machine.
  • Armor's private cloud
  • Armor Anywhere
Intrusion DetectionRead IDSThis permission allows you to view intrusion detection data.
  • Armor's private cloud
  • Armor Anywhere

Log & Data Management

Read LogManagement

This permission allows you to view high-level information for log collection for each virtual machine, such as:

  • Date logs were last received
  • Average size of collected logs
  • Log Status
  • Armor's private cloud
  • Armor Anywhere

Log & Data Management

Write LogManagement

This permission allows you to update the log management service, specifically the permission to upgrade the log retention plan.
  • Armor's private cloud
  • Armor Anywhere
Log & Data Management

Read Log Management Plan Selection

This permission allows you to view additional log retention plans.
  • Armor's private cloud
  • Armor Anywhere
Log & Data ManagementWrite Log Management Plan SelectionThis permission allows you to change log retention plans.
  • Armor's private cloud
  • Armor Anywhere
Log & Data Management

Delete Log Management

This permission allows you to delete a log source.
  • Armor's private cloud
  • Armor Anywhere
Log & Data Management

Read Log Endpoints

This permission allows you to view an endpoint.
  • Armor's private cloud
  • Armor Anywhere
Log & Data Management

Write Log Endpoints

This permission allows you to create an endpoint.
  • Armor's private cloud
  • Armor Anywhere
Log & Data Management

Delete Log Endpoints

This permission allows you to delete an endpoint.

  • Armor's private cloud
  • Armor Anywhere
Log & Data ManagementRead Log RelaysThis permission allows you to view a remote log source. 
  • Armor's private cloud
  • Armor Anywhere
Log & Data ManagementWrite Log RelaysThis permission allows you to create a remote log source. 
  • Armor's private cloud
  • Armor Anywhere
Log & Data ManagementDelete Log Relays This permission allows you to delete a remote log source. 
  • Armor's private cloud
  • Armor Anywhere
Vulnerability ScanningRead Compliance

This permission allows you to view information for the vulnerability scanning add-on product information. Specifically, you will see the status of the add-on product.

  • Armor's private cloud
Vulnerability ScanningWrite Compliance

This permission allows you to upgrade, downgrade, or delete the vulnerability scanning add-on product.

  • Armor's private cloud
Vulnerability ScanningView Vulnerability ScansThis permission allows you to view the data for a vulnerability scanning report, via a downloaded report or within AMP.
  • Armor Anywhere
Dynamic Threat BlockingRead Dynamic Threat Blocking Rule(s)This permission allows you to view IP rules that have been created.
  • Armor's private cloud
  • Armor Anywhere
Dynamic Threat BlockingWrite Dynamic Threat Blocking Rule(s)This permission allows you to create and delete an IP rule (whitelist or blacklist).
  • Armor's private cloud
  • Armor Anywhere
Dynamic Threat BlockingWrite Dynamic Threat Blocking Rule Never Expire IPThis permission allows you to create an IP rule (whitelist or blacklist) without an expiration date.
  • Armor's private cloud
  • Armor Anywhere
Dynamic Threat BlockingRead Dynamic Threat Blocking(s)This permission allows you to perform an IP lookup. Additionally, this permission allows you to view other IP lookups that have taken place in your account.
  • Armor's private cloud
  • Armor Anywhere

Firewall

Read Firewall

This permission allows you to view details for firewall rules for each virtual machine.

  • Armor's private cloud
Firewall

Write Firewall

This permission allows you to add, update, or delete firewall rules.
  • Armor's private cloud
Security IncidentsRead Dashboard StatisticsThis permission allows you to view the data that populates the security dashboards, which includes open or pending security incidents.
  • Armor's private cloud
  • Armor Anywhere


Marketplace Permissions



ScreenPermissionDescriptionProduct compatibility

Marketplace

Read Product Catalog

This permission allows you to view available add-on products.

You must have this permission enabled in your account in order to view purchased services and also to order new services in AMP.

  • Armor's private cloud
Marketplace and My ProductsView SubscriptionsThis permission allows you to view subscription-based add-on products in the My Products screen of the User Details screen.
  • Armor's private cloud
Marketplace (and My Products)Write Subscriptions

This permission allows you to view the Armor Marketplace, as well as add and cancel subscription-based add-on products.

Specifically, you can add the subscription in the Armor Marketplace, and then cancel the subscription in the My Products screen of the User Details screen.

  • Armor's private cloud


Infrastructure Permissions



ScreenPermissionDescriptionProduct compatibility

Workloads

Read Workload(s)

This permission allows you to view high-level data for workloads, such as

  • the associated data center
  • the number of tiers within the workload
  • the number of virtual machines within the workload
  • Armor's private cloud
WorkloadsWrite WorkloadThis permission allows you to create, update, and remove workloads and tiers.
  • Armor's private cloud

Virtual Machines

Read Virtual Machine Stats

This permission allows you to view usage data for a virtual data. This data is displayed in a line graph.

