Skip to main content
Skip table of contents

Review All Permissions

In the Armor Management Portal (AMP), permissions allow you to control the way your users access their AMP account.

There are many shared permissions between Armor Enterprise Cloud and Armor Anywhere. As a result, this document applies to both Armor Enterprise Cloud and Armor Anywhere users.

Review the Product compatibility column for product-specific permissions.

In the Roles and Permissions screen, you may see permissions that only apply to Armor Enterprise Cloud or Armor Anywhere users. Your roles will not malfunction if you include a permission for a different product into your role.

Security Permissions

Screen

Permission

Description

Product compatibility

Security Health Dashboards

  • Health Overview (landing screen)

  • Protection

  • Detection

  • Response

  • Security Incidents

Read Dashboard Statistics

This permission allows you to view the data that populates the security dashboards.

  • Armor Enterprise Cloud

  • Armor Anywhere

Malware Protection

Read AVAM

This permission allows you to view antivirus and anti-malware (malware protection) details for each virtual machine.

  • Armor Enterprise Cloud

  • Armor Anywhere

Malware Protection

Read Trend Manual Scan

This permission allows you to view which virtual machines are eligible for a manual scan.

  • Armor Enterprise Cloud

  • Armor Anywhere

Malware Protection

Writer Trend Manual Scan

This permission allows you to start a manual scan for a virtual machine.

  • Armor Enterprise Cloud

  • Armor Anywhere

FIM

Read FIM

This permission allows you to view file integrity details for each virtual machine.

  • Armor Enterprise Cloud

  • Armor Anywhere

Patching

Read OS Packages

This permission allows you to view details OS patching details for each virtual machine.

  • Armor Enterprise Cloud

  • Armor Anywhere

Intrusion Detection

Read IDS

This permission allows you to view intrusion detection data.

  • Armor Enterprise Cloud

  • Armor Anywhere

Log & Data Management

Read LogManagement

This permission allows you to view high-level information for log collection for each virtual machine, such as:

  • Date logs were last received

  • Average size of collected logs

  • Log Status

  • Armor Enterprise Cloud

  • Armor Anywhere

Log & Data Management

Write LogManagement

This permission allows you to update the log management service, specifically the permission to upgrade the log retention plan.

  • Armor Enterprise Cloud

  • Armor Anywhere

Log & Data Management

Read Log Management Plan Selection

This permission allows you to view additional log retention plans.

  • Armor Enterprise Cloud

  • Armor Anywhere

Log & Data Management

Write Log Management Plan Selection

This permission allows you to change log retention plans.

  • Armor Enterprise Cloud

  • Armor Anywhere

Log & Data Management

Delete Log Management

This permission allows you to delete a log source.

  • Armor Enterprise Cloud

  • Armor Anywhere

Log & Data Management

Read Log Endpoints

This permission allows you to view an endpoint.

  • Armor Enterprise Cloud

  • Armor Anywhere

Log & Data Management

Write Log Endpoints

This permission allows you to create an endpoint.

  • Armor Enterprise Cloud

  • Armor Anywhere

Log & Data Management

Delete Log Endpoints

This permission allows you to delete an endpoint.

  • Armor Enterprise Cloud

  • Armor Anywhere

Log & Data Management

Read Log Relays

This permission allows you to view a remote log source.

  • Armor Enterprise Cloud

  • Armor Anywhere

Log & Data Management

Write Log Relays

This permission allows you to create a remote log source.

  • Armor Enterprise Cloud

  • Armor Anywhere

Log & Data Management

Delete Log Relays

This permission allows you to delete a remote log source.

  • Armor Enterprise Cloud

  • Armor Anywhere

Vulnerability Scanning

Read Compliance

This permission allows you to view information for the vulnerability scanning add-on product information. Specifically, you will see the status of the add-on product.

  • Armor Enterprise Cloud

Vulnerability Scanning

Write Compliance

This permission allows you to upgrade, downgrade, or delete the vulnerability scanning add-on product.

  • Armor Enterprise Cloud

Vulnerability Scanning

View Vulnerability Scans

This permission allows you to view the data for a vulnerability scanning report, via a downloaded report or within AMP.

