Home > AMP Account User Guides > Roles and Permissions (Armor Complete)


Overview

This topic only applies to Armor Complete users.

If you are an Armor Anywhere user, see Roles and permissions (Armor Anywhere).

There are two ways to assign a user to a role: 

To review Frequently Asked Questions (FAQs) regarding roles and permissions in AMP, see Introduction to roles and permissions.


Assign a default role

Step 1: Review default roles and corresponding permissions

If your AMP account was created before May 2017, then by default, you will only see the Admin role. This role contains every permission available.

You cannot edit the permissions within the default roles. 

The default Admin role contains every permission available.

The Admin role is automatically assigned to a new administrator account.



At a high-level, the default Billing role contains mostly read-only permissions.

Review the following table to better understand the specific permissions associated with the default Billing role. 

AMP ScreenPermissionDescription

Security Dashboard (landing page)

Read Dashboard StatisticsThis permission allows you to view the widgets (and corresponding data) that populate the security dashboard. These widgets display a high-level status of your virtual machines, agents, and open security incidents.

Malware Protection

Read AVAMThis permission allows you to view antivirus and anti-malware (malware protection) details for each virtual machine.

FIM

Read FIMThis permission allows you to view file integrity details for each virtual machine.

Patching

Read OS PackagesThis permission allows you to view details OS patching details for each virtual machine.
Intrusion DetectionRead IDSThis permission allows you to view intrusion detection data.

Log Management

Read LogManagement

This permission allows you to view high-level information for log collection for each virtual machine, such as:

  • Date logs were last received
  • Average size of collected logs
  • Log Status
Log Management

Read LogSearch

This permission allows you to view details for log collection, such as the specific log message, for each virtual machine.

Firewall

Read Firewall

This permission allows you to view details for firewall rules for each virtual machine.

MarketplaceRead Product Catalog

This permission allows you to view available add-on products.

You must have this permission enabled in your account in order to view purchased services and also to order new services in AMP.

Marketplace (and My Products)View SubscriptionsThis permission allows you to view subscription-based add-on products in the My Products screen of the User Details screen.
WorkloadsRead Workload(s)

This permission allows you to view high-level data for workloads, such as

  • the associated data center
  • the number of tiers within the workload
  • the number of virtual machines within the workload
Virtual MachinesWrite OrdersThis permission allows you to provision a new virtual machine.
Virtual MachinesRead Virtual Machine StatsThis permission allows you to view usage data for a virtual data. This data is displayed in a line graph.
Virtual MachinesRead Virtual Machine(s)

This permission allows you to view data for a virtual machine, such as

  • Operating system
  • Size
  • Corresponding workload
  • Status
Virtual MachinesRead Location(s)This permission allows you to view a list of available Armor data centers when you manage your virtual machines.
Virtual MachinesRead Virtual Data CentersThis permission allows you to view the list of virtual environments in your account.
Virtual MachinesRead Server Replication

This permission allows you to view high-level data for the server replication (disaster recovery) add-on product. Specifically, this permission allows you to view:

  • The status of the add-on product (configuring, enabled, disabled)
  • The location of the primary data center
  • The location of the failover data center
  • The status of the replication
Virtual MachinesRead TasksThis permission allows you to view pending tasks, such as a scheduled delete or downsize of a virtual machine.
Virtual MachinesRead StorageThis permission allows you to view disk and storage information for a virtual machine.
IP AddressesRead Network IPThis permission allows you to view data for unassigned and assigned public and private IP addresses
IP AddressesRead Network NATThis permission allows you to view DNAT assignments.
L2L VPNRead Network L2LThis permission allows you to view high-level data for your L2L network tunnels.
SSL/VPNRead SSL VPN Devices and UsersThis permission allows you to view the status of your users' SSL VPN client.
ComplianceRead ComplianceThis permission allows you to view information for the vulnerability scanning add-on product information. Specifically, you will see the status of the add-on product.

Tickets + Notification

Read Ticket(s)This permission allows you to view previous and current support tickets.
Tickets + NotificationWrite Ticket(s)This permission allows you to create and follow a support ticket.
Overview (Account screen)Read Identity

This permission allows you to view the account-level information, such as

  • Account overview
  • Armor contacts
  • User profiles
  • Roles and permissions
User DetailUpdate Personal Identity

This permission allows you to update your personal account information, such as your:

  • Password
  • Challenge Phrase
  • Challenge Response
User DetailRead Notification(s)This permission allows you to view the notification preferences for your users, such as a user's preference to receive an email regarding technical updates.
InvoicesView InvoicesThis permission allows you to view current and previous invoices.
Payment MethodsRead Payment InformationThis permission allows you to view current payment information, such as the primary payment method.
Payment MethodsWrite / Update Payment InformationThis permission allows you to update the payment information, such as adding a new credit card or assigning a new primary payment method
Not applicableRead Entity Metadata

This permission allows you to view optional notes and tags that have been added to various AMP resources, such as a note added to a virtual machine.

