Additional considerations
Roles allow grouping different levels of access for various organizations and, at the same time, allow grouping different levels of access by module for simplified management.
Multiclient environments
The roles of an organization allow configuring access and visibility for the users of the organization, and also allow including the permissions to configure access and visibility to dependent organizations.
An organization is dependent when:
- It is client type and the roles and users are in the partner organization at a higher level.
- It is a sub-organization of a client organization.
Roles are assigned to users and contain the definition of access and visibility levels, being able to establish different configurations for the root organization and its sub-organizations within the same role. This can only be done in a descending manner; that is, from a higher-level organization, permissions can be assigned to the organization itself and the organizations that depend on it.
Levels of access by modules
The levels of access are also defined for each module of the solution:
Portal
In Portal the following roles exist:
- No access
- Organization administrator or
1in the table below - Read-only organization administrator or
2in the table below - User or
3in the table below - L1 support team or
4in the table below - L1 support team read-only or
5in the table below - L2 support team or
6in the table below - L2 support team read-only or
7in the table below - L3 Engineering Team or
8in the table below - L3 Engineering Team Read Only or
9in the table below - Billing or
10in the table below
To access certain functionalities, in addition to access permissions in Portal, access to Workspaces is required, depending on the functionality, with role Level 1 or Level 2.
These roles by levels allow configuring visibility and segmented accesses according to the needs of each organization, the detail of the visibility and actions available for each level of access to Portal is defined in the table below:
| Section | Functionality | Action | 1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9 | 10 |
|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Home | Read | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ | |
| Operations | Read | ✅ | ✅ | ⭐ | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ | ❌ | |
| Flows | Read | ✅ | ✅ | ⭐ | ❌ | ❌ | ❌ | ❌ | ✅ | ✅ | ❌ | |
| Create | ✅ | ❌ | ⭐⭐ | ❌ | ❌ | ❌ | ❌ | ✅ | ❌ | ❌ | ||
| Refresh | ✅ | ❌ | ⭐⭐ | ❌ | ❌ | ❌ | ❌ | ✅ | ❌ | ❌ | ||
| Delete | ✅ | ❌ | ⭐⭐ | ❌ | ❌ | ❌ | ❌ | ✅ | ❌ | ❌ | ||
| Reports | List | Read | ✅ | ✅ | ❌ | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ | ❌ |
| Detail | Read | ✅ | ✅ | ❌ | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ | ❌ | |
| Create | ✅ | ❌ | ❌ | ❌ | ❌ | ❌ | ❌ | ✅ | ❌ | ❌ | ||
| Delete | ✅ | ❌ | ❌ | ❌ | ❌ | ❌ | ❌ | ✅ | ❌ | ❌ | ||
| Tenants | Create | ✅ | ❌ | ❌ | ❌ | ❌ | ❌ | ❌ | ❌ | ❌ | ❌ | |
| Read | ✅ | ✅ | ❌ | ❌ | ❌ | ❌ | ❌ | ❌ | ❌ | ✅ | ||
| Refresh | ✅ | ❌ | ❌ | ❌ | ❌ | ❌ | ❌ | ❌ | ❌ | ❌ | ||
| Delete | ✅ | ❌ | ❌ | ❌ | ❌ | ❌ | ❌ | ❌ | ❌ | ❌ | ||
| Activation | Read | ✅ | ✅ | ❌ | ❌ | ❌ | ❌ | ❌ | ❌ | ❌ | ✅ | |
| Monitor | Active alerts | Read | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ | ❌ |
| Workspaces | Read | ✅ | ✅ | ⭐ | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ | ❌ | |
| Refresh | ✅ | ❌ | ✅ | ✅ | ❌ | ✅ | ❌ | ✅ | ❌ | ❌ | ||
| Groups | Read | ✅ | ✅ | ✅ | ❌ | ❌ | ✅ | ✅ | ✅ | ✅ | ❌ | |
| Create | ✅ | ❌ | ⭐ | ❌ | ❌ | ✅ | ❌ | ✅ | ❌ | ❌ | ||
| Refresh | ✅ | ❌ | ❌ | ❌ | ❌ | ✅ | ❌ | ✅ | ❌ | ❌ | ||
| Delete | ✅ | ❌ | ❌ | ❌ | ❌ | ✅ | ❌ | ✅ | ❌ | ❌ | ||
| Updates | Read | ✅ | ✅ | ⭐ | ❌ | ❌ | ❌ | ❌ | ❌ | ❌ | ❌ | |
| Create | ✅ | ❌ | ⭐⭐ | ❌ | ❌ | ❌ | ❌ | ❌ | ❌ | ❌ | ||
| Refresh | ✅ | ❌ | ⭐⭐ | ❌ | ❌ | ❌ | ❌ | ❌ | ❌ | ❌ | ||
| Delete | ✅ | ❌ | ⭐⭐ | ❌ | ❌ | ❌ | ❌ | ❌ | ❌ | ❌ | ||
| Analyzer | Installed apps | Read | ✅ | ✅ | ✅ | ❌ | ❌ | ✅ | ✅ | ✅ | ✅ | ❌ |
| Refresh | ✅ | ❌ | ✅ | ❌ | ❌ | ✅ | ❌ | ✅ | ❌ | ❌ | ||
| Analyzer | Licenses | Read | ✅ | ✅ | ❌ | ❌ | ❌ | ✅ | ✅ | ✅ | ✅ | ❌ |
| Create | ✅ | ❌ | ❌ | ❌ | ❌ | ✅ | ❌ | ✅ | ❌ | ❌ | ||
| Refresh | ✅ | ❌ | ❌ | ❌ | ❌ | ✅ | ❌ | ✅ | ❌ | ❌ | ||
| Delete | ✅ | ❌ | ❌ | ❌ | ❌ | ✅ | ❌ | ✅ | ❌ | ❌ | ||
| SAM | Read | ✅ | ✅ | ❌ | ❌ | ❌ | ✅ | ✅ | ✅ | ✅ | ❌ | |
| Microservices | Create | ✅ | ❌ | ❌ | ❌ | ❌ | ✅ | ❌ | ✅ | ❌ | ❌ | |
| Read | ✅ | ✅ | ✅ | ❌ | ❌ | ✅ | ✅ | ✅ | ✅ | ❌ | ||
| Refresh | ✅ | ❌ | ❌ | ❌ | ❌ | ✅ | ❌ | ✅ | ❌ | ❌ | ||
