Permission sets provide a mechanism for controlling the operations that can be performed by a user or user group. You can:

  • Set permissions for a partner user or a client user independent of their profile.
  • Restrict activities using the permission values for each permission type.
  • Authorize access according to role.

The PERMISSION SETS window displays the list of available permission sets, by Name, and the operational areas that support access control.

Permission Sets

For each permission set-operational area, the icons have the following significance:

  • The eye icon indicates view permission only.
  • The pencil icon indicates permission to view and manage.

Create a permission set

When you add a permission set, you are presented with a list of areas that have permissions associated with them. Choose the permission you want to be in your permission set and the permission level for each permission.

  1. Select Setup > Account > Permission Sets.

  2. Click +Add.

  3. In the Scope field, choose Partner or Client user applicability of the permission, and

    • For partner scope, enter a permission Name.
    • For client scope, in the Client field, choose EVERYONE or a specific client and enter a permission Name.
  4. Enter a description for your permission set.

  5. In the Permissions section, for each access-controlled area that you want to be part of this permission set, select the permission you want to allow.

  6. Click Save.

The following is general usage information:

Delete a permission set

You cannot delete the default Administrator or User users.

  1. Select Setup > Account > Permission Sets.
  2. Select one or more named permission set you want to delete.
  3. Click Remove.
  4. Click Yes to confirm you want to permanently delete the permission sets.

Permissions reference

The permission listing differs depending on partner or client scope.
Notes

  • The permission listings in the following table are mentioned in the order of the authorization level, from the highest to the least access levels.
  • A user with the highest permission level can access and perform all the actions that are available within each permission set.
Permission TypePermission Value
AdministrationAdministration - Allows access to the Setup tab.
AlertsManage - Allows view and manage access to:
  • Alert list and alert report pages
  • Alerts processing
View - Allows access to:
  • View details for a given alert
  • Alert list page
A user with Manage permission can also perform the actions available with the View permission.
Clients (Partner-level)Client Manage - Allows you to manage a client.
Client Create - Allows you to create a new client.
Client Edit - Allows you to edit client details.
Client View - Allows you to view the client information.
A user with Manage permission can also perform the actions available with Create, Edit, and View permissions.
Cloud ManagementPower Cycle - Allows you to Stop, Start, and Restart instances.
Launch Instances - Allows to create new instances in the cloud account.
A user with Power Cycle permission can also perform the actions available with the Launch Instances permissions.
Management Profile ManageManage - Allows access to view, create, and edit the existing gateway profile.
View - Allows access to the Setup tab and to view the services gateway remotely.
A user with Manage permission can also perform the actions available with the View permission.
CommandsAllow to run commands - Permits users to run commands.
CredentialsManage - Allows access to manage the existing credential sets.
Create - Create a new credential set. To create a new credential set, you should have access to the All Devices option.
Edit - Edit a credential set.
View - View all the credential sets, including the passwords.
A user with Manage permission can also perform the actions available with Create, Edit, and View permissions.
Custom AttributesManage - Allows you to control the users who can manage the custom attributes.
Create - Allows users to create custom attributes.
View - Allows users to only view the custom attributes.
A user with Manage permission can also perform the actions available with Create, and View permissions.
DashboardsView Dashboard - Allows users to only view a dashboard. The permission allows the:
  • Service provider, partner, and client users to view the Private dashboard
  • Partner and client users to view the Shared dashboards
Manage Dashboard - Allows users to view, create, edit, and delete a dashboard.
The permission allows different users (service provider, partner, and clients) to perform a different set of actions on a Private and a Shared dashboard.
See Role based dashboard permissions for detailed information about the permissions.
Dashboard Access OnlyDashboards Access Only - Allows access only to one's own Dashboard and the Shared Dashboard.
The user should also have either the View Dashboard or Manage Dashboard permission along with the Dashboards Access only permission.
If this permission is enabled, the users can only access the Dashboards tab and cannot access any other feature.
To view the details populated using widgets in the Dashboard, users must configure the permissions required for each widget.
See Role based dashboard permissions for detailed information about the permissions.
DevicesManage - Allows access to:
  • Setup
  • Device groups
  • Discovery and deployment
  • Admin console parameters
  • Network device credentials setup
  • Network device configuration backup schedules setup
  • Network device configuration backups pages setup
  • Add a device to a maintenance window
  • Delete or stop managing the device
Create - Allows access to infrastructure, device listing page, where you can:
  • Add a device
  • Import devices
  • Add virtualized, storage, UCS and cloud providers-based infrastructure
Edit - Allows access to edit device details in the infrastructure.
View - Allows access to devices under:
  • Infrastructure and Dashboard tab
  • View hardware, application, and patches information on the device details page
A user with Manage permission can also perform the actions available with Create, Edit, and View permissions.
Device Monitor Template ConfigurationApply Templates permission - Allows the user to Assign/Unassign templates and monitors.
Customize Templates - Allows the user to edit monitors and change the thresholds at device level.
A user with Customize permission can also perform the actions available with Apply permissions.
Gateway FirmwareAllow Gateway Firmware Update - Allows the user to update the gateway firmware.
IntegrationManage Integration - Allows users to manage various integration services:
  • Install
  • Bulk uninstall
  • Regenerate secret/token
  • Revoke access token
  • Delete keypair
  • Disable
Edit Integration - Allows users to edit the details of the configured integrations. For example, update mapping inbound attributes and integration events.
View Integration - Allows users to view the Integration tab and details of the configured integrations. For example, Integration Audit Logs and Authentication Details except for secret/token.
A user with Manage permission can also perform the actions available with Edit and View permissions.
JobsManage - Allows access to:
  • Create a job
  • Edit a job
  • Delete a job
  • Run a job immediately using the Run Now option
View - Allows access to the Automation tab.
A user with Manage permission can also perform the actions available with the View permission.
Knowledge BaseManage - Allows users to move an article, and also create, edit, and delete the:
  • Knowledge base
  • Category
  • Article
  • Template
Edit - Allows users to edit the knowledge base.
View - Allows users to view, rate, comment, like, and share an article.
A user with Manage permission can also perform the actions available with Edit, and View permissions.
MetricsManage - Allows users to create metrics.
MonitorsManage - Allows access to:
  • Assign monitoring templates to devices
  • Change threshold and alert conditions for each monitor
  • Create and edit entries in the Setup tab
Create and Edit - Allows access to create and view the templates and monitors applied on a given device in the infrastructure.
Customize - Allows access to:
  • Change threshold and alert conditions for each monitor
  • Create and edit entries in the Setup tab
View - Allows access to view the templates and monitors applied on a given device in the infrastructure.
A user with Manage permission can also perform the actions available with Create and Edit, Customize, and View permissions.
OpsQOpsQ Manage - Allows you to create, edit, or delete the alert policies for:
  • Alert Enrichment
  • Alert Correlation
  • First Response
  • Alert Escalation
  • Alert Prediction
Using this permission, you can manage all the alert policies in your tenant.

