Permission Sets

Permission sets provide a mechanism for controlling the operations that can be performed by a user or a user group. You can:

Set permissions for a client user independent of their profile.
Restrict activities using the permission values for each permission type.
Authorize access according to the role.

Create a permission set

To create a permission set:

Click Setup. The Account Details page is displayed.
Click the Users and Permissions tile on the Account Details page. The Permission Sets page is displayed.
Click +ADD. The Add Permission page is displayed.
Under Permission Set Details, enter a Permission Set Name and a short description about the permission set.
The Permissions section has the following categories:
- Account Administration
- Collectors
- Remote Access
- Integrations and Apps
- Alerts
- Reports
- Tickets
- Knowledge Base
- Automation
- Logs
- Traces
Select the permissions you want to allow under each section.
Click Save. The permission set is created.

The following columns are available on the Permission Sets page:

Column	Description
Name	Name of the permission set
Description	A description about the permission set.
Client defined	The column displays False, if the administrator defines a permission set. The column displays True, if a client defines a permission set.

You can perform the following actions after creating a permission set:

Action	Procedure/Description
Search	To search for a permission set: Click the search icon on the Permission Sets page. Type the permission set name in the search box. The search result is displayed.
View	To view a permission set: Search for the permission set. Click the permission set name to view the details. You can also edit a permission set, if it is created by a client.
Edit	To update a permission set: Search for the permission set and click the permission set name. Make the necessary changes. Click Save. The permission set is updated. Note: You cannot edit a default permission set.
Remove	To remove a permission set: Search for the permission set. Click the action icon that appears when you hover over the permission set name, and click Remove. From the confirmation dialog box, click Remove to delete the permission set. Note: You cannot remove a default permission set.
Filter	Filter the permission sets based on who defined the permission set: Click the dropdown available at the upper-right corner. By default, the permission sets defined by the administrator and the client are displayed. Select All. The permission sets defined by the administrator and the client will be displayed. Select Not client defined. The permission sets defined by the administrator will be displayed. Select Client defined. The permission set defined by the client will be displayed.

Permissions reference

Notes

The permission listings in the following table are mentioned in the order of the authorization level, from the highest to the least access levels.
A user with the highest permission level can access and perform all the actions that are available within each permission set.