Not applicableWrite Entity MetadataThis permission allows you to add, update, and delete optional notes and tags to various AMP resource, such as adding a note to a virtual machine.
Not applicableGlobal SearchThis permission allows you to use the global search function throughout AMP.




At a high-level, the default Technical role contains read-only and write-only permissions, with a focus on security and infrastructure resources in AMP.

Review the following table to better understand the specific permissions associated with the default Technical role. 

AMP ScreenPermissionDescription

Security Dashboard (landing page)

Read Dashboard StatisticsThis permission allows you to view the widgets (and corresponding data) that populate the security dashboard. These widgets display a high-level status of your virtual machines, agents, and open security incidents.
Malware ProtectionRead AVAMThis permission allows you to view antivirus and anti-malware (malware protection) details for each virtual machine.
FIMRead FIMThis permission allows you to view file integrity details for each virtual machine.
PatchingRead OS PackagesThis permission allows you to view details OS patching details for each virtual machine.
Intrusion DetectionRead IDSThis permission allows you to view intrusion detection data.
Log ManagementRead LogManagement

This permission allows you to view high-level information for log collection for each virtual machine, such as:

  • Date logs were last received
  • Average size of collected logs
  • Log Status
Log ManagementRead LogSearchThis permission allows you to view details for log collection, such as the specific log message, for each virtual machine.
Log Management

Write LogManagement

This permission allows you to update the log management service, specifically the permission to upgrade the log retention plan.
FirewallRead FirewallThis permission allows you to view details for firewall rules for each virtual machine.
FirewallWrite FirewallThis permission allows you to add, update, or delete firewall rules.
MarketplaceRead Product Catalog

This permission allows you to view available add-on products.

You must have this permission enabled in your account in order to view purchased services and also to order new services in AMP.

Marketplace (and My Products)View SubscriptionsThis permission allows you to view subscription-based add-on products in the My Products screen of the User Details screen.
Marketplace (and My Products)Write Subscriptions

This permission allows you to view the Armor Marketplace, as well as add and cancel subscription-based add-on products.

Specifically, you can add the subscription in the Armor Marketplace, and then cancel the subscription in the My Products screen of the User Details screen.

WorkloadsRead Workload(s)

This permission allows you to view high-level data for workloads, such as

  • the associated data center
  • the number of tiers within the workload
  • the number of virtual machines within the workload
WorkloadsWrite WorkloadThis permission allows you to create, update, and remove workloads and tiers.
Virtual Machines / VM DetailsWrite OrdersThis permission allows you to provision a new virtual machine.
Virtual Machines / VM DetailsRead Virtual Machine StatsThis permission allows you to view usage data for a virtual data. This data is displayed in a line graph.
Virtual Machines / VM DetailsRead Virtual Machine(s)

This permission allows you to view data for a virtual machine, such as

  • Operating system
  • Size
  • Corresponding workload
  • Status
Virtual Machines / VM DetailsScale Virtual MachineThis permission allows you upgrade or downgrade (resize) the size of a virtual machine.
Virtual Machines / VM DetailsWrite Virtual MachineThis permission allows you to create, update, and remove virtual machines.
Virtual Machines / VM DetailsRead Location(s)This permission allows you to view a list of available Armor data centers when you manage your virtual machines.
Virtual Machines / VM DetailRead Virtual Data CentersThis permission allows you to view the list of virtual environments in your account.
Virtual MachinesRead Server Replication

This permission allows you to view high-level data for the server replication (disaster recovery) add-on product. Specifically, this permission allows you to view:

  • The status of the add-on product (configuring, enabled, disabled)
  • The location of the primary data center
  • The location of the failover data center
  • The status of the replication
Virtual MachinesWrite Server ReplicationThis permission allows you to order and cancel the server replication add-on product.
Virtual MachinesRead TasksThis permission allows you to view pending tasks, such as a scheduled delete or downsize of a virtual machine.
Virtual MachinesWrite TasksThis permission allows you to schedule a delete or downsize of a virtual machine.
Virtual MachinesRead StorageThis permission allows you to view disk and storage information for a virtual machine.
IP AddressesRead Network IPThis permission allows you to view data for unassigned and assigned public and private IP addresses
IP AddressesWrite Network IP

This permission allows you to update an IP address, such as:

