Version: 25.2

Additional considerations

Roles allow grouping different levels of access for several organizations and, at the same time, allow grouping different levels of access by module to manage them in a simplified way.

Multiclient environments

The roles of an organization allow configuring access and visibility for the users of the organization, and also allow including the permissions to configure access and visibility to dependent organizations.

An organization is dependent when:

It is client type and the roles and users are in the partner organization at a higher level.
It is a sub-organization of a client organization.

Roles are assigned to users and contain the definition of levels of access and visibility, being able to establish different configurations for the root organization and its sub-organizations in the same role. This can only be done in a descending manner; that is, from a higher-level organization, permissions can be assigned to the organization itself and the organizations that depend on it.

Levels of access by modules

roles-permissions

The levels of access are also defined for each module of the solution:

Portal
Workspaces
Analyzer

Portal

In Portal the following roles exist:

No access
Organization Administrator or 1 in the table below
Read-only organization administrator or 2 in the table below
User or 3 in the table below
L1 support team or 4 in the table below
L1 support team read-only or 5 in the table below
L2 support team or 6 in the table below
L2 support team read-only or 7 in the table below
L3 Engineering Team or 8 in the table below
L3 Engineering Team Read Only or 9 in the table below
Billing or 10 in the table below

To access certain functionalities, in addition to access permissions in Portal, access to Workspaces is required, depending on the functionality, with role Level 1 or Level 2.

These role levels allow configuring visibility and segmented access according to the needs of each organization. The details of the visibility and actions available for each Portal access level are defined in the table below:

Section	Functionality	Action	1	2	3	4	5	6	7	8	9	10
Home		Read	✅	✅	✅	✅	✅	✅	✅	✅	✅	✅
Operations		Read	✅	✅	⭐	✅	✅	✅	✅	✅	✅	❌
Flows		Read	✅	✅	⭐	❌	❌	❌	❌	✅	✅	❌
		Create	✅	❌	⭐⭐	❌	❌	❌	❌	✅	❌	❌
		Refresh	✅	❌	⭐⭐	❌	❌	❌	❌	✅	❌	❌
		Delete	✅	❌	⭐⭐	❌	❌	❌	❌	✅	❌	❌
Reports	List	Read	✅	✅	❌	✅	✅	✅	✅	✅	✅	❌
	Detail	Read	✅	✅	❌	✅	✅	✅	✅	✅	✅	❌
		Create	✅	❌	❌	❌	❌	❌	❌	✅	❌	❌
		Delete	✅	❌	❌	❌	❌	❌	❌	✅	❌	❌
Tenants		Create	✅	❌	❌	❌	❌	❌	❌	❌	❌	❌
		Read	✅	✅	❌	❌	❌	❌	❌	❌	❌	✅
		Refresh	✅	❌	❌	❌	❌	❌	❌	❌	❌	❌
		Delete	✅	❌	❌	❌	❌	❌	❌	❌	❌	❌
	Activation	Read	✅	✅	❌	❌	❌	❌	❌	❌	❌	✅
Monitor	Active alerts	Read	✅	✅	✅	✅	✅	✅	✅	✅	✅	❌
	Alert Configuration	Create	✅	❌	❌	❌	❌	❌	❌	❌	❌	❌
		Read	✅	✅	✅	❌	❌	❌	❌	❌	❌	❌
		Refresh	✅	❌	❌	❌	❌	❌	❌	❌	❌	❌
		Delete	✅	❌	❌	❌	❌	❌	❌	❌	❌	❌
Workspaces		Read	✅	✅	⭐	✅	✅	✅	✅	✅	✅	❌
		Refresh	✅	❌	✅	✅	❌	✅	❌	✅	❌	❌
	Groups	Read	✅	✅	✅	✅	✅	✅	✅	✅	✅	❌
		Create	✅	❌	⭐	❌	❌	✅	❌	✅	❌	❌
		Refresh	✅	❌	❌	❌	❌	✅	❌	✅	❌	❌
		Delete	✅	❌	❌	❌	❌	✅	❌	✅	❌	❌
Patch		Read	✅	✅	⭐	❌	❌	❌	❌	❌	❌	❌
		Create	✅	❌	⭐⭐	❌	❌	❌	❌	❌	❌	❌
		Refresh	✅	❌	⭐⭐	❌	❌	❌	❌	❌	❌	❌
		Delete	✅	❌	⭐⭐	❌	❌	❌	❌	❌	❌	❌
Analyzer	Installed apps	Read	✅	✅	✅	❌	❌	✅	✅	✅	✅	❌
		Refresh	✅	❌	✅	❌	❌	✅	❌	✅	❌	❌
Analyzer	Licenses	Read	✅	✅	❌	❌	❌	✅	✅	✅	✅	❌
		Create	✅	❌	❌	❌	❌	✅	❌	✅	❌	❌
		Refresh	✅	❌	❌	❌	❌	✅	❌	✅	❌	❌
		Delete	✅	❌	❌	❌	❌	✅	❌	✅	❌	❌
SAM		Read	✅	✅	❌	❌	❌	✅	✅	✅	✅	❌
Microservices		Create	✅	❌	❌	❌	❌	✅	❌	✅	❌	❌
		Read	✅	✅	✅	❌	❌	✅	✅	✅	✅	❌
		Refresh	✅	❌	❌	❌	❌	✅	❌	✅	❌	❌
	Enabled	Read	✅	✅	✅	❌	❌	✅	✅	✅	✅	❌
		Refresh	✅	❌	❌	❌	❌	✅	❌	✅	❌	❌
Billing		Read	✅	✅	❌	❌	❌	❌	❌	❌	❌	✅
		Refresh	✅	❌	❌	❌	❌	❌	❌	❌	❌	✅
Product		Read	✅	✅	❌	❌	❌	❌	❌	❌	❌	❌
	Report	Read	✅	✅	✅	❌	❌	❌	❌	❌	❌	❌
	Environment	Read	✅	✅	✅	❌	❌	❌	❌	❌	❌	❌
		Refresh	✅	❌	❌	❌	❌	❌	❌	❌	❌	❌
	Agent Settings	Read	✅	✅	❌	❌	❌	❌	❌	❌	❌	❌
		Refresh	✅	❌	❌	❌	❌	❌	❌	❌	❌	❌
Integrations		Create	✅	❌	❌	❌	❌	❌	❌	❌	❌	❌
		Read	✅	✅	❌	❌	❌	❌	❌	❌	❌	❌
		Refresh	✅	❌	❌	❌	❌	❌	❌	❌	❌	❌
Modules		Create	✅	❌	❌	❌	❌	❌	❌	❌	❌	❌
		Read	✅	✅	❌	❌	❌	❌	❌	❌	❌	❌
		Refresh	✅	❌	❌	❌	❌	❌	❌	❌	❌	❌
Information		Read	✅	✅	✅	❌	❌	❌	❌	❌	❌	✅
		Refresh	✅	❌	❌	❌	❌	❌	❌	❌	❌	❌
Directives		Create	✅	❌	❌	❌	❌	❌	❌	❌	❌	❌
		Read	✅	✅	✅	❌	❌	❌	❌	❌	❌	❌
		Refresh	✅	❌	❌	❌	❌	❌	❌	❌	❌	❌
		Delete	✅	❌	❌	❌	❌	❌	❌	❌	❌	❌
Reporting Groups		Create	✅	❌	❌	❌	❌	❌	❌	❌	❌	❌
		Read	✅	✅	❌	❌	❌	❌	❌	❌	❌	❌
		Refresh	✅	❌	❌	❌	❌	❌	❌	❌	❌	❌
		Delete	✅	❌	❌	❌	❌	❌	❌	❌	❌	❌
	Agent Settings	Read	✅	✅	❌	❌	❌	❌	❌	❌	❌	❌
		Refresh	✅	❌	❌	❌	❌	❌	❌	❌	❌	❌
	Auto update settings	Refresh	✅	❌	❌	❌	❌	❌	❌	❌	❌	❌
	Magic link	Create	✅	❌	❌	❌	❌	❌	❌	❌	❌	❌
		Read	✅	✅	❌	❌	❌	❌	❌	❌	❌	❌
		Refresh	✅	❌	❌	❌	❌	❌	❌	❌	❌	❌
Roles		Create	✅	❌	❌	❌	❌	❌	❌	❌	❌	❌
		Read	✅	✅	❌	❌	❌	✅	✅	✅	✅	❌
		Refresh	✅	❌	❌	❌	❌	❌	❌	❌	❌	❌
		Delete	✅	❌	❌	❌	❌	❌	❌	❌	❌	❌
Users		Create	✅	❌	❌	❌	❌	❌	❌	❌	❌	❌
		Read	✅	✅	❌	❌	❌	✅	✅	✅	✅	❌
		Refresh	✅	❌	❌	❌	❌	❌	❌	❌	❌	❌
		Delete	✅	❌	❌	❌	❌	❌	❌	❌	❌	❌

info

✅ Has access.
⭐ Has access if additionally has L1 in Workspaces.
⭐⭐ Has access if additionally has L2 in Workspaces.
❌ No access.

