Introduction

Permission sets provide a mechanism for controlling the operations that can be performed by a user or a user group. You can:

  • Set permissions for a client user independent of their profile.
  • Restrict activities using the permission values for each permission type.
  • Authorize access according to the role.

Permissions required to view Permission Sets List:

Type of userPermissions
SP/MSPRoles_View
ClientAdministration and Roles_View

Create a permission set

Follow these steps to create a permission set:

  1. Navigate to Setup > Account. The Account Details page is displayed.

  2. Click the Users and Permissions tile on the Account Details page. The Permission Sets page is displayed.

  3. Click +ADD. The Add Permission page is displayed.

  4. Under Permission Set Details, enter a Permission Set Name and a short description about the permission set.

  5. The Permissions section has the following categories:

    • Account Administration
    • Collectors
    • Remote Access
    • Integrations and Apps
    • Alerts
    • Reports
    • Tickets
    • Knowledge Base
    • Automation
    • Logs
    • Traces
    • Network

  6. Select the permissions you want to allow under each category.

  7. Click Save. The permission set is created.

Users can perform the following actions based on the context:

Type of userCurrent contextUser action
Service Provider UserService Provider
  • Manage permission sets for service provider users.
  • Manage permission sets for partner users across current Service Provider's partners.
  • Manage permission sets for client users across all clients across all partners.
Partner UserPartner
  • Manage permission sets for partner users.
  • Manage permission sets for client users across current partner’s clients.
Partner UserClientManage permission set for the current client.
Client UserClientManage permission set for the current client.

You can perform the following actions after creating a permission set:

ActionProcedure/Description
SearchTo search for a permission set:
  1. Click the search icon on the Permission Sets page.
  2. Type the permission set name in the search box.
    The search result is displayed.

    You can also search for permission sets using the dropdown filter available on the right side of the page. By default, all permission sets are listed.
ViewTo view a permission set:
  1. Search for the permission set.
  2. Click the permission set name to view the details.
EditTo update a permission set:
  1. Search for the permission set and click the permission set name.
  2. Make the necessary changes.
  3. Click Save. The permission set is updated.

Note: You cannot edit a default permission set.

RemoveTo remove a permission set:
  1. Search for the permission set.
  2. Click the action icon that appears when you hover over the permission set name, and click Remove.
  3. From the confirmation dialog box, click Remove to delete the permission set.

Note: You cannot remove a default permission set.