  • Assign an IP addresses
  • Unassign an IP addresses
  • Delete IP address
  • Request a new public IP address
IP AddressesRead Network NATThis permission allows you to view DNAT assignments.
IP AddressesWrite Network NATThis permission allows you to add and remove DNAT assignments.
L2L VPNRead Network L2LThis permission allows you to view high-level data for your L2L network tunnels. 
L2L VPNWrite Network L2LThis permission allows you to add, update, and remove L2L tunnels.
SSL/VPNRead SSL VPN Devices and UsersThis permission allows you to view the status of your users' SSL VPN client.
SSL/VPNWrite SSL VPN Devices and UserThis permission allows you to enable your users the ability to download and install the SSL VPN client.
ComplianceRead ComplianceThis permission allows you to view information for the vulnerability scanning add-on product information. Specifically, you will see the status of the add-on product.
ComplianceWrite ComplianceThis permission allows you to upgrade, downgrade, or delete the vulnerability scanning add-on product.
Tickets + NotificationRead Ticket(s)This permission allows you to view previous and current support tickets.
Tickets + NotificationWrite Ticket(s)This permission allows you to create and follow a support ticket.
Overview (Account screen)Read Identity

This permission allows you to view the account-level information, such as

  • Account overview
  • Armor contacts
  • User profiles
  • Roles and permissions
User DetailUpdate Personal Identity

This permission allows you to update your personal account information, such as your:

  • Password
  • Challenge Phrase
  • Challenge Response
User DetailRead Notification(s)This permission allows you to view the notification preferences for your users, such as a user's preference to receive an email regarding technical updates.
Not applicableRead Entity MetadataThis permission allows you to view optional notes and tags that have been added to various AMP resources, such as a note added to a virtual machine.
Not applicableWrite Entity MetadataThis permission allows you to add, update, and delete optional notes and tags to various AMP resource, such as adding a note to a virtual machine.
Not applicableGlobal SearchThis permission allows you to use the global search function throughout AMP.





Step 2: Assign a default role

  1. In the Armor Management Portal (AMP), in the left-side navigation, click Account
  2. Click Roles + Permissions
  3. Locate and select the desired default role (Admin, Billing, or Technical). 
  4. Click Members
  5. Under Members, enter and select the name of the user. 

Create and assign a new role

Step 1: Create a role and add permissions

To see a list of available permissions, see Roles and Permissions (Armor Complete).

 


Step 2: Assign a role to an existing user account



Review default roles and permissions

If your AMP account was created before May 2017, then by default, you will only see the Admin role, which contains all the available permissions. To review every available permissions, see Roles and Permissions (Armor Complete).

You cannot edit the permissions within the default roles. 

The default Admin role contains every permission available.

The Admin role is automatically assigned to a new administrator account.

To review every available permissions, see Roles and Permissions (Armor Complete).



At a high-level, the default Billing role contains mostly read-only permissions.

Review the following table to better understand the specific permissions associated with the default Billing role. 

AMP ScreenPermissionDescription

Security Dashboard (landing page)

Read Dashboard StatisticsThis permission allows you to view the widgets (and corresponding data) that populate the security dashboard. These widgets display a high-level status of your virtual machines, agents, and open security incidents.

Malware Protection

Read AVAMThis permission allows you to view antivirus and anti-malware (malware protection) details for each virtual machine.

FIM

Read FIMThis permission allows you to view file integrity details for each virtual machine.

Patching

Read OS PackagesThis permission allows you to view details OS patching details for each virtual machine.

Log Management

Read LogManagement

This permission allows you to view high-level information for log collection for each virtual machine, such as:

  • Date logs were last received
  • Average size of collected logs
  • Log Status
Log Management

Read LogSearch

This permission allows you to view details for log collection, such as the specific log message, for each virtual machine.

Firewall

Read Firewall

This permission allows you to view details for firewall rules for each virtual machine.

MarketplaceRead Product Catalog

This permission allows you to view available add-on products.

You must have this permission enabled in your account in order to view purchased services and also to order new services in AMP.

Marketplace (and My Products)View SubscriptionsThis permission allows you to view subscription-based add-on products in the My Products screen of the User Details screen.
WorkloadsRead Workload(s)

This permission allows you to view high-level data for workloads, such as

  • the associated data center
  • the number of tiers within the workload
  • the number of virtual machines within the workload
Virtual Machines / VM DetailsWrite OrdersThis permission allows you to provision a new virtual machine.
Virtual Machines / VM DetailsRead Virtual Machine StatsThis permission allows you to view usage data for a virtual data. This data is displayed in a line graph.
Virtual Machines / VM DetailsRead Virtual Machine(s)

This permission allows you to view data for a virtual machine, such as

  • Operating system
  • Size
  • Corresponding workload
  • Status
Virtual Machines / VM DetailsRead Location(s)This permission allows you to view a list of available Armor data centers when you manage your virtual machines.
Virtual Machines / VM DetailsRead Virtual Data CentersThis permission allows you to view the list of virtual environments in your account.
Virtual Machines / VM DetailsRead Server Replication

This permission allows you to view high-level data for the server replication (disaster recovery) add-on product. Specifically, this permission allows you to view:

  • The status of the add-on product (configuring, enabled, disabled)
  • The location of the primary data center
  • The location of the failover data center
  • The status of the replication
Virtual Machines / VM DetailsRead TasksThis permission allows you to view pending tasks, such as a scheduled delete or downsize of a virtual machine.
Virtual Machines / VM DetailsRead StorageThis permission allows you to view disk and storage information for a virtual machine.
IP AddressesRead Network IPThis permission allows you to view data for unassigned and assigned public and private IP addresses
IP AddressesRead Network NATThis permission allows you to view DNAT assignments.
L2L VPNRead Network L2LThis permission allows you to view high-level data for your L2L network tunnels.
SSL/VPNRead SSL VPN Devices and UsersThis permission allows you to view the status of your users' SSL VPN client.
ComplianceRead ComplianceThis permission allows you to view information for the vulnerability scanning add-on product information. Specifically, you will see the status of the add-on product.

Tickets + Notification

Read Ticket(s)This permission allows you to view previous and current support tickets.
Tickets + NotificationWrite Ticket(s)This permission allows you to create and follow a support ticket.
Overview (Account screen)Read Identity

This permission allows you to view the account-level information, such as

  • Account overview
  • Armor contacts
  • User profiles
  • Roles and permissions
User DetailUpdate Personal Identity

This permission allows you to update your personal account information, such as your:

  • Password
  • Challenge Phrase
  • Challenge Response
User DetailRead Notification(s)This permission allows you to view the notification preferences for your users, such as a user's preference to receive an email regarding technical updates.
InvoicesView InvoicesThis permission allows you to view current and previous invoices.
Payment MethodsRead Payment InformationThis permission allows you to view current payment information, such as the primary payment method.
Payment MethodsWrite / Update Payment InformationThis permission allows you to update the payment information, such as adding a new credit card or assigning a new primary payment method
Not applicableRead Entity Metadata

This permission allows you to view optional notes and tags that have been added to various AMP resources, such as a note added to a virtual machine.

Not applicableWrite Entity MetadataThis permission allows you to add, update, and delete optional notes and tags to various AMP resource, such as adding a note to a virtual machine.
Not applicableGlobal SearchThis permission allows you to use the global search function throughout AMP.




At a high-level, the default Technical role contains read-only and write-only permissions, with a focus on security and infrastructure resources in AMP.

Review the following table to better understand the specific permissions associated with the default Technical role. 

AMP ScreenPermissionDescription

Security Dashboard (landing page)

Read Dashboard StatisticsThis permission allows you to view the widgets (and corresponding data) that populate the security dashboard. These widgets display a high-level status of your virtual machines, agents, and open security incidents.
Malware ProtectionRead AVAMThis permission allows you to view antivirus and anti-malware (malware protection) details for each virtual machine.
FIMRead FIMThis permission allows you to view file integrity details for each virtual machine.
PatchingRead OS PackagesThis permission allows you to view details OS patching details for each virtual machine.
Log ManagementRead LogManagement

This permission allows you to view high-level information for log collection for each virtual machine, such as:

  • Date logs were last received
  • Average size of collected logs
  • Log Status
Log ManagementRead LogSearchThis permission allows you to view details for log collection, such as the specific log message, for each virtual machine.
Log Management

Write LogManagement

This permission allows you to update the log management service, specifically the permission to upgrade the log retention plan.
FirewallRead FirewallThis permission allows you to view details for firewall rules for each virtual machine.
FirewallWrite FirewallThis permission allows you to add, update, or delete firewall rules.
MarketplaceRead Product Catalog

This permission allows you to view available add-on products.

You must have this permission enabled in your account in order to view purchased services and also to order new services in AMP.

Marketplace (and My Products)View SubscriptionsThis permission allows you to view subscription-based add-on products in the My Products screen of the User Details screen.
Marketplace (and My Products)Write Subscriptions

This permission allows you to view the Armor Marketplace, as well as add and cancel subscription-based add-on products.

Specifically, you can add the subscription in the Armor Marketplace, and then cancel the subscription in the My Products screen of the User Details screen.

WorkloadsRead Workload(s)

This permission allows you to view high-level data for workloads, such as

  • the associated data center
  • the number of tiers within the workload
  • the number of virtual machines within the workload
WorkloadsWrite WorkloadThis permission allows you to create, update, and remove workloads and tiers.
Virtual Machines / VM DetailsWrite OrdersThis permission allows you to provision a new virtual machine.
Virtual Machines / VM DetailsRead Virtual Machine StatsThis permission allows you to view usage data for a virtual data. This data is displayed in a line graph.
Virtual Machines / VM DetailsRead Virtual Machine(s)