OpsQ View - Allows you to view the alert policies for:

  • Alert Enrichment
  • Alert Correlation
  • First Response
  • Alert Escalation
  • Alert Prediction
Using this permission, you can only view the policies of other users.
A user with Manage permission can also perform the actions available with the View permission.

Patch ApprovalsManage - Allows access to:
  • Patch management in the Automation tab
  • Patch configuration page where users can create, edit, and delete a patch install job
  • Patch approval pages, where one can approve patches for a set of devices
View - Allows access to:
  • Patch management in the Automation tab
  • View the patch status
  • View the configured patch install jobs under patch configuration page
A user with Manage permissions can also perform the actions in the View permission. Additionally the user can create/edit DeviceGroups and WSUS enable & disable settings.
Process AutomationManage - Allows users to create and view the process automation artifacts.
View - Allows only to view the process automation artifacts.
A user with Manage permission can also perform the actions available with the View permission.
ProjectsManage - Allows users to manage projects.
View - Allows users to view projects.
A user with Manage permission can also perform the actions available with the View permission.
Recording AuditAll Recordings Play, Search, Edit - Users can play, search, and edit notes for all recordings. Users cannot delete any recordings.
My Recordings Play, Search, Edit - Users can play, search, and edit their recordings only and not any other user recordings.
Play, Search All Recordings - Users can play the recording and search for a recording.
A user with All Recordings Play, Search, Edit permission can also perform the actions available with the other recording permissions.
ReportsManage - Allows users to manage, create, edit, delete, and view the reports.
View - Allows access to view the Reports.
A user with Manage permission can also perform the actions available with the View permission.
RolesManage - Allows access to view, create, and delete roles.
View - Allows access to view the defined roles in the Setup tab.
A user with Manage permission can also perform the actions available with the View permission.
Scheduled MaintenanceManage Scheduled Maintenance - Allows users to view, manage, create, edit, and delete scheduled maintenance.
View Scheduled Maintenance - Allows users to view scheduled maintenance.
A user with Manage permission can also perform the actions available with the View permission.
Change RequestManage - Allows users to manage, create, edit, delete, and view the change request.
Create - Allows users to create, edit, and view the change request.
Edit - Allows users to edit and view the change request.
View - Allows users to view the change request.
A user with Manage permission can also perform the actions available with Create, Edit, and View permissions.
IncidentManage - Allows users to manage, create, edit, delete, and view incidents.
Create - Allows users to create, edit, and view incidents.
Edit - Allows users to edit and view incidents.
View - Allows users to view incidents.
A user with Manage permission can also perform the actions available with Create, Edit, and View permissions.
ProblemManage - Allows users to manage, create, edit, delete, and view the problem.
Create - Allows users to create, edit, and view the problem.
Edit - Allows users to edit and view the problem.
View - Allows users to view the problem.
A user with Manage permission can also perform the actions available with Create, Edit, and View permissions.
Service RequestManage - Allows users to manage, create, edit, delete, and view service desk requests.
Create - Allows users to create, edit, and view service desk requests.
Edit - Allows users to edit and view service desk requests.
View - Allows users to view service desk requests.
A user with Manage permission can also perform the actions available with Create, Edit, and View permissions.
Task RequestManage - Allows users to manage, create, edit, delete, and view task requests.
Create - Allows users to create, edit, and view task requests.
Edit - Allows users to edit and view task requests.
View - Allows users to view task requests.
A user with Manage permission can also perform the actions available with Create, Edit, and View permissions.
Time Bound RequestManage - Allows users to:
  • View request details
  • Create requests for:
    • Existing partner and client
    • Existing partner and new client
    • New partner and new client
  • Edit time-bound request
Create - Allows users to create, edit, and view time-bound requests from the Service Desk menu.
Edit - Allows users to view and edit time-bound requests.
View - Allows users to view time-bound requests.
Note: Allows users to manage, create, delete, edit, and view time-bound requests, if they have the service desk manage permission.
A user with Manage permission can also perform the actions available with Create, Edit, and View permissions.
Service CatalogManage - Allows users to view, create provisioning policies, service catalogs, and provisioning workflows.
View - Allows users to view service catalog management in the Setup tab.
A user with Manage permission can also perform the actions available with the View permission.
Service Order (Partner-level)Manage Service Order - Allows users to manage the service order.
Create Service Order - Allows users to create a service order.
Edit Service Order - Allows users to edit the service order.
Delete Service Order - Allows users to delete a service order.
View Service Order - Allows users to view the service order.
A user with Manage permission can also perform the actions available with Create, Edit, Delete, and View permissions.
Service DeskManage - Allows users to manage, create, edit, delete, and view the service desk.
Create - Allows users to create, edit, and view the service desk.
Edit - Allows users to edit and view the service desk.
View - Allows users to view the service desk.
A user with Manage permission can also perform the actions available with Create, Edit, and View permissions.
ScriptsManage - Allows users to schedule a given script on a set of devices or to run the script immediately using the Run Now option.
View - Allows access to scripts page in the Automation tab, also allows access to view the list of scripts available, and the scripts scheduled on devices.
A user with Manage permission can also perform the actions available with the View permission.
TracesTraces View - Allows users to view traces.
UsersManage - Allows access to create, edit and deactivate users, user groups, and roles.
Create - Allows access to create users.
View - Allows access to view the existing users in the Setup tab.
A user with Manage permission can also perform the actions available with the Create and View permissions.

