Permission Sets

Permission sets provide a mechanism for controlling the operations that can be performed by a user or user group. You can:

Set permissions for a partner user or a client user independent of their profile.
Restrict activities using the permission values for each permission type.
Authorize access according to role.

The PERMISSION SETS window displays the list of available permission sets, by Name, and the operational areas that support access control.

For each permission set-operational area, the icons have the following significance:

The eye icon indicates view permission only.
The pencil icon indicates permission to view and manage.

Create a permission set

When you add a permission set, you are presented with a list of areas that have permissions associated with them. Choose the permission you want to be in your permission set and the permission level for each permission.

Select Setup > Account > Permission Sets.
Click +Add.
In the Scope field, choose Partner or Client user applicability of the permission, and
- For partner scope, enter a permission Name.
- For client scope, in the Client field, choose EVERYONE or a specific client and enter a permission Name.
Enter a description for your permission set.
In the Permissions section, for each access-controlled area that you want to be part of this permission set, select the permission you want to allow.
Click Save.

The following is general usage information:

Delete a permission set

You cannot delete the default Administrator or User users.

Select Setup > Account > Permission Sets.
Select one or more named permission set you want to delete.
Click Remove.
Click Yes to confirm you want to permanently delete the permission sets.

Permissions reference

The permission listing differs depending on partner or client scope.
Notes

The permission listings in the following table are mentioned in the order of the authorization level, from the highest to the least access levels.
A user with the highest permission level can access and perform all the actions that are available within each permission set.