  • Armor's private cloud

Virtual Machines

Read Virtual Machine(s)

This permission allows you to view data for a virtual machine, such as

  • Operating system
  • Size
  • Corresponding workload
  • Status
  • Armor's private cloud
Virtual MachinesWrite Virtual MachineThis permission allows you to update and remove virtual machines.
  • Armor's private cloud
  • Armor Anywhere
Virtual MachinesRead OrdersThis permission allows you to view data related to your virtual machine purchase.
  • Armor's private cloud
Virtual MachinesWrite OrdersThis permission allows you to purchase a virtual machine.
  • Armor's private cloud

Virtual Machines

Scale Virtual MachineThis permission allows you upgrade or downgrade (resize) the size of a virtual machine.
  • Armor's private cloud
Virtual MachinesRead Location(s)This permission allows you to view a list of available Armor data centers when you manage your virtual machines.
  • Armor's private cloud
Virtual MachinesRead Virtual Data CentersThis permission allows you to view the list of virtual environments in your account.
  • Armor's private cloud

Virtual Machines

Read Server Replication

This permission allows you to view high-level data for the server replication (disaster recovery) add-on product. Specifically, this permission allows you to view:

  • The status of the add-on product (configuring, enabled, disabled)
  • The location of the primary data center
  • The location of the failover data center
  • The status of the replication
  • Armor's private cloud

Virtual Machines

Write Server ReplicationThis permission allows you to order and cancel the server replication add-on product.
  • Armor's private cloud

Virtual Machines

Read Tasks

This permission allows you to view pending tasks, such as a scheduled delete or downsize of a virtual machine.
  • Armor's private cloud

Virtual Machines

Write TasksThis permission allows you to schedule a delete or downsize of a virtual machine.
  • Armor's private cloud

Virtual Machines

Read StorageThis permission allows you to view disk and storage information for a virtual machine.
  • Armor's private cloud
Virtual MachinesView Core LicenseThis permission allows you to view the core license, which is necessary to download and install the Anywhere agent.
  • Armor Anywhere
Virtual MachinesRead UtilizationThis permission allows you to export the usage for your virtual machine.
  • Armor Anywhere

IP Addresses

Read Network IP

This permission allows you to view data for unassigned and assigned public and private IP addresses

  • Armor's private cloud
IP AddressesWrite Network IP

This permission allows you to update an IP address, such as:

  • Assign an IP addresses
  • Unassign an IP addresses
  • Delete IP address
  • Request a new public IP address
  • Armor's private cloud
IP AddressesRead Network NATThis permission allows you to view DNAT assignments.
  • Armor's private cloud
IP AddressesWrite Network NATThis permission allows you to add and remove DNAT assignments.
  • Armor's private cloud

L2L VPN

Read Network L2L

This permission allows you to view high-level data for your L2L network tunnels.

  • Armor's private cloud
L2L VPNWrite Network L2LThis permission allows you to add, update, and remove L2L tunnels.
  • Armor's private cloud

SSL/VPN

Read SSL VPN Devices and Users

This permission allows you to view the status of your users' SSL VPN client.

  • Armor's private cloud
SSL/VPNWrite SSL VPN Devices and UserThis permission allows you to enable your users the ability to download and install the SSL VPN client.
  • Armor's private cloud
Advanced BackupCommit Advanced Backup Restore

This permission allows you to commit a snapshot after the restoration is complete.

  • Armor's private cloud
Advanced BackupCreate Advanced Backup PolicyThis permission allows you to create a new policy.
  • Armor's private cloud
Advanced BackupRead Advanced Backup This permission allows you to view the Advanced Backup screen.
  • Armor's private cloud
Advanced BackupRead Advanced Backup PolicyThis permission allows you to view policy information and details.
  • Armor's private cloud
Advanced BackupRead Advanced Backup Snapshots This permission allows you to view a list of snapshots (backups) for a virtual machine.
  • Armor's private cloud
Advanced BackupRead Advanced Backup VmsThis permission allows you to view the virtual machines that are subscribed to Advanced Backup.
  • Armor's private cloud
Advanced BackupRefreshed Advanced Backup SnapshotsThis permission allows you to refresh the current list of available snapshots (backups) for a virtual machine.
  • Armor's private cloud
Advanced BackupRemove Advanced BackupThis permission allows you to remove Advanced Backup from a virtual machine.
  • Armor's private cloud
Advanced BackupRequest Advanced Backup RestoreThis permission allows you to initiate a restoration of a snapshot (backup).
  • Armor's private cloud
Advanced BackupUpdate Advanced Backup PolicyThis permission allows you to update the configurations of a policy.
  • Armor's private cloud
Advanced BackupWrite Advanced BackupThis permission allows you to create a policy.
  • Armor's private cloud
Advanced BackupRead Advanced Backup PlansThis permission allows you to view a list of policies.
  • Armor's private cloud


Support Permissions



ScreenPermissionDescriptionProduct compatibility

Tickets


Read Ticket(s)

This permission allows you to view support tickets listed in the View Archived Tickets section.

