Introduction
Permission sets provide a mechanism for controlling the operations that can be performed by a user or a user group. You can:
- Set permissions for a client user independent of their profile.
- Restrict activities using the permission values for each permission type.
- Authorize access according to the role.
Permissions required to view Permission Sets List:
Type of user | Permissions |
---|---|
SP/MSP | Roles_View |
Client | Administration and Roles_View |
Create a permission set
Follow these steps to create a permission set:
Navigate to Setup > Account. The Account Details page is displayed.
Click the Users and Permissions tile on the Account Details page. The Permission Sets page is displayed.
Click +ADD. The Add Permission page is displayed.
Under Permission Set Details, enter a Permission Set Name and a short description about the permission set.
The Permissions section has the following categories:
- Account Administration
- Collectors
- Remote Access
- Integrations and Apps
- Alerts
- Reports
- Tickets
- Knowledge Base
- Automation
- Logs
- Traces
- Network
Select the permissions you want to allow under each category.
Click Save. The permission set is created.
Users can perform the following actions based on the context:
Type of user | Current context | User action |
---|---|---|
Service Provider User | Service Provider |
|
Partner User | Partner |
|
Partner User | Client | Manage permission set for the current client. |
Client User | Client | Manage permission set for the current client. |
You can perform the following actions after creating a permission set:
Action | Procedure/Description |
---|---|
Search | To search for a permission set:
|
View | To view a permission set:
|
Edit | To update a permission set:
Note: You cannot edit a default permission set. |
Remove | To remove a permission set:
Note: You cannot remove a default permission set. |
Permissions reference
Notes
- The permission listings in the following table are mentioned in the order of the authorization level, from the highest to the least access levels.
- A user with the highest permission level can access and perform all the actions that are available within each permission set.
Category | Permission Type | Permission Value |
---|---|---|
Account Administration | Administration | Administration - Allows access to the Setup tab. |
Users | View - Allows access to view the existing users. Create - Allows access to create users. Manage - Allows access to create, edit and deactivate users, user groups, and roles. A user with Manage permission can also perform the actions available with the Create and View permissions. | |
Roles | Manage - Allows access to view, create, and delete roles. View - Allows access to view the defined roles. A user with Manage permission can also perform the actions available with the View permission. | |
Credentials | Manage - Allows access to manage the existing credential sets. View - View all the credential sets, including the passwords. A user with Manage permission can also perform the actions available with Create, Edit, and View permissions. Edit - Edit a credential set. Create - Create a new credential set. To create a new credential set, you should have access to the All Devices option. | |
Dashboards | View Dashboard - Allows users to only view a dashboard.
The permission allows the:
The permission allows different users (service provider, partner, and clients) to perform a different set of actions on a Private and a Shared dashboard. See Role based dashboard permissions for detailed information about the permissions. | |
Dashboards Access Only | Dashboards Access Only - Allows access only to one's own Dashboard and the Shared Dashboard. The user should also have either the View Dashboard or Manage Dashboard permission along with the Dashboards Access only permission. If this permission is enabled, the users can only access the Dashboards tab and cannot access any other feature. To view the details populated using widgets in the Dashboard, users must configure the permissions required for each widget. See Role based dashboard permissions for detailed information about the permissions. | |
Scheduled Maintenance | View - Allows users to view scheduled maintenance. Manage - Allows users to view, manage, create, edit, and delete scheduled maintenance. A user with Manage permission can also perform the actions available with the View permission. | |
Metrics | Manage - Allows users to create metrics. | |
Devices | View - Allows access to devices under:
Edit - Allows access to edit device details in the infrastructure. Create - Allows access to infrastructure, device listing page, where you can:
| |
Custom Attributes | View - Allows users to only view the custom attributes. Create - Allows users to create custom attributes. Manage - Allows you to control the users who can manage the custom attributes. A user with Manage permission can also perform the actions available with Create and View permissions. | |
My Profile | Edit - Allows you to edit your profile details. | |
Collectors | Gateway Firmware | Allow Update - Allows the user to update the gateway firmware. |
Management Profile | View - Allows access to the Setup tab and to view the services gateway remotely. Manage - Allows access to view, create, and edit the existing gateway profile. A user with Manage permission can also perform the actions available with the View permission. | |
Remote Access | Console Launch | View - Allows remote access to devices from the Infrastructure tab. Manage - Allows users to view, create and edit console options from the Infrastructure tab. A user with Manage permission can also perform the actions available with the View permission. |
Commands | Allow to run - Permits users to run commands. | |