This permission allows you to view data for a virtual machine, such as

  • Operating system
  • Size
  • Corresponding workload
  • Status
Virtual Machines / VM DetailsScale Virtual MachineThis permission allows you upgrade or downgrade (resize) the size of a virtual machine.
Virtual Machines / VM DetailsWrite Virtual MachineThis permission allows you to create, update, and remove virtual machines.
Virtual Machines / VM DetailsRead Location(s)This permission allows you to view a list of available Armor data centers when you manage your virtual machines.
Virtual Machines / VM DetailRead Virtual Data CentersThis permission allows you to view the list of virtual environments in your account.
Virtual MachinesRead Server Replication

This permission allows you to view high-level data for the server replication (disaster recovery) add-on product. Specifically, this permission allows you to view:

  • The status of the add-on product (configuring, enabled, disabled)
  • The location of the primary data center
  • The location of the failover data center
  • The status of the replication
Virtual MachinesWrite Server ReplicationThis permission allows you to order and cancel the server replication add-on product.
Virtual MachinesRead TasksThis permission allows you to view pending tasks, such as a scheduled delete or downsize of a virtual machine.
Virtual MachinesWrite TasksThis permission allows you to schedule a delete or downsize of a virtual machine.
Virtual MachinesRead StorageThis permission allows you to view disk and storage information for a virtual machine.
IP AddressesRead Network IPThis permission allows you to view data for unassigned and assigned public and private IP addresses
IP AddressesWrite Network IP

This permission allows you to update an IP address, such as:

  • Assign an IP addresses
  • Unassign an IP addresses
  • Delete IP address
  • Request a new public IP address
IP AddressesRead Network NATThis permission allows you to view DNAT assignments.
IP AddressesWrite Network NATThis permission allows you to add and remove DNAT assignments.
L2L VPNRead Network L2LThis permission allows you to view high-level data for your L2L network tunnels. 
L2L VPNWrite Network L2LThis permission allows you to add, update, and remove L2L tunnels.
SSL/VPNRead SSL VPN Devices and UsersThis permission allows you to view the status of your users' SSL VPN client.
SSL/VPNWrite SSL VPN Devices and UserThis permission allows you to enable your users the ability to download and install the SSL VPN client.
ComplianceRead ComplianceThis permission allows you to view information for the vulnerability scanning add-on product information. Specifically, you will see the status of the add-on product.
ComplianceWrite ComplianceThis permission allows you to upgrade, downgrade, or delete the vulnerability scanning add-on product.
Tickets + NotificationRead Ticket(s)This permission allows you to view previous and current support tickets.
Tickets + NotificationWrite Ticket(s)This permission allows you to create and follow a support ticket.
Overview (Account screen)Read Identity

This permission allows you to view the account-level information, such as

  • Account overview
  • Armor contacts
  • User profiles
  • Roles and permissions
User DetailUpdate Personal Identity

This permission allows you to update your personal account information, such as your:

  • Password
  • Challenge Phrase
  • Challenge Response
User DetailRead Notification(s)This permission allows you to view the notification preferences for your users, such as a user's preference to receive an email regarding technical updates.
Not applicableRead Entity MetadataThis permission allows you to view optional notes and tags that have been added to various AMP resources, such as a note added to a virtual machine.
Not applicableWrite Entity MetadataThis permission allows you to add, update, and delete optional notes and tags to various AMP resource, such as adding a note to a virtual machine.
Not applicableGlobal SearchThis permission allows you to use the global search function throughout AMP.




Create a role and add permissions

To see a list of available permissions, see Roles and Permissions (Armor Complete).

 


Assign a role to an existing user account

Update a permission for a role 


Remove a role for a newly created or existing user


Delete a role


Review available permissions 

Review the following tables to understand the permissions needed to interact with popular screens in AMP. 

This section does list every permission available.

In the Roles and Permissions screen in AMP, you may see permissions that only apply to Armor Anywhere users. Your roles will not malfunction if you happen to include an Armor Anywhere permission to your role.

The following tables lists permissions that apply to Armor Complete users.



Permissions for virtual machines and workloads

Screen / FeatureActionsPermissionsAdditional information
Virtual Machines and Workloads
  • Create a virtual machine 
  • Reboot, reset, or turn off a virtual machine
  • Delete a virtual machine
  • Resize a virtual machine
  • Upgrade a virtual machine
  • Downgrade a virtual machine
  • Add disk space to an existing virtual machine
  • Export virtual machine data
  • View a workload
  • Create a workload

  • Read Workload(s)
  • Write Workload
  • Read Virtual Machine Stats
  • Read Virtual Machine(s)
  • Write Virtual Machine
  • Scale Virtual Machine
  • Read Location(s)
  • Read Virtual Data Centers
  • Read Tasks
  • Write Tasks
  • Read Storage
  • Read Network L2L
  • Write Network L2L
  • Read SSL VPN Devices and Users
  • Write SSL VPN Devices and User

If you ordered the Continuous Server Replication (Data Recovery) add-on product, then you must also have the following permissions:

  • Read Server Replication
  • Write Server Replication

To learn more about the Virtual Machines screen, see Virtual Machines.