  • Armor's private cloud
  • Armor Anywhere
TicketsWrite Ticket(s)This permission allows you to create, edit, respond, and share a ticket.
  • Armor's private cloud
  • Armor Anywhere
TicketsRead Ticket Group(s)This permission allows you to view and follow a support ticket, as well as access the Organization features of the ticket.
  • Armor's private cloud
  • Armor Anywhere
TicketsWrite Ticket Group(s)This permission allows you to create and follow a support ticket, as well as access the Organization features of the ticket.
  • Armor's private cloud
  • Armor Anywhere


Account Permissions



ScreenPermissionDescriptionProduct compatibility
Overview (Account screen)

Read Identity

This permission allows you to view the account-level information, such as

  • Account overview
  • Armor contacts
  • User profiles
  • Roles and permissions
  • Armor's private cloud
  • Armor Anywhere
Overview (Account screen)Write Identity

This permission allows you to update account-level information, such as:

  • Invite and remove users
  • Create, update, and remove roles
  • Assign and unassign roles to users
  • Unlock a user after several failed login attempts
  • Armor's private cloud
  • Armor Anywhere
Overview (Account screen)Write AccountThis permission allows you to update your company profile, such as the address.
  • Armor's private cloud
  • Armor Anywhere
User DetailUpdate Personal Identity

This permission allows you to update your personal account information, such as your:

  • Password
  • Challenge Phrase
  • Challenge Response
  • Armor's private cloud
  • Armor Anywhere
Cloud ConnectionsRead Cloud ConnectionsThis permission allows you to view public cloud accounts that have been synced with AMP.
  • Armor Anywhere
Cloud ConnectionsWrite Cloud ConnectionsThis permission allows you to add a new public cloud account to sync with AMP.
  • Armor Anywhere
User DetailRead Notification(s)

This permission allows you to view the notification preferences for your users, such as a user's preference to receive an email regarding technical updates.

  • Armor's private cloud
  • Armor Anywhere

Invoices + Payments

View InvoicesThis permission allows you to view current and previous invoices.
  • Armor's private cloud
  • Armor Anywhere

Payment Methods

Read Payment Information

This permission allows you to view current payment information, such as the primary payment method.

  • Armor's private cloud
  • Armor Anywhere

Payment Methods

Update Payment InformationThis permission allows you to update the payment information, such as adding a new credit card or assigning a new primary payment method
  • Armor's private cloud
  • Armor Anywhere
API Keys (Users screen)API Keys All ReadThis permission allows you to view API keys that have been created. 
  • Armor's private cloud
  • Armor Anywhere
API Keys (Users screen)API Keys All DeleteThis permission allows you to delete an API key. 
  • Armor's private cloud
  • Armor Anywhere
API Keys (Users screen)API Keys Self ManangeThis permission allows you to create an API key. 
  • Armor's private cloud
  • Armor Anywhere
ActivityView Account ActivityThis permission allows you to view the account activity for your users.
  • Armor's private cloud
  • Armor Anywhere
Sub-Accounts

View Sub-Accounts

This permission allows you to view the Sub-Accounts screen
  • Armor Anywhere
Sub-AccountsWrite Sub-AccountsThis permission allows you to create and update sub-accounts.
  • Armor Anywhere


General Permissions



ScreenPermissionDescriptionProduct Compatibility
Not applicableRead Entity MetadataThis permission allows you to view optional notes and tags that have been added to various AMP resources, such as a note added to a virtual machine.
  • Armor's private cloud
  • Armor Anywhere
Not applicableWrite Entity MetadataThis permission allows you to add, update, and delete optional notes and tags to various AMP resource, such as adding a note to a virtual machine.
  • Armor's private cloud
  • Armor Anywhere
Not applicableRead DocumentationThis permissions allows you to view documentation related to a particular product or screen, via the Help icon in the top right corner of the AMP screen (where applicable).
  • Armor's private cloud
  • Armor Anywhere

At a minimum, users must have the following Permission assigned to their account to access AMP:

  • Update Personal Identity

Users without this Permission will immediately be signed out of AMP upon login. 




Was this helpful?