Integrations and Apps | Monitors | View - Allows access to view the templates and monitors applied on a given device in the infrastructure. Customize - Allows access to:
Manage - Allows access to:
|
Integration | View - Allows users to view the Integrations and Apps tile and details of the configured integrations. For example, Integration Audit Logs and Authentication Details except for secret/token. Scan - Allows the user to discover the devices. Edit - Allows users to edit the details of the configured integrations. For example, update mapping inbound attributes and integration events. Manage - Allows users to manage various integration services:
| |
Monitor Templates | Customize - Allows the user to edit monitors and change the thresholds at device level. A user with Customize permission can also perform the actions available with Apply permissions. Apply - Allows the user to Assign/Unassign templates and monitors. | |
Cloud Management | Power Cycle - Allows you to Stop, Start, and Restart instances. Power Cycle and Launch Instances - Allows to create new instances in the cloud account. A user with Power Cycle permission can also perform the actions available with the Launch Instances permissions. Stream View - Allows you to view the metric stream. | Alerts | Alerts | View - Allows access to:
|
OpsQ | View - Allows you to view the alert policies for:
Manage - Allows you to create, edit, or delete the alert policies for:
A user with Manage permission can also perform the actions available with the View permission. | |
Reports | Reports | View - Allows access to view the Reports. Manage - Allows users to manage, create, edit, delete, and view the reports. A user with Manage permission can also perform the actions available with the View permission. |
Tickets | Incident | View - Allows users to view incidents. Edit - Allows users to edit and view incidents. Create - Allows users to create, edit, and view incidents. Manage - Allows users to manage, create, edit, delete, and view incidents. A user with Manage permission can also perform the actions available with Create, Edit, and View permissions. |
Change Request | View - Allows users to view the change request. Edit - Allows users to edit and view the change request. Create - Allows users to create, edit, and view the change request. Manage - Allows users to manage, create, edit, delete, and view the change request. A user with Manage permission can also perform the actions available with Create, Edit, and View permissions. | |
Problem | View - Allows users to view the problem. Edit - Allows users to edit and view the problem. Create - Allows users to create, edit, and view the problem. Manage - Allows users to manage, create, edit, delete, and view the problem. A user with Manage permission can also perform the actions available with Create, Edit, and View permissions. | |
Projects | View - Allows users to view projects. Manage - Allows users to manage projects. A user with Manage permission can also perform the actions available with the View permission. | |
Service Catalog | View - Allows users to view service catalog management in the Setup tab. A user with Manage permission can also perform the actions available with the View permission. Manage - Allows users to view, create provisioning policies, service catalogs, and provisioning workflows. | |
Service Desk | View - Allows users to view the service desk requests. Edit - Allows users to edit and view the service desk requests. Create - Allows users to create, edit, and view the service desk requests. Manage - Allows users to manage, create, edit, delete, and view the service desk requests. A user with Manage permission can also perform the actions available with Create, Edit, and View permissions. | |
Service Request | View - Allows users to view service desk requests. Edit - Allows users to edit and view service desk requests. Create - Allows users to create, edit, and view service desk requests. Manage - Allows users to manage, create, edit, delete, and view service desk requests. A user with Manage permission can also perform the actions available with Create, Edit, and View permissions. | |
Task Request | View - Allows users to view task requests. Edit - Allows users to edit and view task requests. Create - Allows users to create, edit, and view task requests. Manage - Allows users to manage, create, edit, delete, and view task requests. A user with Manage permission can also perform the actions available with Create, Edit, and View permissions. | |
Time-Bound Request | View - Allows users to view time-bound requests. Note: Allows users to manage, create, delete, edit, and view time-bound requests, if they have the service desk manage permission. A user with Manage permission can also perform the actions available with Create, Edit, and View permissions. Edit - Allows users to view and edit time-bound requests. Create - Allows users to create, edit, and view time-bound requests from the Service Desk menu. Manage - Allows users to:
| |
Service Order | View - Allows users to view the service order. A user with Manage permission can also perform the actions available with Create, Edit, Delete, and View permissions. Edit - Allows users to edit the service order. Create - Allows users to create a service order. Delete - Allows users to delete a service order. Manage - Allows users to manage the service order. | |
Knowledge Base | Knowledge Base | View - Allows users to view, rate, comment, like, and share an article. Edit - Allows users to edit the knowledge base. Manage - Allows users to move an article, and also create, edit, and delete the:
|
Automation | Jobs | View - Allows access to the Automation tab. Manage - Allows access to:
|
Patch Approval | View - Allows access to:
| |
Process Automation | View - Allows only to view the process automation artifacts. Manage - Allows users to create and view the process automation artifacts. A user with Manage permission can also perform the actions available with the View permission. | |