Permissions for IP addresses

Screen / FeatureActionsPermissionsAdditional information
IP Addresses
  • Assign a new public IP address to virtual machine
  • Assign an existing public IP address to a virtual machine
  • Remove an existing public IP address from a virtual machine
  • Delete an unassigned public IP address
  • Delete an assigned public IP address
  • Assign an available private IP address to a virtual machine
  • Unassign a secondary private IP address from a virtual machine
  • Read Network IP
  • Write Network IP
  • Read Network NAT
  • Write Network NAT
  • Read Location(s)
  • Read Virtual Data Centers

To learn more about the IP Addresses screen, see IP Address.



Permissions for firewall rules

Screen / FeatureActionsPermissionsAdditional information
Firewall
  • Create a firewall rule with a new IP address group
  • Create a firewall rule with an existing IP address group
  • Edit a firewall rule
  • Edit name
  • Edit source
  • Edit destination
  • Edit action
  • Edit services
  • Enable or disable a firewall rule
  • Delete a firewall rule
  • Export firewall data
  • Create an IP group
  • Create a service group
  • Write Network IP Addresses 
  • Read Firewall 
  • Write Firewall 
  • Read Location(s)
  • Read Virtual Data Centers

To learn more about the Firewall screen, see Firewall Rules.






Permissions for L2L VPN tunnels

Screen / FeatureActionsPermissionsAdditional information
L2L VPN
  • Create an L2L VPN tunnel with a new workload
  • Edit an L2L VPN tunnel
  • Enable, disable, or delete an L2L VPN tunnel

  • Read Network L2L
  • Write Network L2L
  • Read Location(s)
  • Read Virtual Data Centers

To learn more about the L2L VPN screen, see L2L VPN Tunnel.



Permissions for SSL/VPN 

Screen / FeatureActionsPermissionsAdditional information
SSL/VPN
  • Enable and install your SSL/VPN access
  • Enable SSL/VPN access for your user
  • Disable SSL/VPN for your user
  • Read Network L2L
  • Write Network L2L
  • Read Location(s)
  • Read Virtual Data Centers

To access a virtual machine, you must download and install the SSL/VPN client. An account administrator must first enable their users the ability to download the client. As a result, an account administrator must have the following permissions enabled in their account: 

  • Read SSL VPN Devices and Users
  • Write SSL VPN Devices and Users
  • Read Location(s)
  • Read Virtual Data Centers

To learn more about the SSL/VPN screen, see SSL VPN.



Permissions for support tickets

Screen / FeatureActionsPermissionsAdditional information
Tickets + Notifications
  • Create a support ticket
  • View a support ticket
  • Add a recipient to an existing support ticket
  • Chat with Armor
  • Read Ticket(s)
  • Write Ticket(s)

In addition to these permissions, in order to view a ticket, you must be listed as a recipient. For example, if a user in your account sends a support ticket, and you are not listed as a recipient, then you will not be able to see this ticket.

To learn more about the Tickets + Notifications screen, see Support Tickets.



Permissions for Advanced Backup 

Screen / FeatureActionsPermissionsAdditional information
Advanced Backup
  • Create a snapshot policy
  • Assign a policy to a virtual machine
  • Restore a virtual machine from a backup 
  • Read Avanced Backup Plans
  • Commit Advanced Backup Restore
  • Create Advanced Backup Policy
  • Read Advanced Backup
  • Read Advanced Backup Policy
  • Read Advanced Backup Snapshots
  • Read Advanced Backup Vms
  • Refresh Advanced Backup Snapshots
  • Remote Advanced Backup
  • Request Advanced Backup Restore
  • Update Advanced Backup Policy
  • Write Advanced Backup 

Additionally, you must have all the permissions for the Virtual Machines screen.

To learn more about the Advanced Backup screen, see Advanced Backup.



Permissions for Continuous Server Replication (Disaster Recovery)

Screen / FeatureActionsPermissionsAdditional information
Continuous Server Replication (Disaster Recovery)
  • Order Continuous Server Replication (Disaster Recovery) 
  • Request a test failover
  • Request a live failover
  • Read Server Replication
  • Write Server Replication 

Additionally, you must have all the permissions for the Virtual Machines screen.

To learn more about Continuous Server Replication (Disaster Recovery):



Permissions for Log Management

Screen / FeatureActionsPermissionsAdditional information
Log Management
  • View collected logs in the Search section
  • View the status of the logging subagent in the Sources section
  • Write LogManagement
  • Read LogManagement 

To learn more about Log Management:



 


Permissions for Armor Marketplace

Screen / FeatureActionsPermissionsAdditional information
Armor Marketplace
  • View available add-on products
  • View subscription-based add-on products
  • Add and cancel products
  • Read Product Catalog
  • View Subscriptions
  • Write Subscriptions

To learn more about the Armor Marketplace screen, see Armor Marketplace.