Role based dashboard permissions

The Role based dashboard permissions are applicable to both the Classic Dashboard and Dashboard 2.0 versions.

Service provider users - private dashboard

The following table provides information about the actions that a service provider user can perform with dashboard and admin permissions on a private dashboard:

UserDashboard PermissionAdmin PermissionActions
Service providerViewYesNone
Service providerViewNoNone
Note: If a user with Manage permission previously created a dashboard and now has View permission, they can still view the private dashboard that was created previously.
Service providerManageYes
  • View
  • Create
  • Edit
  • Delete
Service providerManageNo
  • View
  • Create
  • Edit
  • Delete
Service providerNone-No Access

Service provider users - shared dashboard

The following table provides information about the actions that a service provider user can perform with dashboard and admin permissions on a shared dashboard:

UserDashboard PermissionAdmin PermissionActions
Service providerViewYes
  • View
  • Edit
  • Delete
Service providerViewNoView
Service providerManageYes
  • View
  • Edit
  • Delete
Service providerManageNoView
Service providerNone-No Access

Partner users - private dashboard

The following table provides information about the actions that a partner user can perform with dashboard and admin permissions on a private dashboard:

UserDashboard PermissionAdmin PermissionActions
Partner usersViewYesNone
Partner usersViewNoNone
Note: If a user with Manage permission previously created a dashboard and now has View permission, they can still view the private dashboard that was created previously.
Partner usersManageYes
  • View
  • Create
  • Edit
  • Delete
Partner usersManageNo
  • View
  • Create
  • Edit
  • Delete
Partner usersNone-No Access

Partner users - shared dashboard

The following table provides information about the actions that a partner user can perform with dashboard and admin permissions on a shared dashboard:

UserDashboard PermissionAdmin PermissionActions
Partner usersViewYes
  • View
  • Edit
  • Delete
Partner usersViewNoView
Partner usersManageYes
  • View
  • Edit
  • Delete
Partner usersManageNoView
Partner usersNone-No Access

Client users - private dashboard

The following table provides information about the actions that a client user can perform with dashboard and admin permissions on a private dashboard:

UserDashboard PermissionAdmin PermissionActions
Client usersViewYesNone
Client usersViewNoNone
Note: If a user with Manage permission previously created a dashboard and now has View permission, they can still view the private dashboard that was created previously.
Client usersManageYes
  • View
  • Create
  • Edit
  • Delete
Client usersManageNo
  • View
  • Create
  • Edit
  • Delete
Client usersNone-No Access

Client users - shared dashboard

The following table provides information about the actions that a client user can perform with dashboard and admin permissions on a shared dashboard:

UserDashboard PermissionAdmin PermissionActions
Client usersViewYes
  • View
  • Edit
  • Delete
Client usersViewNoView
Client usersManageYes
  • View
  • Edit
  • Delete
Client usersManageNoView
Client usersNone-No Access