Category	Permission Type	Permission Value
Account Administration	Administration	Administration - Allows access to the Setup tab.
	Users	View - Allows access to view the existing users. A user with Manage permission can also perform the actions available with the Create and View permissions. Create - Allows access to create users. Manage - Allows access to create, edit and deactivate users, user groups, and roles.
	Roles	View - Allows access to view the defined roles. A user with Manage permission can also perform the actions available with the View permission.
	Credentials	View - View all the credential sets, including the passwords. A user with Manage permission can also perform the actions available with Create, Edit, and View permissions. Edit - Edit a credential set. Create - Create a new credential set. To create a new credential set, you should have access to the All Devices option. Manage - Allows access to manage the existing credential sets.
	Dashboards	View Dashboard - Allows access to a dashboard. Manage Dashboard - Allows the user to manage (create, edit, delete and share) a dashboard.
	Dashboards Access Only	Allows access only to one's own Dashboard and the Shared Dashboard. If this permission is enabled, the users cannot access other features. To view the details populated using widgets in the Dashboard, users must configure the permissions required for each widget. A user with Access permission can also perform the actions available with View permissions.
	Scheduled Maintenance	View - Allows users to view scheduled maintenance. A user with Manage permission can also perform the actions available with the View permission. Manage - Allows users to view, manage, create, edit, and delete scheduled maintenance.
	Metrics	Manage - Allows users to create metrics.
	Device	View - Allows access to devices under: Infrastructure and Dashboard tab View hardware, application, and patches information on the device details page A user with Manage permission can also perform the actions available with Create, Edit, and View permissions. Edit - Allows access to edit device details in the infrastructure. Create - Allows access to infrastructure, device listing page, where you can: Add a device Add virtualized, storage, UCS and cloud providers-based infrastructure Manage - Allows access to: Setup Device groups Network device credentials setup Add a device to a maintenance window Delete or stop managing the device
	Custom Attributes	View - Allows users to only view the custom attributes. A user with Manage permission can also perform the actions available with Create, and View permissions. Create - Allows users to create custom attributes. Manage - Allows you to control the users who can manage the custom attributes.
Collectors	Gateway Firmware	Allow Update - Allows the user to update the gateway firmware.
	Management Profile	View - Allows access to the Setup tab and to view the services gateway remotely. A user with Manage permission can also perform the actions available with the View permission. Manage - Allows access to view, create, and edit the existing gateway profile.
Remote Access	Console Launch	View - Allows remote access to devices from the Infrastructure tab. A user with Manage permission can also perform the actions available with the View permission. Manage - Allows users to view, create and edit console options from the Infrastructure tab.
	Commands	Allow to run - Permits users to run commands.
Integrations and Apps	Monitors	View - Allows access to view the templates and monitors applied on a given device in the infrastructure. A user with Manage permission can also perform the actions available with Create and Edit, Customize, and View permissions. Customize - Allows access to: Change threshold and alert conditions for each monitor Create and edit entries in the Setup tab Create and Edit - Allows access to create and view the templates and monitors applied on a given device in the infrastructure. Manage - Allows access to: Assign monitoring templates to devices Change threshold and alert conditions for each monitor Create and edit entries in the Setup tab
	Integration	View - Allows users to view the Integration tab and details of the configured integrations. For example, Integration Audit Logs and Authentication Details except for secret/token. A user with Manage permission can also perform the actions available with Edit and View permissions. Edit - Allows users to edit the details of the configured integrations. For example, update mapping inbound attributes and integration events. Manage - Allows users to manage various integration services: Install Bulk uninstall Regenerate secret/token Revoke access token Delete keypair Disable
	Monitor Templates	Customize - Allows the user to edit monitors and change the thresholds at device level. A user with Customize permission can also perform the actions available with Apply permissions. Apply - Allows the user to Assign/Unassign templates and monitors.
	Cloud Management	Power Cycle - Allows you to Stop, Start, and Restart instances. Power Cycle and Launch Instances - Allows to create new instances in the cloud account. A user with Power Cycle permission can also perform the actions available with the Launch Instances permissions. Stream View - ___
Alerts	Alerts	View - Allows access to: View details for a given alert Alert list page A user with Manage permission can also perform the actions available with the View permission. Manage - Allows view and manage access to: Alert list and alert report pages Alerts processing
	OpsQ	View - Allows you to view the alert policies for: Alert Enrichment Alert Correlation First Response Alert Escalation Alert Prediction Using this permission, you can only view the policies of other users. A user with Manage permission can also perform the actions available with the View permission. Manage - Allows you to create, edit, or delete the alert policies for: Alert Enrichment Alert Correlation First Response Alert Escalation Alert Prediction Using this permission, you can manage all the alert policies in your tenant.
