Additional considerations
Roles allow grouping different levels of access for several organizations and, at the same time, allow grouping different levels of access by module to manage them in a simplified way.
Multiclient environments
The roles of an organization allow configuring access and visibility for the users of the organization, and also allow including the permissions to configure access and visibility to dependent organizations.
An organization is dependent when:
- It is client type and the roles and users are in the partner organization at a higher level.
- It is a sub-organization of a client organization.
Roles are assigned to users and contain the definition of levels of access and visibility, being able to establish different configurations for the root organization and its sub-organizations in the same role. This can only be done in a descending manner; that is, from a higher-level organization, permissions can be assigned to the organization itself and the organizations that depend on it.
Levels of access by modules

The levels of access are also defined for each module of the solution:
Portal
In Portal the following roles exist:
- No access
- Organization Administrator or 1in the table below
- Read-only organization administrator or 2in the table below
- User or 3in the table below
- L1 support team or 4in the table below
- L1 support team read-only or 5in the table below
- L2 support team or 6in the table below
- L2 support team read-only or 7in the table below
- L3 Engineering Team or 8in the table below
- L3 Engineering Team Read Only or 9in the table below
- Billing or 10in the table below
To access certain functionalities, in addition to access permissions in Portal, access to Workspaces is required, depending on the functionality, with role Level 1 or Level 2.
These role levels allow configuring visibility and segmented access according to the needs of each organization. The details of the visibility and actions available for each Portal access level are defined in the table below:
| Section | Functionality | Action | 1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9 | 10 | 
|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Home | Read | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ | |
| Operations | Read | ✅ | ✅ | ⭐ | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ | ❌ | |
| Flows | Read | ✅ | ✅ | ⭐ | ❌ | ❌ | ❌ | ❌ | ✅ | ✅ | ❌ | |
| Create | ✅ | ❌ | ⭐⭐ | ❌ | ❌ | ❌ | ❌ | ✅ | ❌ | ❌ | ||
| Refresh | ✅ | ❌ | ⭐⭐ | ❌ | ❌ | ❌ | ❌ | ✅ | ❌ | ❌ | ||
| Delete | ✅ | ❌ | ⭐⭐ | ❌ | ❌ | ❌ | ❌ | ✅ | ❌ | ❌ | ||