  • Armor Anywhere

Dynamic Threat Blocking

Read Dynamic Threat Blocking Rule(s)

This permission allows you to view IP rules that have been created.

  • Armor Enterprise Cloud

  • Armor Anywhere

Dynamic Threat Blocking

Write Dynamic Threat Blocking Rule(s)

This permission allows you to create and delete an IP rule (whitelist or blacklist).

  • Armor Enterprise Cloud

  • Armor Anywhere

Dynamic Threat Blocking

Write Dynamic Threat Blocking Rule Never Expire IP

This permission allows you to create an IP rule (whitelist or blacklist) without an expiration date.

  • Armor Enterprise Cloud

  • Armor Anywhere

Dynamic Threat Blocking

Read Dynamic Threat Blocking(s)

This permission allows you to perform an IP lookup. Additionally, this permission allows you to view other IP lookups that have taken place in your account.

  • Armor Enterprise Cloud

  • Armor Anywhere

Firewall

Read Firewall

This permission allows you to view details for firewall rules for each virtual machine.

  • Armor Enterprise Cloud

Firewall

Write Firewall

This permission allows you to add, update, or delete firewall rules.

  • Armor Enterprise Cloud

Security Incidents

Read Dashboard Statistics

This permission allows you to view the data that populates the security dashboards, which includes open or pending security incidents.

  • Armor Enterprise Cloud

  • Armor Anywhere


Marketplace Permissions

Screen

Permission

Description

Product compatibility

Marketplace

Read Product Catalog

This permission allows you to view available add-on products.

You must have this permission enabled in your account in order to view purchased services and also to order new services in AMP.

  • Armor Enterprise Cloud

Marketplace and My Products

View Subscriptions

This permission allows you to view subscription-based add-on products in the My Products screen of the User Details screen.

  • Armor Enterprise Cloud

Marketplace (and My Products)

Write Subscriptions

This permission allows you to view the Armor Marketplace, as well as add and cancel subscription-based add-on products.

Specifically, you can add the subscription in the Armor Marketplace, and then cancel the subscription in the My Products screen of the User Details screen.

  • Armor Enterprise Cloud


Infrastructure Permissions

Screen

Permission

Description

Product compatibility

Workloads

Read Workload(s)

This permission allows you to view high-level data for workloads, such as

  • the associated data center

  • the number of tiers within the workload

  • the number of virtual machines within the workload

  • Armor Enterprise Cloud

Workloads

Write Workload

This permission allows you to create, update, and remove workloads and tiers.

  • Armor Enterprise Cloud

Virtual Machines

Read Virtual Machine Stats

This permission allows you to view usage data for a virtual data. This data is displayed in a line graph.

  • Armor Enterprise Cloud

Virtual Machines

Read Virtual Machine(s)

This permission allows you to view data for a virtual machine, such as

  • Operating system

  • Size

  • Corresponding workload

  • Status

  • Armor Enterprise Cloud

Virtual Machines

Write Virtual Machine

This permission allows you to update and remove virtual machines.

  • Armor Enterprise Cloud

  • Armor Anywhere

Virtual Machines

Read Orders

This permission allows you to view data related to your virtual machine purchase.

  • Armor Enterprise Cloud

Virtual Machines

Write Orders

This permission allows you to purchase a virtual machine.

  • Armor Enterprise Cloud

Virtual Machines

Scale Virtual Machine

This permission allows you upgrade or downgrade (resize) the size of a virtual machine.

  • Armor Enterprise Cloud

Virtual Machines

Read Location(s)

This permission allows you to view a list of available Armor data centers when you manage your virtual machines.

  • Armor Enterprise Cloud

Virtual Machines

Read Virtual Data Centers

This permission allows you to view the list of virtual environments in your account.

  • Armor Enterprise Cloud

Virtual Machines

Read Server Replication

This permission allows you to view high-level data for the server replication (disaster recovery) add-on product. Specifically, this permission allows you to view:

  • The status of the add-on product (configuring, enabled, disabled)

  • The location of the primary data center

  • The location of the failover data center

  • The status of the replication

  • Armor Enterprise Cloud

Virtual Machines

Write Server Replication

This permission allows you to order and cancel the server replication add-on product.