Permissions for the Health Dashboards

Screen / FeatureActionsPermissionsAdditional information
  • Health Overview (landing screen)
    • Protection
    • Detection
    • Response
    • Security Incidents
  • View the data that populates the security dashboards
  • Read Dashboard Statistics




Screen / FeatureActionsPermissionsAdditional information
  • Security screens
    • Malware Protection
    • File Integrity Monitoring (FIM)
    • Patching
  • View the data that populates the security-focused screens
  • Read AVAM
  • Read FIM
  • Read OS Packages





Security screen permissions

ScreenPermissionDescription

Security Dashboard (AMP landing page)

Read Dashboard StatisticsThis permission allows you to view the widgets (and corresponding data) that populate the security dashboard. These widgets display a high-level status of your virtual machines, agents, and open security incidents.

Malware Protection

Read AVAMThis permission allows you to view antivirus and anti-malware (malware protection) details for each virtual machine.

FIM

Read FIMThis permission allows you to view file integrity details for each virtual machine.

Patching

Read OS PackagesThis permission allows you to view details OS patching details for each virtual machine.

Log Management

Read LogManagement

This permission allows you to view high-level information for log collection for each virtual machine, such as:

  • Date logs were last received
  • Average size of collected logs
  • Log Status

Log Management

Write LogManagement

This permission allows you to update the log management service, specifically the permission to upgrade the log retention plan.
Log ManagementRead LogSearchThis permission allows you to view details for log collection, such as the specific log message, for each virtual machine.

Firewall

Read Firewall

This permission allows you to view details for firewall rules for each virtual machine.

Firewall

Write Firewall

This permission allows you to add, update, or delete firewall rules.




Marketplace screen permissions

ScreenPermissionDescription

Marketplace

Read Product Catalog

This permission allows you to view available add-on products.

You must have this permission enabled in your account in order to view purchased services and also to order new services in AMP.

Marketplace and My ProductsView SubscriptionsThis permission allows you to view subscription-based add-on products in the My Products screen of the User Details screen.
Marketplace (and My Products)Write Subscriptions

This permission allows you to view the Armor Marketplace, as well as add and cancel subscription-based add-on products.

Specifically, you can add the subscription in the Armor Marketplace, and then cancel the subscription in the My Products screen of the User Details screen.




Infrastructure screen permissions

ScreenPermissionDescription

Workloads

Read Workload(s)

This permission allows you to view high-level data for workloads, such as

  • the associated data center
  • the number of tiers within the workload
  • the number of virtual machines within the workload
WorkloadsWrite WorkloadThis permission allows you to create, update, and remove workloads and tiers.

Virtual machines / VM Details

Read Virtual Machine Stats

This permission allows you to view usage data for a virtual data. This data is displayed in a line graph.

Virtual Machines / VM Detail

Read Virtual Machine(s)

This permission allows you to view data for a virtual machine, such as

  • Operating system
  • Size
  • Corresponding workload
  • Status
Virtual Machines / VM DetailWrite Virtual MachineThis permission allows you to create, update, and remove virtual machines.

Virtual Machines / VM Detail

Scale Virtual MachineThis permission allows you upgrade or downgrade (resize) the size of a virtual machine.
Virtual Machines / VM DetailRead Location(s)This permission allows you to view a list of available Armor data centers when you manage your virtual machines.
Virtual Machines / VM DetailRead Virtual Data CentersThis permission allows you to view the list of virtual environments in your account.

Virtual Machines / VM Detail

Read Server Replication

This permission allows you to view high-level data for the server replication (disaster recovery) add-on product. Specifically, this permission allows you to view:

  • The status of the add-on product (configuring, enabled, disabled)
  • The location of the primary data center
  • The location of the failover data center
  • The status of the replication

Virtual Machines / VM Detail

Write Server ReplicationThis permission allows you to order and cancel the server replication add-on product.

Virtual Machines / VM Detail

Read Tasks

This permission allows you to view pending tasks, such as a scheduled delete or downsize of a virtual machine.

Virtual Machines / VM Detail

Write TasksThis permission allows you to schedule a delete or downsize of a virtual machine.

Virtual Machines / VM Detail

Read StorageThis permission allows you to view disk and storage information for a virtual machine.

IP Addresses

Read Network IP

This permission allows you to view data for unassigned and assigned public and private IP addresses

IP AddressesWrite Network IP

This permission allows you to update an IP address, such as:

  • Assign an IP addresses
  • Unassign an IP addresses
  • Delete IP address
  • Request a new public IP address
IP AddressesRead Network NATThis permission allows you to view DNAT assignments.
IP AddressesWrite Network NATThis permission allows you to add and remove DNAT assignments.

