User permissions

The system assigns the sets of user permissions to roles. Each user account must have a role, which defines the level of access that a user has to the features in the system. For example, Administrators can create accounts, but Observers cannot.

You can assign one of the following roles to a user:

  • Security — Provides access to sensitive configurations, such as private key management, enabling and disabling the traffic capture, and configuring data confidentiality policies.
  • Administrator — Provides access to all functions of the system that are not related to security. This role exists primarily for account management purposes.
  • Operator — Provides access to all features that the Administrator role has except for account management. This role exists for device and data management purposes.
  • Observer — Provides access to the web interface, but users with this role cannot make any configuration changes other than to save or edit report settings and saved query settings. The permissions of this role are sufficient to perform day-to-day tasks.
  • Export — Provides no access to the web interface and is limited to downloading data via data export APIs.

Note

Permissions are additive. For example, Operator accounts have access to Operator and Observer functions, and Administrator accounts have access to Administrator, Operator, and Observer functions.

The sets of roles and permissions that users with these roles have, are described in the following table.

Roles and permissions matrix

 

Permission →

Role ↓

Security
settings
access

Accounts
access

Overall
configuration
access

Web
interface
access

Data
download

Security

Administrator

 

Operator

 

 

Observer

 

 

 

Export

 

 

 

 

Related topics

User-accounts-and-roles

Adding-a-local-account-on-the-Console

Using-LDAP-authentication-and-authorization

Tenant-user-roles-and-permissions

 

Tip: For faster searching, add an asterisk to the end of your partial query. Example: cert*