Permissions reference

Notes

  • The permission listings in the following table are mentioned in the order of the authorization level, from the highest to the least access levels.
  • A user with the highest permission level can access and perform all the actions that are available within each permission set.
CategoryPermission TypePermission Value
Account AdministrationAdministrationAdministration - Allows access to the Setup tab.
UsersView - Allows access to view the existing users.
Create - Allows access to create users.
Manage - Allows access to create, edit and deactivate users, user groups, and roles.
A user with Manage permission can also perform the actions available with the Create and View permissions.
RolesManage - Allows access to view, create, and delete roles.
View - Allows access to view the defined roles.
A user with Manage permission can also perform the actions available with the View permission.
CredentialsManage - Allows access to manage the existing credential sets.
View - View all the credential sets, including the passwords.
A user with Manage permission can also perform the actions available with Create, Edit, and View permissions.
Edit - Edit a credential set.
Create - Create a new credential set. To create a new credential set, you should have access to the All Devices option.
DashboardsView Dashboard - Allows users to only view a dashboard. The permission allows the:
  • Service provider, partner, and client users to view the Private dashboard
  • Partner and client users to view the Shared dashboards
Manage Dashboard - Allows users to view, create, edit, and delete a dashboard.
The permission allows different users (service provider, partner, and clients) to perform a different set of actions on a Private and a Shared dashboard.
See Role based dashboard permissions for detailed information about the permissions.
Dashboards Access OnlyDashboards Access Only - Allows access only to one's own Dashboard and the Shared Dashboard.
The user should also have either the View Dashboard or Manage Dashboard permission along with the Dashboards Access only permission.
If this permission is enabled, the users can only access the Dashboards tab and cannot access any other feature.
To view the details populated using widgets in the Dashboard, users must configure the permissions required for each widget.
See Role based dashboard permissions for detailed information about the permissions.
Scheduled MaintenanceView - Allows users to view scheduled maintenance.
Manage - Allows users to view, manage, create, edit, and delete scheduled maintenance.
A user with Manage permission can also perform the actions available with the View permission.
MetricsManage - Allows users to create metrics.
DevicesView - Allows access to devices under:
  • Infrastructure and Dashboard tab
  • View hardware, application, and patches information on the device details page
A user with Manage permission can also perform the actions available with Create, Edit, and View permissions.
Edit - Allows access to edit device details in the infrastructure.
Create - Allows access to infrastructure, device listing page, where you can:
  • Add a device
  • Import devices
  • Add virtualized, storage, UCS and cloud providers-based infrastructure
Manage - Allows access to:
  • Setup
  • Device groups
  • Discovery and deployment
  • Admin console parameters
  • Network device credentials setup
  • Network device configuration backup schedules setup
  • Network device configuration backups pages setup
  • Add a device to a maintenance window
  • Delete or stop managing the device
Custom AttributesView - Allows users to only view the custom attributes.
Create - Allows users to create custom attributes.
Manage - Allows you to control the users who can manage the custom attributes.
A user with Manage permission can also perform the actions available with Create and View permissions.
My ProfileEdit - Allows you to edit your profile details.
CollectorsGateway FirmwareAllow Update - Allows the user to update the gateway firmware.
Management ProfileView - Allows access to the Setup tab and to view the services gateway remotely.
Manage - Allows access to view, create, and edit the existing gateway profile.
A user with Manage permission can also perform the actions available with the View permission.
Remote AccessConsole LaunchView - Allows remote access to devices from the Infrastructure tab.
Manage - Allows users to view, create and edit console options from the Infrastructure tab.
A user with Manage permission can also perform the actions available with the View permission.
CommandsAllow to run - Permits users to run commands.
Integrations and AppsMonitorsView - Allows access to view the templates and monitors applied on a given device in the infrastructure.
Customize - Allows access to:
  • Change threshold and alert conditions for each monitor
  • Create and edit entries in the Setup tab
Create and Edit - Allows access to create and view the templates and monitors applied on a given device in the infrastructure.
Manage - Allows access to:
  • Assign monitoring templates to devices
  • Change threshold and alert conditions for each monitor
  • Create and edit entries in the Setup tab
A user with Manage permission can also perform the actions available with Create and Edit, Customize, and View permissions.
IntegrationView - Allows users to view the Integrations and Apps tile and details of the configured integrations. For example, Integration Audit Logs and Authentication Details except for secret/token.
Scan - Allows the user to discover the devices.
Edit - Allows users to edit the details of the configured integrations. For example, update mapping inbound attributes and integration events.
Manage - Allows users to manage various integration services:
  • Install
  • Bulk uninstall
  • Regenerate secret/token
  • Revoke access token
  • Delete keypair
  • Disable
A user with Manage permission can also perform the actions available with Edit and View permissions.
Monitor TemplatesCustomize - Allows the user to edit monitors and change the thresholds at device level.
A user with Customize permission can also perform the actions available with Apply permissions.
Apply - Allows the user to Assign/Unassign templates and monitors.
Cloud ManagementPower Cycle - Allows you to Stop, Start, and Restart instances.
Power Cycle and Launch Instances - Allows to create new instances in the cloud account.
A user with Power Cycle permission can also perform the actions available with the Launch Instances permissions.
Stream View - Allows you to view the metric stream.
AlertsAlertsView - Allows access to:
  • View details for a given alert
  • Alert list page
Manage - Allows view and manage access to:
  • Alert list and alert report pages
  • Alerts processing
A user with Manage permission can also perform the actions available with the View permission.
OpsQView - Allows you to view the alert policies for:
  • Alert Enrichment
  • Alert Correlation
  • First Response
  • Alert Escalation
  • Alert Prediction
Using this permission, you can only view the policies of other users.
Manage - Allows you to create, edit, or delete the alert policies for:
  • Alert Enrichment
  • Alert Correlation
  • First Response
  • Alert Escalation
  • Alert Prediction
Using this permission, you can manage all the alert policies in your tenant.
A user with Manage permission can also perform the actions available with the View permission.
ReportsReportsView - Allows access to view the Reports.
