.png?sv=2022-11-02&spr=https&st=2024-11-06T03%3A15%3A25Z&se=2024-11-06T03%3A25%3A25Z&sr=c&sp=r&sig=t8SEbysoOJiA50qxTmwdLwpesmJVAaxtRBGTAyINtlw%3D){kind=logo}
Roles
- 05 Nov 2024
-
DarkLight
-
PDF
Roles
- Updated on 05 Nov 2024
-
DarkLight
-
PDF
Article summary
Did you find this summary helpful?
Thank you for your feedback
This section documents all roles available for assignment in Itential Cloud Portal. It is organized by role collection and, when relevant, affected application.
Roles determine what a user or a Service Account have the rights to do inside Itential Cloud and its licensable components.
To read how Itential Cloud uses roles to govern permissions, refer to Groups.
Cloud API
Roles in the Cloud API collection govern permissions related to functions of the Itential Cloud Portal UI and API.
| Role | Description |
|---|---|
clusters:read |
Allows a user to view what cluster IAP instances are assigned to. |
deployments:delete |
Allows a user to delete IAP instances. |
deployments:read |
Allows a user to view and search for IAP instances. |
deployments:write |
Allows a user to create IAP instances. |
groups:read |
Allows a user to view groups. |
groups:write |
Allows a user to create, update, and delete groups. |
organizations:read |
Allows a user to retrieve license information including the current IAP instance limit. Users that do not have this role will be unable to create new IAP instances. |
*organizations:write |
N/A * |
security:read |
Allows a user to view the security information of user accounts. |
security:write |
Allows a user to edit the security permissions of user accounts. |
users:read |
Allows a user to view user accounts. |
users:write |
Allows a user to create, update, and delete user accounts. |
⚠ Roles marked with an asterisk (*) are currently non-functional as they undergo further development.
Itential Automation Service
Roles in the Itential Automation Service collection govern permissions related to functions of the Itential Automation Service UI and API.
| Role | Description |
|---|---|
cloud-automation:read |
Allows a user to view an Automation. |
cloud-automation:run |
Allows a user to run an Automation. |
cloud-certificate:read |
Allows a user to view a Certificate. |
cloud-certificate:create |
Allows a user to add a Certificate. |
cloud-certificate:delete |
Allows a user to delete a Certificate. |
cloud-gateway:read |
Allows a user to view a Gateway. |
cloud-gateway:create |
Allows a user to create a Gateway. |
cloud-gateway:update |
Allows a user to update a Gateway. |
cloud-gateway:delete |
Allows a user to delete a Gateway. |
cloud-job:read |
Allows a user to view a running or completed Automation. |
cloud-job:delete |
Allows a user to delete a completed Automation. |
cloud-schedule:read |
Allows a user to view a Schedule. |
cloud-schedule:create |
Allows a user to create a Schedule. |
cloud-schedule:update |
Allows a user to update a Schedule. |
cloud-schedule:delete |
Allows a user to delete a Schedule. |
IAP
Roles in the IAP collection govern permissions related to a specific instance of IAP.
Admin Essentials
| Role | Description |
|---|---|
adapters:delete |
Allows a user to delete adapters, integrations, and integration models. |
adapters:read |
Allows a user to view information about adapters, integrations, and integration models. |
adapters:write |
Allows a user to create and update adapters, integrations, and integration models. |
groups:read |
Allows a user to view user groups. |
indexes:read |
Allows a user to view information in Admin Essentials. |
prebuilts:delete |
Allows a user to uninstall pre-builts. |
prebuilts:read |
Allows a user to view installed pre-builts. |
prebuits:write |
Allows a user to install pre-builts. |
prebuilts:repositories:delete |
Allows a user to delete pre-built repositories. |
prebuilts:repositories:read |
Allows a user to view pre-built repositories. |
prebuilts:repositories:write |
Allows a user to create and edit pre-built repositories. |
roles:read |
Allows a user to view user roles. |
tags:delete |
Allows a user to delete tags. |
tags:read |
Allows a user to view tags. |
tags:write |
Allows a user to create and edit tags. |
users:read |
Allows a user to view user accounts. |
Automation Studio
| Role | Description |
|---|---|
forms:admin |
Allows a user to create, update, and delete form groups. |
forms:delete |
Allows a user to delete forms. |
forms:read |
Allows a user to view forms. |
forms:write |
Allows a user to create and edit forms. |
mops:delete |
Allows a user to delete command templates. |
mops:read |
Allows a user to view command templates. |
mops:run |
Allows a user to execute command templates. |
mops:write |
Allows a user to create and edit command templates. |
templates:delete |
Allows a user to delete templates. |
templates:read |
Allows a user to view templates. |
templates:write |
Allows a user to create and edit templates. |
transformations:delete |
Allows a user to delete transformations. |
transformations:read |
Allows a user to view transformations. |
transformations:write |
Allows a user to create and edit transformations. |
workflows:admin |
Grants a user full control of workflows. |
workflows:delete |
Allows a user to delete workflows. |
workflows:read |
Allows a user to view workflows. |
workflows:write |
Allows a user to create and edit workflows. |
Configuration Manager
| Role | Description |
|---|---|
compliance:read |
Allows a user to view device compliance reports. |
compliance:run |
Allows a user to run compliance checks against devices. |