| Enabled | Read | ✅ | ��✅ | ✅ | ❌ | ❌ | ✅ | ✅ | ✅ | ✅ | ❌ | |
| Refresh | ✅ | ❌ | ❌ | ❌ | ❌ | ✅ | ❌ | ✅ | ❌ | ❌ | ||
| Billing | Read | ✅ | ✅ | ❌ | ❌ | ❌ | ❌ | ❌ | ❌ | ❌ | ✅ | |
| Refresh | ✅ | ❌ | ❌ | ❌ | ❌ | ❌ | ❌ | ❌ | ❌ | ✅ | ||
| Product | Read | ✅ | ✅ | ❌ | ❌ | ❌ | ❌ | ❌ | ❌ | ❌ | ❌ | |
| Report | Read | ✅ | ✅ | ✅ | ❌ | ❌ | ❌ | ❌ | ❌ | ❌ | ❌ | |
| Environment | Read | ✅ | ✅ | ✅ | ❌ | ❌ | ❌ | ❌ | ❌ | ❌ | ❌ | |
| Refresh | ✅ | ❌ | ❌ | ❌ | ❌ | ❌ | ❌ | ❌ | ❌ | ❌ | ||
| Agent Settings | Read | ✅ | ✅ | ❌ | ❌ | ❌ | ❌ | ❌ | ❌ | ❌ | ❌ | |
| Refresh | ✅ | ❌ | ❌ | ❌ | ❌ | ❌ | ❌ | ❌ | ❌ | ❌ | ||
| Integrations | Create | ✅ | ❌ | ❌ | ❌ | ❌ | ❌ | ❌ | ❌ | ❌ | ❌ | |
| Read | ✅ | ✅ | ❌ | ❌ | ❌ | ❌ | ❌ | ❌ | ❌ | ❌ | ||
| Refresh | ✅ | ❌ | ❌ | ❌ | ❌ | ❌ | ❌ | ❌ | ❌ | ❌ | ||
| Modules | Create | ✅ | ❌ | ❌ | ❌ | ❌ | ❌ | ❌ | ❌ | ❌ | ❌ | |
| Read | ✅ | ✅ | ❌ | ❌ | ❌ | ❌ | ❌ | ❌ | ❌ | ❌ | ||
| Refresh | ✅ | ❌ | ❌ | ❌ | ❌ | ❌ | ❌ | ❌ | ❌ | ❌ | ||
| Information | Read | ✅ | ✅ | ✅ | ❌ | ❌ | ❌ | �❌ | ❌ | ❌ | ✅ | |
| Refresh | ✅ | ❌ | ❌ | ❌ | ❌ | ❌ | ❌ | ❌ | ❌ | ❌ | ||
| Directives | Create | ✅ | ❌ | ❌ | ❌ | ❌ | ❌ | ❌ | ❌ | ❌ | ❌ | |
| Read | ✅ | ✅ | ✅ | ❌ | ❌ | ❌ | ❌ | ❌ | ❌ | ❌ | ||
| Refresh | ✅ | ❌ | ❌ | ❌ | ❌ | ❌ | ❌ | ❌ | ❌ | ❌ | ||
| Delete | ✅ | ❌ | ❌ | ❌ | ❌ | ❌ | ❌ | ❌ | ❌ | ❌ | ||
| Reporting Groups | Create | ✅ | ❌ | ❌ | ❌ | ❌ | ❌ | ❌ | ❌ | ❌ | ❌ | |
| Read | ✅ | ✅ | ❌ | ❌ | ❌ | ❌ | ❌ | ❌ | ❌ | ❌ | ||
| Refresh | ✅ | ❌ | ❌ | ❌ | ❌ | ❌ | ❌ | ❌ | ❌ | ❌ | ||
| Delete | ✅ | ❌ | ❌ | ❌ | ❌ | ❌ | ❌ | ❌ | ❌ | ❌ | ||
| Agent Settings | Read | ✅ | ✅ | ❌ | ❌ | ❌ | ❌ | ❌ | ❌ | ❌ | ❌ | |
| Refresh | ✅ | ❌ | ❌ | ❌ | ❌ | ❌ | ❌ | ❌ | ❌ | ❌ | ||
| Magic link | Create | ✅ | ❌ | ❌ | ❌ | ❌ | ❌ | ❌ | ❌ | ❌ | ❌ | |
| Read | ✅ | ✅ | ❌ | ❌ | ❌ | ❌ | ❌ | ❌ | ❌ | ❌ | ||
| Refresh | ✅ | ❌ | ❌ | ❌ | ❌ | ❌ | ❌ | ❌ | ❌ | ❌ | ||
| Roles | Create | ✅ | ❌ | ❌ | ❌ | ❌ | ❌ | ❌ | ❌ | ❌ | ❌ | |
| Read | ✅ | ✅ | ❌ | ❌ | ❌ | ❌ | ❌ | ❌ | ❌ | ❌ | ||
| Refresh | ✅ | ❌ | ❌ | ❌ | ❌ | ❌ | ❌ | ❌ | ❌ | ❌ | ||
| Delete | ✅ | ❌ | ❌ | ❌ | ❌ | ❌ | ❌ | ❌ | ❌ | ❌ | ||
| Users | Create | ✅ | ❌ | ❌ | ❌ | ❌ | ❌ | ❌ | ❌ | ❌ | ❌ | |
| Read | ✅ | ✅ | ❌ | ❌ | ❌ | ❌ | ❌ | ❌ | ❌ | ❌ | ||
| Refresh | ✅ | ❌ | ❌ | ❌ | ❌ | ❌ | ❌ | ❌ | ❌ | ❌ | ||
| Delete | ✅ | ❌ | ❌ | ❌ | ❌ | ❌ | ❌ | ❌ | ❌ | ❌ |
- ✅ Has access.