Manage - Allows users to manage, create, edit, delete, and view the reports.
A user with Manage permission can also perform the actions available with the View permission.
TicketsIncidentView - Allows users to view incidents.
Edit - Allows users to edit and view incidents.
Create - Allows users to create, edit, and view incidents.
Manage - Allows users to manage, create, edit, delete, and view incidents.
A user with Manage permission can also perform the actions available with Create, Edit, and View permissions.
Change RequestView - Allows users to view the change request.
Edit - Allows users to edit and view the change request.
Create - Allows users to create, edit, and view the change request.
Manage - Allows users to manage, create, edit, delete, and view the change request.
A user with Manage permission can also perform the actions available with Create, Edit, and View permissions.
ProblemView - Allows users to view the problem.
Edit - Allows users to edit and view the problem.
Create - Allows users to create, edit, and view the problem.
Manage - Allows users to manage, create, edit, delete, and view the problem.
A user with Manage permission can also perform the actions available with Create, Edit, and View permissions.
ProjectsView - Allows users to view projects.
Manage - Allows users to manage projects.
A user with Manage permission can also perform the actions available with the View permission.
Service CatalogView - Allows users to view service catalog management in the Setup tab.
A user with Manage permission can also perform the actions available with the View permission.
Manage - Allows users to view, create provisioning policies, service catalogs, and provisioning workflows.
Service DeskView - Allows users to view the service desk requests.
Edit - Allows users to edit and view the service desk requests.
Create - Allows users to create, edit, and view the service desk requests.
Manage - Allows users to manage, create, edit, delete, and view the service desk requests.
A user with Manage permission can also perform the actions available with Create, Edit, and View permissions.
Service RequestView - Allows users to view service desk requests.
Edit - Allows users to edit and view service desk requests.
Create - Allows users to create, edit, and view service desk requests.
Manage - Allows users to manage, create, edit, delete, and view service desk requests.
A user with Manage permission can also perform the actions available with Create, Edit, and View permissions.
Task RequestView - Allows users to view task requests.
Edit - Allows users to edit and view task requests.
Create - Allows users to create, edit, and view task requests.
Manage - Allows users to manage, create, edit, delete, and view task requests.
A user with Manage permission can also perform the actions available with Create, Edit, and View permissions.
Time-Bound RequestView - Allows users to view time-bound requests.
Note: Allows users to manage, create, delete, edit, and view time-bound requests, if they have the service desk manage permission.
A user with Manage permission can also perform the actions available with Create, Edit, and View permissions.
Edit - Allows users to view and edit time-bound requests.
Create - Allows users to create, edit, and view time-bound requests from the Service Desk menu.
Manage - Allows users to:
  • View request details
  • Create requests for:
    • Existing partner and client
    • Existing partner and new client
    • New partner and new client
  • Edit time-bound request
Service OrderView - Allows users to view the service order.
A user with Manage permission can also perform the actions available with Create, Edit, Delete, and View permissions.
Edit - Allows users to edit the service order.
Create - Allows users to create a service order.
Delete - Allows users to delete a service order.
Manage - Allows users to manage the service order.
Knowledge BaseKnowledge BaseView - Allows users to view, rate, comment, like, and share an article.
Edit - Allows users to edit the knowledge base.
Manage - Allows users to move an article, and also create, edit, and delete the:
  • Knowledge base
  • Category
  • Article
  • Template
A user with Manage permission can also perform the actions available with Edit, and View permissions.
AutomationJobsView - Allows access to the Automation tab.
Manage - Allows access to:
  • Create a job
  • Edit a job
  • Delete a job
  • Run a job immediately using the Run Now option
A user with Manage permission can also perform the actions available with the View permission.
Patch ApprovalView - Allows access to:
  • Patch management in the Automation tab
  • View the patch status
  • View the configured patch install jobs under patch configuration page
Manage - Allows access to:
  • Patch management in the Automation tab
  • Patch configuration page where users can create, edit, and delete a patch install job
  • Patch approval pages, where one can approve patches for a set of devices
A user with Manage permission can also perform the actions available with the View permission.
Process AutomationView - Allows only to view the process automation artifacts.
Manage - Allows users to create and view the process automation artifacts.
A user with Manage permission can also perform the actions available with the View permission.
Recordings AuditPlay, Search All Recordings - Users can play the recording and search for a recording.
My Recordings: Play, Search, Edit - Users can play, search, and edit their recordings only and not any other user recordings.
All Recordings: Play, Search, Edit - Users can play, search, and edit notes for all recordings. Users cannot delete any recordings.
A user with All Recordings Play, Search, Edit permission can also perform the actions available with the other recording permissions.
ScriptsView - Allows access to scripts page in the Automation tab, also allows access to view the list of scripts available, and the scripts scheduled on devices.
Manage - Allows users to schedule a given script on a set of devices or to run the script immediately using the Run Now option.
A user with Manage permission can also perform the actions available with the View permission.
LogsLogsView - Allows access to view the logs.
Manage - Allows access to create, view, edit, and delete the logs.
TracesTracesView - Allows users to view traces.
Manage - Allows users to create, edit, view and delete traces.
NetworkNetwork Configuration ManagementNone - The Configuration Backup tab (in
Infrastructure → Resources → Network Device → Device) is not visible to the user.
View - User can access the Configuration Backup tab, view Date Created, Config Type details, and View and Download options under Actions.
Manage - User can access the Configuration Backup tab, view Date Created, Config Type, and View and Download, and Set as baseline (can set baseline) options under Actions.
Approve - User can access the Configuration Backup tab, view Date Created, Config Type, and View and Download, and Set as baseline (can set baseline) options under Actions.
User can access Network Configuration under Configuration Management and can approve and reject tasks in the COMPLIANCE tab.
Network Performance ManagementNone - The Net Flows under Infrastructure is not visible to the user.
View - The Net Flows under Infrastructure is accessible to the user. The user can perform all actions except configuring net flows.
Manage - The Net Flows under Infrastructure is accessible to the user. The user can perform all actions and configure net flows.