configurations:read |
Allows a user to view current device configurations. |
configurations:write |
Allows a user to edit current device configurations. |
configurations:golden:delete |
Allows a user to delete golden configurations. |
configurations:golden:read |
Allows a user to view golden configurations. |
configurations:golden:write |
Allows a user to create and edit golden configurations. |
configurations:parsers:delete |
Allows a user to delete configuration parsers. |
configurations:parsers:read |
Allows a user to view configuration parsers. |
configurations:parsers:write |
Allows a user to create and edit configuration parsers. |
configurations:templates:delete |
Allows a user to delete configuration templates. |
configurations:templates:read |
Allows a user to view configuration templates. |
configurations:templates:write |
Allows a user to create and edit configuration templates. |
devices:backups:delete |
Allows a user to delete device backups. |
devices:backups:read |
Allows a user to view device backups. |
devices:backups:write |
Allows a user to create, edit, and import device backups. |
devices:groups:delete |
Allows a user to delete device groups. |
devices:groups:read |
Allows a user to view device groups. |
devices:groups:write |
Allows a user to create and edit device groups. |
devices:read |
Allows a user to view devices. |
devices:write |
Allows a user to edit devices. |
pins:delete |
Allows a user to delete pinned items. |
pins:read |
Allows a user to view pinned items. |
pins:write |
Allows a user to create and edit pinned items. |
IAP Dashboard
| Role | Description |
|---|---|
bookmarks:delete |
Allows a user to delete bookmarks. |
bookmarks:read |
Allows a user to view bookmarks. |
bookmarks:write |
Allows a user to create and edit bookmarks. |
system:read |
Allows a user to view system information about IAP. |
NSO Manager
| Role | Description |
|---|---|
nso:cdb:admin |
Allows a user to set items in NACM groups. |
nso:cdb:read |
Allows a user to execute REST queries. |
nso:cdb:write |
Allows a user to set leafs and execute REST actions. |
nso:commitqueue:read |
Allows a user to view the commit queue. |
nso:commitqueue:write |
Allows a user to edit the commit queue. |
nso:devices:read |
Allows a user to view devices. |
nso:devices:write |
Allows a user to run actions and commands on devices. |
nso:groups:read |
Allows a user to view authorization groups. |
nso:neds:read |
Allows a user to view NEDs. |
Operations Manager & Workflow Engine
| Role | Application | Description |
|---|---|---|
jobs:admin |
Operations Manager | Allows a user to create, view, update, and delete job groups. |
jobs:delete |
Operations Manager and Workflow Engine | Allows a user to cancel jobs. |
jobs:read |
Operations Manager and Workflow Engine | Allows a user to view jobs. |
jobs:write |
Operations Manager and Workflow Engine | Allows a user to create, start, and work jobs. |
tasks:admin |
Operations Manager | Grants a user full control of any tasks. |
tasks:read |
Operations Manager | Allows a user to view tasks. |
tasks:work |
Operations Manager | Allows a user to interact with actionable tasks. |
workflows:engine:read |
Workflow Engine | Allows a user to view the status of Workflow Engine. |
workflows:engine:write |
Workflow Engine | Allows a user to activate and deactivate Workflow Engine. |
workflows:triggers:delete |
Operations Manager | Allows a user to delete triggers. |
workflows:triggers:read |
Operations Manager | Allows a user to view triggers. |
workflows:triggers:write |
Operations Manager | Allows a user to create and edit triggers. |
Service Catalog & Service Catalog Builder
| Role | Application | Description |
|---|---|---|
services:instances:delete |
Service Catalog Builder | Allows a user to delete services. |
services:instances:order |
Service Catalog | Allows a user to create and invoke service orders. |
services:instances:read |
Service Catalog | Allows a user to view services. |
services:instances:write |
Service Catalog Builder | Allows a user to create and edit services. |
services:models:delete |
Service Catalog | Allows a user to delete service models. |
services:models:read |
Service Catalog | Allows a user to view service models. |
services:models:write |
Service Catalog | Allows a user to create and edit service models. |
Miscellaneous Roles
| Role | Application | Description |
|---|---|---|
AGManager:admin |
AG Manager | Allows a user to discover and interact with modules, scripts, and playbooks sourced from IAG. Users that do not have this role will not be able to view content sourced from IAG. |
cloud:config:read |
Itential Cloud Portal | Allows a user to view IAP roles available for assignment. |
cloud:config:write |
Itential Cloud Portal | Allows a user to add, remove, and update IAP roles. |
cloud:directconnect:admin |
Direct Connect | Allows a user to connect to IAG instances from IAP. Users that do not have this role will not be able to view content sourced from IAG. |
cloud:encrypt:read |
App-Encrypt | Allows a user to use encryption features in IAP. |
datasets:delete |
Data Sets | Allows a user to delete a data set export. |
datasets:read |
Data Sets | Allows a user to view and search data set exports. |
datasets:write |
Data Sets | Allows a user to create a data set export. |
search:read |
System Search | Allows a user to search for resources using the System Search feature. |
tags:assign |
Multiple | Allows a user to assign tags to resources. |
Was this article helpful?