| Reports | List | Read | ✅ | ✅ | ❌ | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ | ❌ | 
| Detail | Read | ✅ | ✅ | ❌ | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ | ❌ | |
| Create | ✅ | ❌ | ❌ | ❌ | ❌ | ❌ | ❌ | ✅ | ❌ | ❌ | ||
| Delete | ✅ | ❌ | ❌ | ❌ | ❌ | ❌ | ❌ | ✅ | ❌ | ❌ | ||
| Tenants | Create | ✅ | ❌ | ❌ | ❌ | ❌ | ❌ | ❌ | ❌ | ❌ | ❌ | |
| Read | ✅ | ✅ | ❌ | ❌ | ❌ | ❌ | ❌ | ❌ | ❌ | ✅ | ||
| Refresh | ✅ | ❌ | ❌ | ❌ | ❌ | ❌ | ❌ | ❌ | ❌ | ❌ | ||
| Delete | ✅ | ❌ | ❌ | ❌ | ❌ | ❌ | ❌ | ❌ | ❌ | ❌ | ||
| Activation | Read | ✅ | ✅ | ❌ | ❌ | ❌ | ❌ | ❌ | ❌ | ❌ | ✅ | |
| Monitor | Active alerts | Read | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ | ❌ | 
| Alert Configuration | Create | ✅ | ❌ | ❌ | ❌ | ❌ | ❌ | ❌ | ❌ | ❌ | ❌ | |
| Read | ✅ | ✅ | ✅ | ❌ | ❌ | ❌ | ❌ | ❌ | ❌ | ❌ | ||
| Refresh | ✅ | ❌ | ❌ | ❌ | ❌ | ❌ | ❌ | ❌ | ❌ | ❌ | ||
| Delete | ✅ | ❌ | ❌ | ❌ | ❌ | ❌ | ❌ | ❌ | ❌ | ❌ | ||
| Workspaces | Read | ✅ | ✅ | ⭐ | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ | ❌ | |
| Refresh | ✅ | ❌ | ✅ | ✅ | ❌ | ✅ | ❌ | ✅ | ❌ | ❌ | ||
| Groups | Read | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ | ❌ | |
| Create | ✅ | ❌ | ⭐ | ❌ | ❌ | ✅ | ❌ | ✅ | ❌ | ❌ | ||
| Refresh | ✅ | ❌ | ❌ | ❌ | ❌ | ✅ | ❌ | ✅ | ❌ | ❌ | ||
| Delete | ✅ | ❌ | ❌ | ❌ | ❌ | ✅ | ❌ | ✅ | ❌ | ❌ | ||
| Patch | Read | ✅ | ✅ | ⭐ | ❌ | ❌ | ❌ | ❌ | ❌ | ❌ | ❌ | |
| Create | ✅ | ❌ | ⭐⭐ | ❌ | ❌ | ❌ | ❌ | ❌ | ❌ | ❌ | ||
| Refresh | ✅ | ❌ | ⭐⭐ | ❌ | ❌ | ❌ | ❌ | ❌ | ❌ | ❌ | ||
| Delete | ✅ | ❌ | ⭐⭐ | ❌ | ❌ | ❌ | ❌ | ❌ | ❌ | ❌ | ||
| Analyzer | Installed apps | Read | ✅ | ✅ | ✅ | ❌ | ❌ | ✅ | ✅ | ✅ | ✅ | ❌ | 
| Refresh | ✅ | ❌ | ✅ | ❌ | ❌ | ✅ | ❌ | ✅ | ❌ | ❌ | ||
| Analyzer | Licenses | Read | ✅ | ✅ | ❌ | ❌ | ❌ | ✅ | ✅ | ✅ | ✅ | ❌ | 
| Create | ✅ | ❌ | ❌ | ❌ | ❌ | ✅ | ❌ | ✅ | ❌ | ❌ | ||
| Refresh | ✅ | ❌ | ❌ | ❌ | ❌ | ✅ | ❌ | ✅ | ❌ | ❌ | ||
| Delete | ✅ | ❌ | ❌ | ❌ | ❌ | ✅ | ❌ | ✅ | ❌ | ❌ | ||
| SAM | Read | ✅ | ✅ | ❌ | ❌ | ❌ | ✅ | ✅ | ✅ | ✅ | ❌ | |
| Microservices | Create | ✅ | ❌ | ❌ | ❌ | ❌ | ✅ | ❌ | ✅ | ❌ | ❌ | |
| Read | ✅ | ✅ | ✅ | ❌ | ❌ | ✅ | ✅ | ✅ | ✅ | ❌ | ||
| Refresh | ✅ | ❌ | ❌ | ❌ | ❌ | ✅ | ❌ | ✅ | ❌ | ❌ | ||
| Enabled | Read | ✅ | ✅ | ✅ | ❌ | ❌ | ✅ | ✅ | ✅ | ✅ | ❌ | |
| Refresh | ✅ | ❌ | ❌ | ❌ | ❌ | ✅ | ❌ | ✅ | ❌ | ❌ | ||
| Billing | Read | ✅ | ✅ | ❌ | ❌ | ❌ | ❌ | ❌ | ❌ | ❌ | ✅ | |
| Refresh | ✅ | ❌ | ❌ | ❌ | ❌ | ❌ | ❌ | ❌ | ❌ | ✅ | ||
| Product | Read | ✅ | ✅ | ❌ | ❌ | ❌ | ❌ | ❌ | ❌ | ❌ | ❌ | |
| Report | Read | ✅ | ✅ | ✅ | ❌ | ❌ | ❌ | ❌ | ❌ | ❌ | ❌ | |
| Environment | Read | ✅ | ✅ | ✅ | ❌ | ❌ | ❌ | ❌ | ❌ | ❌ | ❌ | |
| Refresh | ✅ | ❌ | ❌ | ❌ | ❌ | ❌ | ❌ | ❌ | ❌ | ❌ | ||
| Agent Settings | Read | ✅ | ✅ | ❌ | ❌ | ❌ | ❌ | ❌ | ❌ | ❌ | ❌ | |