L2L VPN

Read Network L2L

This permission allows you to view high-level data for your L2L network tunnels.

L2L VPNWrite Network L2LThis permission allows you to add, update, and remove L2L tunnels.

SSL/VPN

Read SSL VPN Devices and Users

This permission allows you to view the status of your users' SSL VPN client.

SSL/VPNWrite SSL VPN Devices and UserThis permission allows you to enable your users the ability to download and install the SSL VPN client.

Read Advanced Backup Plans This permission allows you to subscribe to the Advance Backup add-on product.

Read IDS

Commit Advanced Backup Restore - This permission allows you to commit a snapshot after the restore has completed.

Create Advanced Backup Policy - This permission allows you to create a new policy.

Read Advanced Backup - This permission allows you to view the Advanced Backup dashboard (screen).

Read Advanced Backup Policy - This permission allows you to view policy information and associated details.

Read Advanced Backup Snapshots - This permission allows you to view a list of snapshots (backups) for a virtual machine.

Read Advanced Backup Vms - This permission allows you to view the virtual machines subscribed to the add-on product.

Refreshed Advanced Backup Snapshots - This permission allows you to refresh the current list of available snapshots/backups for a virtual machine.

Remove Advanced Backup - This permissoins allows you to unsubscribe a virtual machine

Request Advanced Backup Restore - This permission allows you to initiate a restore of the snapshot (backup).

Update Advanced Backup Policy - This permission allows you to update settings on a policy.

Write Advanced Backup - This permission allows you to create a policy.



Read Advanced Backup Plans = Needed to subscribe to the service (I’m not 100% sure we’re actually using this, but let’s go ahead and document just in case).

Read Advanced Backup Policy = View Policy information and associated details.

Read Advanced Backup VMs = View VMs subscribed to the service.

Remove Advanced Backup = Unsubscribe VMs from the service.

Create Advanced Backup Policy = Create a new policy.

Read Advanced Backup Snapshots = View a list of snapshots/backups for a given VM.

Refresh Advanced Backup Snapshots = Refresh the current list of available snapshots/backups for a given VM.

Commit Advanced Backup Restore = Commit to a snapshot after the restore has completed.

Read Advanced Backup = Needed to view the Advanced Backup dashboard.

Write Advanced Backup = Needed to subscribe to the service.

Update Advanced Backup Policy = Edit settings on a Policy.

Request Advanced Backup Restore = Initiate a restore to a snapshot/backup. (this would be followed by the commit action, assuming the restore is successful and the customer is happy with that restore point)



Compliance screen permissions

ScreenPermissionDescription

Compliance

Read Compliance

This permission allows you to view information for the vulnerability scanning add-on product information. Specifically, you will see the status of the add-on product.

ComplianceWrite ComplianceThis permission allows you to upgrade, downgrade, or delete the vulnerability scanning add-on product.




Support screen permissions

ScreenPermissionDescription

Tickets + Notification


Read Ticket(s)

This permission allows you to view previous and current support tickets.

Tickets + NotificationWrite Ticket(s)This permission allows you to create and follow a support ticket.




Account screen permissions

ScreenPermissionDescription
Overview (Account screen)

Read Identity

This permission allows you to view the account-level information, such as

  • Account overview
  • Armor contacts
  • User profiles
  • Roles and permissions
Overview (Account screen)Write Identity

This permission allows you to update account-level information, such as:

  • Invite and remove users
  • Create, update, and remove roles
  • Assign and unassign roles to users
  • Unlock a user after several failed login attempts
Overview (Account screen)Write AccountThis permission allows you to update your company profile, such as the address.
(Deprecated User Detail

Update Customer Passwords

This permission allows you to update your password

(Deprecated) User Detail Update Personal Identity

This permission allows you to update your personal account information, such as your:

  • Password
  • Challenge Phrase
  • Challenge Response
User DetailRead Notification(s)

This permission allows you to view the notification preferences for your users, such as a user's preference to receive an email regarding technical updates.

Invoices

View InvoicesThis permission allows you to view current and previous invoices.
View Solutions OrdersView solutions orders (quotes)This permission allows you to view current and previous solutions orders (quotes).
Write Solutions OrdersUpdate or accept solutions orders (quotes)This permission allows you to update or accept pending solutions orders (quotes).

Payment Methods

Read Payment Information

This permission allows you to view current payment information, such as the primary payment method.

Payment Methods

Update Payment InformationThis permission allows you to update the payment information, such as adding a new credit card or assigning a new primary payment method
Not applicableRead Entity Metadata

This permission allows you to view optional notes and tags that have been added to various AMP resources, such as a note added to a virtual machine.

Not applicableWrite Entity MetadataThis permission allows you to add, update, and delete optional notes and tags to various AMP resource, such as adding a note to a virtual machine.
Not applicableGlobal SearchThis permission allows you to use the global search function throughout AMP.