Access Levels for Microservices

In microservices, the same roles are maintained as in Portal, but with specific access levels:

Microservices

The user's role corresponds to the organization where the microservice was created.

Action	1	2	3	4	5	6	7	8	9	10
Clone / create	✅	❌	❌	❌	❌	✅	❌	✅	❌	❌
View	✅	✅	🔑	❌	❌	✅	✅	✅	✅	❌
Edit	✅	❌	💡	❌	❌	✅	❌	✅	❌	❌
Change to public or private	❌	❌	❌	❌	❌	❌	❌	❌	❌	❌
Edit visibility when private	✅	❌	💡	❌	❌	✅	❌	✅	❌	❌

info

✅ Has access.
🔑 Access is granted if additionally has L1 read-only access in Workspaces.
💡 Access is granted if the author of the microservice.
❌ No access.

Enabled microservices

The user's role corresponds to the organization where the microservice was enabled or disabled.

Action	1	2	3	4	5	6	7	8	9	10
Enable	✅	❌	❌	❌	❌	✅	❌	✅	❌	❌
Disable	✅	❌	❌	❌	❌	✅	❌	✅	❌	❌
Edit	✅	❌	❌	❌	❌	✅	❌	✅	❌	❌

info

✅ Has access.
❌ No access.

Workspaces

In Workspaces, there are four roles with different levels of access available:

Level 1 or L1 in the table below
Level 1 read-only or L1 RO in the table below
Level 2 or L2 in the table below
Level 2 read-only or L2 RO in the table below

Available actions by each role:

Functionality	Action	L1	L1 RO	L2	L2 RO
UX Panel	View	✅	✅	✅	✅
Workspaces	View	✅	✅	✅	✅
Workspaces	Execute operations	✅	❌	✅	❌
Sessions	View	✅	✅	✅	✅
Sessions	Execute operations	✅	❌	✅	❌
Connection Logs	View	✅	✅	✅	✅
Job	View	✅	✅	✅	✅
Job	Cancel	✅	❌	✅	❌
Alert	View	✅	✅	✅	✅
Alert	Off	✅	❌	✅	❌
Profile Storage	View	✅	✅	✅	✅
Profile Storage	Modify	✅	❌	✅	❌
Profile Storage	Delete	✅	❌	✅	❌
Alert notification profiles	View	❌	❌	✅	✅
Alert notification profiles	Modify	❌	❌	✅	❌
Alert notification profiles	Delete	❌	❌	✅	❌
Alert Subscriptions	View	❌	❌	✅	✅
Alert Subscriptions	Modify	❌	❌	✅	❌
Alert Subscriptions	Delete	❌	❌	✅	❌
Event Logs	View	❌	❌	✅	✅
Event Logs	Modify	❌	❌	✅	❌
Event Logs	Delete	❌	❌	✅	❌
Locations	View	❌	❌	✅	✅
Locations	Create	❌	❌	✅	❌
Locations	Modify	❌	❌	✅	❌
Networks	View	❌	❌	✅	✅
Networks	Modify	❌	❌	✅	❌
Notifications	View	❌	❌	✅	✅
Notifications	Create	❌	❌	✅	❌
Notifications	Modify	❌	❌	✅	❌
Notifications	Delete	❌	❌	✅	❌
Reporting Groups	View	❌	❌	✅	✅
Servers	View	❌	❌	✅	✅
Servers	Execute operations	❌	❌	✅	❌
Wireless networks	View	❌	❌	✅	✅
Wireless networks	Modify	❌	❌	✅	❌

info

✅ Has access.
❌ No access.

Analyzer

Since Analyzer presents information and never allows modifications to the organization or its devices, it does not segment access to the functionalities it contains, therefore access is either granted or denied to users.

Therefore, the access options to Analyzer are:

Access
No access

Multiclient environments​

Levels of access by modules​

Portal​

Microservices​

Enabled microservices​

Workspaces​

Analyzer​

Multiclient environments

Levels of access by modules

Portal

Microservices

Enabled microservices

Workspaces

Analyzer