  • Armor Enterprise Cloud

Virtual Machines

Read Tasks

This permission allows you to view pending tasks, such as a scheduled delete or downsize of a virtual machine.

  • Armor Enterprise Cloud

Virtual Machines

Write Tasks

This permission allows you to schedule a delete or downsize of a virtual machine.

  • Armor Enterprise Cloud

Virtual Machines

Read Storage

This permission allows you to view disk and storage information for a virtual machine.

  • Armor Enterprise Cloud

Virtual Machines

View Core License

This permission allows you to view the core license, which is necessary to download and install the Anywhere agent.

  • Armor Anywhere

Virtual Machines

Read Utilization

This permission allows you to export the usage for your virtual machine.

  • Armor Anywhere

IP Addresses

Read Network IP

This permission allows you to view data for unassigned and assigned public and private IP addresses

  • Armor Enterprise Cloud

IP Addresses

Write Network IP

This permission allows you to update an IP address, such as:

  • Assign an IP addresses

  • Unassign an IP addresses

  • Delete IP address

  • Request a new public IP address

  • Armor Enterprise Cloud

IP Addresses

Read Network NAT

This permission allows you to view DNAT assignments.

  • Armor Enterprise Cloud

IP Addresses

Write Network NAT

This permission allows you to add and remove DNAT assignments.

  • Armor Enterprise Cloud

L2L VPN

Read Network L2L

This permission allows you to view high-level data for your L2L network tunnels.

  • Armor Enterprise Cloud

L2L VPN

Write Network L2L

This permission allows you to add, update, and remove L2L tunnels.

  • Armor Enterprise Cloud

SSL/VPN

Read SSL VPN Devices and Users

This permission allows you to view the status of your users' SSL VPN client.

  • Armor Enterprise Cloud

SSL/VPN

Write SSL VPN Devices and User

This permission allows you to enable your users the ability to download and install the SSL VPN client.

  • Armor Enterprise Cloud

Advanced Backup

Commit Advanced Backup Restore

This permission allows you to commit a snapshot after the restoration is complete.

  • Armor Enterprise Cloud

Advanced Backup

Create Advanced Backup Policy

This permission allows you to create a new policy.

  • Armor Enterprise Cloud

Advanced Backup

Read Advanced Backup

This permission allows you to view the Advanced Backup screen.

  • Armor Enterprise Cloud

Advanced Backup

Read Advanced Backup Policy

This permission allows you to view policy information and details.

  • Armor Enterprise Cloud

Advanced Backup

Read Advanced Backup Snapshots

This permission allows you to view a list of snapshots (backups) for a virtual machine.

  • Armor Enterprise Cloud

Advanced Backup

Read Advanced Backup Vms

This permission allows you to view the virtual machines that are subscribed to Advanced Backup.

  • Armor Enterprise Cloud

Advanced Backup

Refreshed Advanced Backup Snapshots

This permission allows you to refresh the current list of available snapshots (backups) for a virtual machine.

  • Armor Enterprise Cloud

Advanced Backup

Remove Advanced Backup

This permission allows you to remove Advanced Backup from a virtual machine.

  • Armor Enterprise Cloud

Advanced Backup

Request Advanced Backup Restore

This permission allows you to initiate a restoration of a snapshot (backup).

  • Armor Enterprise Cloud

Advanced Backup

Update Advanced Backup Policy

This permission allows you to update the configurations of a policy.

  • Armor Enterprise Cloud

Advanced Backup

Write Advanced Backup

This permission allows you to create a policy.

  • Armor Enterprise Cloud

Advanced Backup

Read Advanced Backup Plans

This permission allows you to view a list of policies.

  • Armor Enterprise Cloud


Support Permissions

Screen

Permission

Description

Product compatibility

Tickets


Read Ticket(s)

This permission allows you to view support tickets listed in the View Archived Tickets section.

  • Armor Enterprise Cloud

  • Armor Anywhere

Tickets

Write Ticket(s)

This permission allows you to create, edit, respond, and share a ticket.