Permission Type	Permission Value
Administration	Administration - Allows access to the Setup tab.
Alerts	Manage - Allows view and manage access to: Alert list and alert report pages Alerts processing View - Allows access to: View details for a given alert Alert list page A user with Manage permission can also perform the actions available with the View permission.
Clients (Partner-level)	Client Manage - Allows you to manage a client. Client Create - Allows you to create a new client. Client Edit - Allows you to edit client details. Client View - Allows you to view the client information. A user with Manage permission can also perform the actions available with Create, Edit, and View permissions.
Cloud Management	Power Cycle - Allows you to Stop, Start, and Restart instances. Launch Instances - Allows to create new instances in the cloud account. A user with Power Cycle permission can also perform the actions available with the Launch Instances permissions.
Management Profile Manage	Manage - Allows access to view, create, and edit the existing gateway profile. View - Allows access to the Setup tab and to view the services gateway remotely. A user with Manage permission can also perform the actions available with the View permission.
Commands	Allow to run commands - Permits users to run commands.
Credentials	Manage - Allows access to manage the existing credential sets. Create - Create a new credential set. To create a new credential set, you should have access to the All Devices option. Edit - Edit a credential set. View - View all the credential sets, including the passwords. A user with Manage permission can also perform the actions available with Create, Edit, and View permissions.
Custom Attributes	Manage - Allows you to control the users who can manage the custom attributes. Create - Allows users to create custom attributes. View - Allows users to only view the custom attributes. A user with Manage permission can also perform the actions available with Create, and View permissions.
Dashboards	View Dashboard - Allows users to only view a dashboard. The permission allows the: Service provider, partner, and client users to view the Private dashboard Partner and client users to view the Shared dashboards Manage Dashboard - Allows users to view, create, edit, and delete a dashboard. The permission allows different users (service provider, partner, and clients) to perform a different set of actions on a Private and a Shared dashboard. See Role based dashboard permissions for detailed information about the permissions.
Dashboard Access Only	Dashboards Access Only - Allows access only to one's own Dashboard and the Shared Dashboard. The user should also have either the View Dashboard or Manage Dashboard permission along with the Dashboards Access only permission. If this permission is enabled, the users can only access the Dashboards tab and cannot access any other feature. To view the details populated using widgets in the Dashboard, users must configure the permissions required for each widget. See Role based dashboard permissions for detailed information about the permissions.
Devices	Manage - Allows access to: Setup Device groups Discovery and deployment Admin console parameters Network device credentials setup Network device configuration backup schedules setup Network device configuration backups pages setup Add a device to a maintenance window Delete or stop managing the device Create - Allows access to infrastructure, device listing page, where you can: Add a device Import devices Add virtualized, storage, UCS and cloud providers-based infrastructure Edit - Alows access to edit device details in the infrastructure. View - Allows access to devices under: Infrastructure and Dashboard tab View hardware, application, and patches information on the device details page A user with Manage permission can also perform the actions available with Create, Edit, and View permissions.
Device Monitor Template Configuration	Apply Templates permission - Allows the user to Assign/Unassign templates and monitors. Customize Templates - Allows the user to edit monitors and change the thresholds at device level. A user with Customize permission can also perform the actions available with Apply permissions.
Gateway Firmware	Allow Gateway Firmware Update - Allows the user to update the gateway firmware.
Integration	Manage Integration - Allows users to manage various integration services: Install Bulk uninstall Regenerate secret/token Revoke access token Delete keypair Disable Edit Integration - Allows users to edit the details of the configured integrations. For example, update mapping inbound attributes and integration events. View Integration - Allows users to view the Integration tab and details of the configured integrations. For example, Integration Audit Logs and Authentication Details except for secret/token. A user with Manage permission can also perform the actions available with Edit and View permissions.
Jobs	Manage - Allows access to: Create a job Edit a job Delete a job Run a job immediately using the Run Now option View - Allows access to the Automation tab. A user with Manage permission can also perform the actions available with the View permission.
Knowledge Base	Manage - Allows users to move an article, and also create, edit, and delete the: Knowledge base Category Article Template Edit - Allows users to edit the knowledge base. View - Allows users to view, rate, comment, like, and share an article. A user with Manage permission can also perform the actions available with Edit, and View permissions.
Metrics	Manage - Allows users to create metrics.
Monitors	Manage - Allows access to: Assign monitoring templates to devices Change threshold and alert conditions for each monitor Create and edit entries in the Setup tab Create and Edit - Allows access to create and view the templates and monitors applied on a given device in the infrastructure. Customize - Allows access to: Change threshold and alert conditions for each monitor Create and edit entries in the Setup tab View - Allows access to view the templates and monitors applied on a given device in the infrastructure. A user with Manage permission can also perform the actions available with Create and Edit, Customize, and View permissions.
My Profile	My Profile Edit - Allows you to edit your profile details.
Network Configuration Management	None - The Configuration Backup tab (in Infrastructure → Resources → Network Device → Device) is not visible to the user. View NCM - User can access the Configuration Backup tab, view Date Created, Config Type details, and View and Download options under Actions. Manage NCM - User can access the Configuration Backup tab, view Date Created, Config Type, and View and Download, and Set as baseline (can set baseline) options under Actions. Approve NCM - User can access the Configuration Backup tab, view Date Created, Config Type, and View and Download, and Set as baseline (can set baseline) options under Actions. User can access Network Configuration under Configuration Management and can approve and reject tasks in the COMPLIANCE tab.