Reports	Reports	View - Allows access to view the Reports. A user with Manage permission can also perform the actions available with the View permission. Manage - Allows users to manage, create, edit, delete, and view the reports.
Tickets	Incident	View - Allows users to view incidents. A user with Manage permission can also perform the actions available with Create, Edit, and View permissions. Edit - Allows users to edit and view incidents. Create - Allows users to create, edit, and view incidents. Manage - Allows users to manage, create, edit, delete, and view incidents.
	Change Request	View - Allows users to view the change request. A user with Manage permission can also perform the actions available with Create, Edit, and View permissions. Edit - Allows users to edit and view the change request. Create - Allows users to create, edit, and view the change request. Manage - Allows users to manage, create, edit, delete, and view the change request.
	Problem	View - Allows users to view the problem. A user with Manage permission can also perform the actions available with Create, Edit, and View permissions. Edit - Allows users to edit and view the problem. Create - Allows users to create, edit, and view the problem. Manage - Allows users to manage, create, edit, delete, and view the problem.
	Projects	View - Allows users to view projects. A user with Manage permission can also perform the actions available with the View permission. Manage - Allows users to manage projects.
	Service Catalog	View - Allows users to view service catalog management in the Setup tab. A user with Manage permission can also perform the actions available with the View permission. Manage - Allows users to view, create provisioning policies, service catalogs, and provisioning workflows.
	Service Desk	View - Allows users to view the service desk. A user with Manage permission can also perform the actions available with Create, Edit, and View permissions. Edit - Allows users to edit and view the service desk. Create - Allows users to create, edit, and view the service desk. Manage - Allows users to manage, create, edit, delete, and view the service desk.
	Service Request	View - Allows users to view service desk requests. A user with Manage permission can also perform the actions available with Create, Edit, and View permissions. Edit - Allows users to edit and view service desk requests. Create - Allows users to create, edit, and view service desk requests. Manage - Allows users to manage, create, edit, delete, and view service desk requests.
	Task Request	View - Allows users to view task requests. A user with Manage permission can also perform the actions available with Create, Edit, and View permissions. Edit - Allows users to edit and view task requests. Create - Allows users to create, edit, and view task requests. Manage - Allows users to manage, create, edit, delete, and view task requests.
	Time-Bound Request	View - Allows users to view time-bound requests. Note: Allows users to manage, create, delete, edit, and view time-bound requests, if they have the service desk manage permission. A user with Manage permission can also perform the actions available with Create, Edit, and View permissions. Edit - Allows users to view and edit time-bound requests. Create - Allows users to create, edit, and view time-bound requests from the Service Desk menu. Manage - Allows users to: View request details Create requests for: Existing client New client Edit time-bound request
	Service Order	View - Allows users to view the service order. A user with Manage permission can also perform the actions available with Create, Edit, Delete, and View permissions. Edit - Allows users to edit the service order. Create - Allows users to create a service order. Delete - Allows users to delete a service order. Manage - Allows users to manage the service order.
Knowledge Base	Knowledge Base	View - Allows users to view, rate, comment, like, and share an article. A user with Manage permission can also perform the actions available with Edit, and View permissions. Edit - Allows users to edit the knowledge base. Manage - Allows users to move an article, and also create, edit, and delete the: Knowledge base Category Article Template
Automation	Jobs	View - Allows access to the Automation tab. A user with Manage permission can also perform the actions available with the View permission. Manage - Allows access to: Create a job Edit a job Delete a job Run a job immediately using the Run Now option
	Patch Approval	View - Allows access to: Patch management in the Automation tab View the patch status View the configured patch install jobs under patch configuration page A user with Manage permission can also perform the actions available with the View permission. Manage - Allows access to: Patch management in the Automation tab Patch configuration page where users can create, edit, and delete a patch install job Patch approval pages, where one can approve patches for a set of devices
	Process Automation	View - Allows only to view the process automation artifacts. A user with Manage permission can also perform the actions available with the View permission. Manage - Allows users to create and view the process automation artifacts.
	Recordings Audit	Play, Search All Recordings - Users can play the recording and search for a recording. A user with All Recordings Play, Search, Edit permission can also perform the actions available with the other recording permissions. My Recordings: Play, Search, Edit - Users can play, search, and edit their recordings only and not any other user recordings. All Recordings: Play, Search, Edit - Users can play, search, and edit notes for all recordings. Users cannot delete any recordings.
	Scripts	View - Allows access to scripts page in the Automation tab, also allows access to view the list of scripts available, and the scripts scheduled on devices. A user with Manage permission can also perform the actions available with the View permission. Manage - Allows users to schedule a given script on a set of devices or to run the script immediately using the Run Now option.
Logs	Logs	View - Allows access to view the Reports. A user with Manage permission can also perform the actions available with the View permission.
Traces	Traces	View - Allows users to view traces.