- ⭐ Has access if additionally has L1 in Workspaces.
- ⭐⭐ Has access if additionally has L2 in Workspaces.
- ❌ No access.
Workspaces
In Workspaces, there are four roles with different levels of access available:
- Level 1 or
L1in the table below - Level 1 read-only or
L1 ROin the table below - Level 2 or
L2in the table below - Level 2 read-only or
L2 ROin the table below
Available actions by each role:
| Functionality | Action | L1 | L1 RO | L2 | L2 RO |
|---|---|---|---|---|---|
| UX Panel | View | ✅ | ✅ | ✅ | ✅ |
| Workspaces | View | ✅ | ✅ | ✅ | ✅ |
| Workspaces | Execute operations | ✅ | ❌ | ✅ | ❌ |
| Sessions | View | ✅ | ✅ | ✅ | ✅ |
| Sessions | Execute operations | ✅ | ❌ | ✅ | ❌ |
| Connection Logs | View | ✅ | ✅ | ✅ | ✅ |
| Jobs | View | ✅ | ✅ | ✅ | ✅ |
| Jobs | Cancel | ✅ | ❌ | ✅ | ❌ |
| Alerting | View | ✅ | ✅ | ✅ | ✅ |
| Alerting | Off | ✅ | ❌ | ✅ | ❌ |
| Profile Storage | View | ✅ | ✅ | ✅ | ✅ |
| Profile Storage | Modify | ✅ | ❌ | ✅ | ❌ |
| Profile Storage | Delete | ✅ | ❌ | ✅ | ❌ |
| Alert notification profiles | View | ❌ | ❌ | ✅ | ✅ |
| Alert notification profiles | Modify | ❌ | ❌ | ✅ | ❌ |
| Alert notification profiles | Delete | ❌ | ❌ | ✅ | ❌ |
| Alert Subscriptions | View | ❌ | ❌ | ✅ | ✅ |
| Alert Subscriptions | Modify | ❌ | ❌ | ✅ | ❌ |
| Alert Subscriptions | Delete | ❌ | ❌ | ✅ | ❌ |
| Events Log | View | ❌ | ❌ | ✅ | ✅ |
| Events Log | Modify | ❌ | ❌ | ✅ | ❌ |
| Events Log | Delete | ❌ | ❌ | ✅ | ❌ |
| Locations | View | ❌ | ❌ | ✅ | ✅ |
| Locations | Create | ❌ | ❌ | ✅ | ❌ |
| Locations | Modify | ❌ | ❌ | ✅ | ❌ |
| Networks | View | ❌ | ❌ | ✅ | ✅ |
| Networks | Modify | ❌ | ❌ | ✅ | ❌ |
| Notifications | View | ❌ | ❌ | ✅ | ✅ |
| Notifications | Create | ❌ | ❌ | ✅ | ❌ |
| Notifications | Modify | ❌ | ❌ | ✅ | ❌ |
| Notifications | Delete | ❌ | ❌ | ✅ | ❌ |
| Reporting Groups | View | ❌ | ❌ | ✅ | ✅ |
| Servers | View | ❌ | ❌ | ✅ | ✅ |
| Servers | Execute operations | ❌ | ❌ | ✅ | ❌ |
| Wireless networks | View | ❌ | ❌ | ✅ | ✅ |
| Wireless networks | Modify | ❌ | ❌ | ✅ | ❌ |
- ✅ Has access.
- ❌ No access.
Analyzer
Since Analyzer presents information and never allows modifications to the organization or its devices, it does not segment access to the functionalities it contains, therefore access is either granted or denied to users.
Therefore, the access options to Analyzer are:
- ✅ Access
- ❌ No access