Network Performance Management	None - The Net Flows under Infrastructure is not visible to the user. NPM View - The Net Flows under Infrastructure is accessible to the user. The user can perform all actions except configuring net flows. NPM Manage - The Net Flows under Infrastructure is accessible to the user. The user can perform all actions and configure net flows.
OpsQ	OpsQ Manage - Allows you to create, edit, or delete the alert policies for: Alert Enrichment Alert Correlation First Response Alert Escalation Alert Prediction Using this permission, you can manage all the alert policies in your tenant. OpsQ View - Allows you to view the alert policies for: Alert Enrichment Alert Correlation First Response Alert Escalation Alert Prediction Using this permission, you can only view the policies of other users. A user with Manage permission can also perform the actions available with the View permission.
Patch Approvals	Manage - Allows access to: Patch management in the Automation tab Patch configuration page where users can create, edit, and delete a patch install job Patch approval pages, where one can approve patches for a set of devices View - Allows access to: Patch management in the Automation tab View the patch status View the configured patch install jobs under patch configuration page A user with Manage permissions can also perform the actions in the View permission. Additionally the user can create/edit DeviceGroups and WSUS enable & disable settings.
Process Automation	Manage - Allows users to create and view the process automation artifacts. View - Allows only to view the process automation artifacts. A user with Manage permission can also perform the actions available with the View permission.
Projects	Manage - Allows users to manage projects. View - Allows users to view projects. A user with Manage permission can also perform the actions available with the View permission.
Recording Audit	All Recordings Play, Search, Edit - Users can play, search, and edit notes for all recordings. Users cannot delete any recordings. My Recordings Play, Search, Edit - Users can play, search, and edit their recordings only and not any other user recordings. Play, Search All Recordings - Users can play the recording and search for a recording. A user with All Recordings Play, Search, Edit permission can also perform the actions available with the other recording permissions.
Reports	Manage - Allows users to manage, create, edit, delete, and view the reports. View - Allows access to view the Reports. A user with Manage permission can also perform the actions available with the View permission.
Roles	Manage - Allows access to view, create, and delete roles. View - Allows access to view the defined roles in the Setup tab. A user with Manage permission can also perform the actions available with the View permission.
Scheduled Maintenance	Manage Scheduled Maintenance - Allows users to view, manage, create, edit, and delete scheduled maintenance. View Scheduled Maintenance - Allows users to view scheduled maintenance. A user with Manage permission can also perform the actions available with the View permission.
Change Request	Manage - Allows users to manage, create, edit, delete, and view the change request. Create - Allows users to create, edit, and view the change request. Edit - Allows users to edit and view the change request. View - Allows users to view the change request. A user with Manage permission can also perform the actions available with Create, Edit, and View permissions.
Incident	Manage - Allows users to manage, create, edit, delete, and view incidents. Create - Allows users to create, edit, and view incidents. Edit - Allows users to edit and view incidents. View - Allows users to view incidents. A user with Manage permission can also perform the actions available with Create, Edit, and View permissions.
Problem	Manage - Allows users to manage, create, edit, delete, and view the problem. Create - Allows users to create, edit, and view the problem. Edit - Allows users to edit and view the problem. View - Allows users to view the problem. A user with Manage permission can also perform the actions available with Create, Edit, and View permissions.
Service Request	Manage - Allows users to manage, create, edit, delete, and view service desk requests. Create - Allows users to create, edit, and view service desk requests. Edit - Allows users to edit and view service desk requests. View - Allows users to view service desk requests. A user with Manage permission can also perform the actions available with Create, Edit, and View permissions.
Task Request	Manage - Allows users to manage, create, edit, delete, and view task requests. Create - Allows users to create, edit, and view task requests. Edit - Allows users to edit and view task requests. View - Allows users to view task requests. A user with Manage permission can also perform the actions available with Create, Edit, and View permissions.
Time Bound Request	Manage - Allows users to: View request details Create requests for: Existing partner and client Existing partner and new client New partner and new client Edit time-bound request Create - Allows users to create, edit, and view time-bound requests from the Service Desk menu. Edit - Allows users to view and edit time-bound requests. View - Allows users to view time-bound requests. Note: Allows users to manage, create, delete, edit, and view time-bound requests, if they have the service desk manage permission. A user with Manage permission can also perform the actions available with Create, Edit, and View permissions.
Service Catalog	Manage - Allows users to view, create provisioning policies, service catalogs, and provisioning workflows. View - Allows users to view service catalog management in the Setup tab. A user with Manage permission can also perform the actions available with the View permission.
Service Order (Partner-level)	Manage Service Order - Allows users to manage the service order. Create Service Order - Allows users to create a service order. Edit Service Order - Allows users to edit the service order. Delete Service Order - Allows users to delete a service order. View Service Order - Allows users to view the service order. A user with Manage permission can also perform the actions available with Create, Edit, Delete, and View permissions.
Service Desk	Manage - Allows users to manage, create, edit, delete, and view the service desk. Create - Allows users to create, edit, and view the service desk. Edit - Allows users to edit and view the service desk. View - Allows users to view the service desk. A user with Manage permission can also perform the actions available with Create, Edit, and View permissions.
Scripts	Manage - Allows users to schedule a given script on a set of devices or to run the script immediately using the Run Now option. View - Allows access to scripts page in the Automation tab, also allows access to view the list of scripts available, and the scripts scheduled on devices. A user with Manage permission can also perform the actions available with the View permission.
Traces	Traces View - Allows users to view traces.
Users	Manage - Allows access to create, edit and deactivate users, user groups, and roles. Create - Allows access to create users. View - Allows access to view the existing users in the Setup tab. A user with Manage permission can also perform the actions available with the Create and View permissions.