  • Armor Enterprise Cloud

  • Armor Anywhere

Tickets

Read Ticket Group(s)

This permission allows you to view and follow a support ticket, as well as access the Organization features of the ticket.

  • Armor Enterprise Cloud

  • Armor Anywhere

Tickets

Write Ticket Group(s)

This permission allows you to create and follow a support ticket, as well as access the Organization features of the ticket.

  • Armor Enterprise Cloud

  • Armor Anywhere


Account Permissions

Screen

Permission

Description

Product compatibility

Overview (Account screen)

Read Identity

This permission allows you to view the account-level information, such as

  • Account overview

  • Armor contacts

  • User profiles

  • Roles and permissions

  • Armor Enterprise Cloud

  • Armor Anywhere

Overview (Account screen)

Write Identity

This permission allows you to update account-level information, such as:

  • Invite and remove users

  • Create, update, and remove roles

  • Assign and unassign roles to users

  • Unlock a user after several failed login attempts

  • Armor Enterprise Cloud

  • Armor Anywhere

Overview (Account screen)

Write Account

This permission allows you to update your company profile, such as the address.

  • Armor Enterprise Cloud

  • Armor Anywhere

User Detail

Update Personal Identity

This permission allows you to update your personal account information, such as your:

  • Password

  • Challenge Phrase

  • Challenge Response

  • Armor Enterprise Cloud

  • Armor Anywhere

Cloud Connections

Read Cloud Connections

This permission allows you to view public cloud accounts that have been synced with AMP.

  • Armor Anywhere

Cloud Connections

Write Cloud Connections

This permission allows you to add a new public cloud account to sync with AMP.

  • Armor Anywhere

User Detail

Read Notification(s)

This permission allows you to view the notification preferences for your users, such as a user's preference to receive an email regarding technical updates.

  • Armor Enterprise Cloud

  • Armor Anywhere

Invoices + Payments

View Invoices

This permission allows you to view current and previous invoices.

  • Armor Enterprise Cloud

  • Armor Anywhere

Payment Methods

Read Payment Information

This permission allows you to view current payment information, such as the primary payment method.

  • Armor Enterprise Cloud

  • Armor Anywhere

Payment Methods

Update Payment Information

This permission allows you to update the payment information, such as adding a new credit card or assigning a new primary payment method

  • Armor Enterprise Cloud

  • Armor Anywhere

API Keys (Users screen)

API Keys All Read

This permission allows you to view API keys that have been created.

  • Armor Enterprise Cloud

  • Armor Anywhere

API Keys (Users screen)

API Keys All Delete

This permission allows you to delete an API key.

  • Armor Enterprise Cloud

  • Armor Anywhere

API Keys (Users screen)

API Keys Self Manange

This permission allows you to create an API key.

  • Armor Enterprise Cloud

  • Armor Anywhere

Activity

View Account Activity

This permission allows you to view the account activity for your users.

  • Armor Enterprise Cloud

  • Armor Anywhere

Sub-Accounts

View Sub-Accounts

This permission allows you to view the Sub-Accounts screen

  • Armor Anywhere

Sub-Accounts

Write Sub-Accounts

This permission allows you to create and update sub-accounts.

  • Armor Anywhere


General Permissions

Screen

Permission

Description

Product Compatibility

Not applicable

Read Entity Metadata

This permission allows you to view optional notes and tags that have been added to various AMP resources, such as a note added to a virtual machine.

  • Armor Enterprise Cloud

  • Armor Anywhere

Not applicable

Write Entity Metadata

This permission allows you to add, update, and delete optional notes and tags to various AMP resource, such as adding a note to a virtual machine.

  • Armor Enterprise Cloud

  • Armor Anywhere

Not applicable

Read Documentation

This permissions allows you to view documentation related to a particular product or screen, via the Help icon in the top right corner of the AMP screen (where applicable).

  • Armor Enterprise Cloud

  • Armor Anywhere

At a minimum, users must have the following Permission assigned to their account to access AMP:

  • Update Personal Identity

Users without this Permission will immediately be signed out of AMP upon login.


Topics Discussed

JavaScript errors detected

Please note, these errors can depend on your browser setup.

If this problem persists, please contact our support.