| Refresh | ✅ | ❌ | ❌ | ❌ | ❌ | ❌ | ❌ | ❌ | ❌ | ❌ | ||
| Integrations | Create | ✅ | ❌ | ❌ | ❌ | ❌ | ❌ | ❌ | ❌ | ❌ | ❌ | |
| Read | ✅ | ✅ | ❌ | ❌ | ❌ | ❌ | ❌ | ❌ | ❌ | ❌ | ||
| Refresh | ✅ | ❌ | ❌ | ❌ | ❌ | ❌ | ❌ | ❌ | ❌ | ❌ | ||
| Modules | Create | ✅ | ❌ | ❌ | ❌ | ❌ | ❌ | ❌ | ❌ | ❌ | ❌ | |
| Read | ✅ | ✅ | ❌ | ❌ | ❌ | ❌ | ❌ | ❌ | ❌ | ❌ | ||
| Refresh | ✅ | ❌ | ❌ | ❌ | ❌ | ❌ | ❌ | ❌ | ❌ | ❌ | ||
| Information | Read | ✅ | ✅ | ✅ | ❌ | ❌ | ❌ | ❌ | ❌ | ❌ | ✅ | |
| Refresh | ✅ | ❌ | ❌ | ❌ | ❌ | ❌ | ❌ | ❌ | ❌ | ❌ | ||
| Directives | Create | ✅ | ❌ | ❌ | ❌ | ❌ | ❌ | ❌ | ❌ | ❌ | ❌ | |
| Read | ✅ | ✅ | ✅ | ❌ | ❌ | ❌ | ❌ | ❌ | ❌ | ❌ | ||
| Refresh | ✅ | ❌ | ❌ | ❌ | ❌ | ❌ | ❌ | ❌ | ❌ | ❌ | ||
| Delete | ✅ | ❌ | ❌ | ❌ | ❌ | ❌ | ❌ | ❌ | ❌ | ❌ | ||
| Reporting Groups | Create | ✅ | ❌ | ❌ | ❌ | ❌ | ❌ | ❌ | ❌ | ❌ | ❌ | |
| Read | ✅ | ✅ | ❌ | ❌ | ❌ | ❌ | ❌ | ❌ | ❌ | ❌ | ||
| Refresh | ✅ | ❌ | ❌ | ❌ | ❌ | ❌ | ❌ | ❌ | ❌ | ❌ | ||
| Delete | ✅ | ❌ | ❌ | ❌ | ❌ | ❌ | ❌ | ❌ | ❌ | ❌ | ||
| Agent Settings | Read | ✅ | ✅ | ❌ | ❌ | ❌ | ❌ | ❌ | ❌ | ❌ | ❌ | |
| Refresh | ✅ | ❌ | ❌ | ❌ | ❌ | ❌ | ❌ | ❌ | ❌ | ❌ | ||
| Auto update settings | Refresh | ✅ | ❌ | ❌ | ❌ | ❌ | ❌ | ❌ | ❌ | ❌ | ❌ | |
| Magic link | Create | ✅ | ❌ | ❌ | ❌ | ❌ | ❌ | ❌ | ❌ | ❌ | ❌ | |
| Read | ✅ | ✅ | ❌ | ❌ | ❌ | ❌ | ❌ | ❌ | ❌ | ❌ | ||
| Refresh | ✅ | ❌ | ❌ | ❌ | ❌ | ❌ | ❌ | ❌ | ❌ | ❌ | ||
| Roles | Create | ✅ | ❌ | ❌ | ❌ | ❌ | ❌ | ❌ | ❌ | ❌ | ❌ | |
| Read | ✅ | ✅ | ❌ | ❌ | ❌ | ✅ | ✅ | ✅ | ✅ | ❌ | ||
| Refresh | ✅ | ❌ | ❌ | ❌ | ❌ | ❌ | ❌ | ❌ | ❌ | ❌ | ||
| Delete | ✅ | ❌ | ❌ | ❌ | ❌ | ❌ | ❌ | ❌ | ❌ | ❌ | ||
| Users | Create | ✅ | ❌ | ❌ | ❌ | ❌ | ❌ | ❌ | ❌ | ❌ | ❌ | |
| Read | ✅ | ✅ | ❌ | ❌ | ❌ | ✅ | ✅ | ✅ | ✅ | ❌ | ||
| Refresh | ✅ | ❌ | ❌ | ❌ | ❌ | ❌ | ❌ | ❌ | ❌ | ❌ | ||
| Delete | ✅ | ❌ | ❌ | ❌ | ❌ | ❌ | ❌ | ❌ | ❌ | ❌ | 
- ✅ Has access.
- ⭐ Has access if additionally has L1 in Workspaces.
- ⭐⭐ Has access if additionally has L2 in Workspaces.
- ❌ No access.
Access Levels for Microservices
In microservices, the same roles are maintained as in Portal, but with specific access levels:
Microservices
The user's role corresponds to the organization where the microservice was created.
| Action | 1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9 | 10 | 
|---|---|---|---|---|---|---|---|---|---|---|
| Clone / create | ✅ | ❌ | ❌ | ❌ | ❌ | ✅ | ❌ | ✅ | ❌ | ❌ | 
| View | ✅ | ✅ | 🔑 | ❌ | ❌ | ✅ | ✅ | ✅ | ✅ | ❌ | 
| Edit | ✅ | ❌ | 💡 | ❌ | ❌ | ✅ | ❌ | ✅ | ❌ | ❌ | 
| Change to public or private | ❌ | ❌ | ❌ | ❌ | ❌ | ❌ | ❌ | ❌ | ❌ | ❌ | 
| Edit visibility when private | ✅ | ❌ | 💡 | ❌ | ❌ | ✅ | ❌ | ✅ | ❌ | ❌ | 
- ✅ Has access.