Role based dashboard permissions

The Role based dashboard permissions are applicable to both the Classic Dashboard and Dashboard 2.0 versions.

Service provider users - private dashboard

The following table provides information about the actions that a service provider user can perform with dashboard and admin permissions on a private dashboard:

User	Dashboard Permission	Admin Permission	Actions
Service provider	View	Yes	None
Service provider	View	No	None
Note: If a user with Manage permission previously created a dashboard and now has View permission, they can still view the private dashboard that was created previously.
Service provider	Manage	Yes	View Create Edit Delete
Service provider	Manage	No	View Create Edit Delete
Service provider	None	-	No Access

Service provider users - shared dashboard

Note

The information provided in the Service provider users - shared dashboard is only applicable to Classic Dashboard.
A Service Provider user cannot share a dashboard in Dashboard 2.0 version.

The following table provides information about the actions that a service provider user can perform with dashboard and admin permissions on a shared dashboard:

User	Dashboard Permission	Admin Permission	Actions
Service provider	View	Yes	View Edit Delete
Service provider	View	No	View
Service provider	Manage	Yes	View Edit Delete
Service provider	Manage	No	View
Service provider	None	-	No Access

Partner users - private dashboard

The following table provides information about the actions that a partner user can perform with dashboard and admin permissions on a private dashboard:

User	Dashboard Permission	Admin Permission	Actions
Partner users	View	Yes	None
Partner users	View	No	None
Note: If a user with Manage permission previously created a dashboard and now has View permission, they can still view the private dashboard that was created previously.
Partner users	Manage	Yes	View Create Edit Delete
Partner users	Manage	No	View Create Edit Delete
Partner users	None	-	No Access

Partner users - shared dashboard

The following table provides information about the actions that a partner user can perform with dashboard and admin permissions on a shared dashboard:

User	Dashboard Permission	Admin Permission	Actions
Partner users	View	Yes	View Edit Delete
Partner users	View	No	View
Partner users	Manage	Yes	View Edit Delete
Partner users	Manage	No	View
Partner users	None	-	No Access

Client users - private dashboard

The following table provides information about the actions that a client user can perform with dashboard and admin permissions on a private dashboard:

User	Dashboard Permission	Admin Permission	Actions
Client users	View	Yes	None
Client users	View	No	None
Note: If a user with Manage permission previously created a dashboard and now has View permission, they can still view the private dashboard that was created previously.
Client users	Manage	Yes	View Create Edit Delete
Client users	Manage	No	View Create Edit Delete
Client users	None	-	No Access

Client users - shared dashboard

The following table provides information about the actions that a client user can perform with dashboard and admin permissions on a shared dashboard:

User	Dashboard Permission	Admin Permission	Actions
Client users	View	Yes	View Edit Delete
Client users	View	No	View
Client users	Manage	Yes	View Edit Delete
Client users	Manage	No	View
Client users	None	-	No Access