Recordings Audit | Play, Search All Recordings - Users can play the recording and search for a recording. My Recordings: Play, Search, Edit - Users can play, search, and edit their recordings only and not any other user recordings. All Recordings: Play, Search, Edit - Users can play, search, and edit notes for all recordings. Users cannot delete any recordings. A user with All Recordings Play, Search, Edit permission can also perform the actions available with the other recording permissions. | |
Scripts | View - Allows access to scripts page in the Automation tab, also allows access to view the list of scripts available, and the scripts scheduled on devices. Manage - Allows users to schedule a given script on a set of devices or to run the script immediately using the Run Now option. A user with Manage permission can also perform the actions available with the View permission. | |
Logs | Logs | View - Allows access to view the logs. Manage - Allows access to create, view, edit, and delete the logs. |
Traces | Traces | View - Allows users to view traces. Manage - Allows users to create, edit, view and delete traces. |
Network | Network Configuration Management | None - The Configuration Backup tab (in Infrastructure → Resources → Network Device → Device) is not visible to the user. View - User can access the Configuration Backup tab, view Date Created, Config Type details, and View and Download options under Actions. Manage - User can access the Configuration Backup tab, view Date Created, Config Type, and View and Download, and Set as baseline (can set baseline) options under Actions. Approve - User can access the Configuration Backup tab, view Date Created, Config Type, and View and Download, and Set as baseline (can set baseline) options under Actions. User can access Network Configuration under Configuration Management and can approve and reject tasks in the COMPLIANCE tab. |
Network Performance Management | None - The Net Flows under Infrastructure is not visible to the user. View - The Net Flows under Infrastructure is accessible to the user. The user can perform all actions except configuring net flows. Manage - The Net Flows under Infrastructure is accessible to the user. The user can perform all actions and configure net flows. |
Role based dashboard permissions
The Role based dashboard permissions are applicable to both the Classic Dashboard and Dashboard 2.0 versions.
Service provider users - private dashboard
The following table provides information about the actions that a service provider user can perform with dashboard and admin permissions on a private dashboard:
User | Dashboard Permission | Admin Permission | Actions |
---|---|---|---|
Service provider | View | Yes | None |
Service provider | View | No | None |
Note: If a user with Manage permission previously created a dashboard and now has View permission, they can still view the private dashboard that was created previously. | |||
Service provider | Manage | Yes |
|
Service provider | Manage | No |
|
Service provider | None | - | No Access |
Service provider users - shared dashboard
Note
The information provided in the Service provider users - shared dashboard is only applicable to Classic Dashboard.A Service Provider user cannot share a dashboard in Dashboard 2.0 version.
The following table provides information about the actions that a service provider user can perform with dashboard and admin permissions on a shared dashboard:
User | Dashboard Permission | Admin Permission | Actions |
---|---|---|---|
Service provider | View | Yes |
|
Service provider | View | No | View |
Service provider | Manage | Yes |
|
Service provider | Manage | No | View |
Service provider | None | - | No Access |
Partner users - private dashboard
The following table provides information about the actions that a partner user can perform with dashboard and admin permissions on a private dashboard:
User | Dashboard Permission | Admin Permission | Actions |
---|---|---|---|
Partner users | View | Yes | None |
Partner users | View | No | None |
Note: If a user with Manage permission previously created a dashboard and now has View permission, they can still view the private dashboard that was created previously. | |||
Partner users | Manage | Yes |
|
Partner users | Manage | No |
|
Partner users | None | - | No Access |
Partner users - shared dashboard
The following table provides information about the actions that a partner user can perform with dashboard and admin permissions on a shared dashboard:
User | Dashboard Permission | Admin Permission | Actions |
---|---|---|---|
Partner users | View | Yes |
|
Partner users | View | No | View |
Partner users | Manage | Yes |
|
Partner users | Manage | No | View |
Partner users | None | - | No Access |
Client users - private dashboard
The following table provides information about the actions that a client user can perform with dashboard and admin permissions on a private dashboard:
User | Dashboard Permission | Admin Permission | Actions |
---|---|---|---|
Client users | View | Yes | None |
Client users | View | No | None |
Note: If a user with Manage permission previously created a dashboard and now has View permission, they can still view the private dashboard that was created previously. | |||
Client users | Manage | Yes |
|
Client users | Manage | No |
|
Client users | None | - | No Access |
Client users - shared dashboard
The following table provides information about the actions that a client user can perform with dashboard and admin permissions on a shared dashboard:
User | Dashboard Permission | Admin Permission | Actions |
---|---|---|---|
Client users | View | Yes |
|
Client users | View | No | View |
Client users | Manage | Yes |
|
Client users | Manage | No | View |
Client users | None | - | No Access |