- 🔑 Access is granted if additionally has L1 read-only access in Workspaces.
- 💡 Access is granted if the author of the microservice.
- ❌ No access.
Enabled microservices
The user's role corresponds to the organization where the microservice was enabled or disabled.
| Action | 1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9 | 10 | 
|---|---|---|---|---|---|---|---|---|---|---|
| Enable | ✅ | ❌ | ❌ | ❌ | ❌ | ✅ | ❌ | ✅ | ❌ | ❌ | 
| Disable | ✅ | ❌ | ❌ | ❌ | ❌ | ✅ | ❌ | ✅ | ❌ | ❌ | 
| Edit | ✅ | ❌ | ❌ | ❌ | ❌ | ✅ | ❌ | ✅ | ❌ | ❌ | 
- ✅ Has access.
- ❌ No access.
Workspaces
In Workspaces, there are four roles with different levels of access available:
- Level 1 or L1in the table below
- Level 1 read-only or L1 ROin the table below
- Level 2 or L2in the table below
- Level 2 read-only or L2 ROin the table below
Available actions by each role:
| Functionality | Action | L1 | L1 RO | L2 | L2 RO | 
|---|---|---|---|---|---|
| UX Panel | View | ✅ | ✅ | ✅ | ✅ | 
| Workspaces | View | ✅ | ✅ | ✅ | ✅ | 
| Workspaces | Execute operations | ✅ | ❌ | ✅ | ❌ | 
| Sessions | View | ✅ | ✅ | ✅ | ✅ | 
| Sessions | Execute operations | ✅ | ❌ | ✅ | ❌ | 
| Connection Logs | View | ✅ | ✅ | ✅ | ✅ | 
| Job | View | ✅ | ✅ | ✅ | ✅ | 
| Job | Cancel | ✅ | ❌ | ✅ | ❌ | 
| Alert | View | ✅ | ✅ | ✅ | ✅ | 
| Alert | Off | ✅ | ❌ | ✅ | ❌ | 
| Profile Storage | View | ✅ | ✅ | ✅ | ✅ | 
| Profile Storage | Modify | ✅ | ❌ | ✅ | ❌ | 
| Profile Storage | Delete | ✅ | ❌ | ✅ | ❌ | 
| Alert notification profiles | View | ❌ | ❌ | ✅ | ✅ | 
| Alert notification profiles | Modify | ❌ | ❌ | ✅ | ❌ | 
| Alert notification profiles | Delete | ❌ | ❌ | ✅ | ❌ | 
| Alert Subscriptions | View | ❌ | ❌ | ✅ | ✅ | 
| Alert Subscriptions | Modify | ❌ | ❌ | ✅ | ❌ | 
| Alert Subscriptions | Delete | ❌ | ❌ | ✅ | ❌ | 
| Event Logs | View | ❌ | ❌ | ✅ | ✅ | 
| Event Logs | Modify | ❌ | ❌ | ✅ | ❌ | 
| Event Logs | Delete | ❌ | ❌ | ✅ | ❌ | 
| Locations | View | ❌ | ❌ | ✅ | ✅ | 
| Locations | Create | ❌ | ❌ | ✅ | ❌ | 
| Locations | Modify | ❌ | ❌ | ✅ | ❌ | 
| Networks | View | ❌ | ❌ | ✅ | ✅ | 
| Networks | Modify | ❌ | ❌ | ✅ | ❌ | 
| Notifications | View | ❌ | ❌ | ✅ | ✅ | 
| Notifications | Create | ❌ | ❌ | ✅ | ❌ | 
| Notifications | Modify | ❌ | ❌ | ✅ | ❌ | 
| Notifications | Delete | ❌ | ❌ | ✅ | ❌ | 
| Reporting Groups | View | ❌ | ❌ | ✅ | ✅ | 
| Servers | View | ❌ | ❌ | ✅ | ✅ | 
| Servers | Execute operations | ❌ | ❌ | ✅ | ❌ | 
| Wireless networks | View | ❌ | ❌ | ✅ | ✅ | 
| Wireless networks | Modify | ❌ | ❌ | ✅ | ❌ | 
- ✅ Has access.
- ❌ No access.
Analyzer
Since Analyzer presents information and never allows modifications to the organization or its devices, it does not segment access to the functionalities it contains, therefore access is either granted or denied to users.
Therefore, the access options to Analyzer are:
- Access
- No access