Role based dashboard permissions

The Role based dashboard permissions are applicable to both the Classic Dashboard and Dashboard 2.0 versions.

Service provider users - private dashboard

The following table provides information about the actions that a service provider user can perform with dashboard and admin permissions on a private dashboard:

UserDashboard PermissionAdmin PermissionActions
Service providerViewYesNone
Service providerViewNoNone
Note: If a user with Manage permission previously created a dashboard and now has View permission, they can still view the private dashboard that was created previously.
Service providerManageYes
  • View
  • Create
  • Edit
  • Delete
Service providerManageNo
  • View
  • Create
  • Edit
  • Delete
Service providerNone-No Access

Service provider users - shared dashboard

The following table provides information about the actions that a service provider user can perform with dashboard and admin permissions on a shared dashboard:

UserDashboard PermissionAdmin PermissionActions
Service providerViewYes
  • View
  • Edit
  • Delete
Service providerViewNoView
Service providerManageYes
  • View
  • Edit
  • Delete
Service providerManageNoView
Service providerNone-No Access

Partner users - private dashboard

The following table provides information about the actions that a partner user can perform with dashboard and admin permissions on a private dashboard:

UserDashboard PermissionAdmin PermissionActions
Partner usersViewYesNone
Partner usersViewNoNone
Note: If a user with Manage permission previously created a dashboard and now has View permission, they can still view the private dashboard that was created previously.
Partner usersManageYes
  • View
  • Create
  • Edit
  • Delete
Partner usersManageNo
  • View
  • Create
  • Edit
  • Delete
Partner usersNone-No Access

Partner users - shared dashboard

The following table provides information about the actions that a partner user can perform with dashboard and admin permissions on a shared dashboard:

UserDashboard PermissionAdmin PermissionActions
Partner usersViewYes
  • View
  • Edit
  • Delete
Partner usersViewNoView
Partner usersManageYes
  • View
  • Edit
  • Delete
Partner usersManageNoView
Partner usersNone-No Access

Client users - private dashboard

The following table provides information about the actions that a client user can perform with dashboard and admin permissions on a private dashboard:

UserDashboard PermissionAdmin PermissionActions
Client usersViewYesNone
Client usersViewNoNone
Note: If a user with Manage permission previously created a dashboard and now has View permission, they can still view the private dashboard that was created previously.
Client usersManageYes
  • View
  • Create
  • Edit
  • Delete
Client usersManageNo
  • View
  • Create
  • Edit
  • Delete
Client usersNone-No Access

Client users - shared dashboard

The following table provides information about the actions that a client user can perform with dashboard and admin permissions on a shared dashboard:

UserDashboard PermissionAdmin PermissionActions
Client usersViewYes
  • View
  • Edit
  • Delete
Client usersViewNoView
Client usersManageYes
  • View
  • Edit
  • Delete
Client usersManageNoView
Client usersNone-No Access