Permissions Reference

Learn about all of the permissions that you can set in Oracle Communications Unified Assurance and the permissions required to access each user interface (UI) available from the Unified Assurance main navigation menu.

Permissions listed in this document use the format <package>: <permission1>, <permission2>. For example, device: Zones, Devices indicates the Zones and Devices permissions in the device package. Permissions are generally listed in alphabetical order by package, which corresponds to how they appear in the Roles UI.

See Permissions for All Roles for recommended permissions to grant to all roles for basic UI functionality and Permissions for Sample Roles for permissions to grant some sample read-only roles.

Permission Descriptions

The following table describes all of the permissions available in the Roles UI, organized in alphabetical order by package.

To help understand the type of user the permissions are useful for, the UI Navigation column lists the top level navigation menu option that each permission is relevant to. For example, permissions that are relevant only to the Configuration option are useful for administrators, but permissions that are also relevant to Events option are useful for general users.

Although the table includes only the top level navigation option, the permissions grant access to specific UIs and actions within the submenus. For information about the permissions required for specific UIs within the navigation menus, see UI Permissions Reference.

Package	Permission	Permission ID	Description	Actions	UI Navigation
AAA	AuthTypes	12001	Manage authentication types.	Read, Update	Configuration
AAA	Permissions	12002	View permissions.	Read	Configuration
AAA	Preferences	12003	Manage user preferences.	Read, Create, Update, Delete	Configuration, User profile (select your user name in the main navigation menu)
AAA	Roles	12004	Manage user roles.	Read, Create, Update, Delete	Configuration
AAA	Subgroups	12011	Manage subgroups for users.	Read, Create, Update, Delete	Configuration
AAA	UserGroupProperties	12006	Manage user group properties.	Read, Create, Update, Delete	Configuration
AAA	UserGroups	12007	Manage user groups.	Read, Create, Update, Delete	Configuration
AAA	UserProfiles	12008	Manage user profiles.	Read, Update	User profile (select your user name in the main navigation menu)
AAA	UserProperties	12009	Manage user properties.	Read, Create, Update, Delete	Configuration, User profile (select user name in main navigation)
AAA	Users	12010	Manage users.	Read, Create, Update, Delete	Configuration
analyticsNavigation	Analytics	80001	View the Analytics menu in the main navigation menu.	N/A	Analytics
broker	ApplicationConfigTypes	11012	Manage application configuration types used by services and jobs.	Read, Create, Update, Delete	Configuration
broker	FailoverStates	11003	View the failover status of Unified Assurance Services in real time.	Read	Configuration
broker	Jobs	11004	Manage broker jobs.	Read, Create, Update, Delete, Execute	Configuration
broker	Licenses	11005	Manage Unified Assurance licensing.	Read, Update	N/A
broker	RenderTypes	11011	View automated data rendering.	Read	Configuration
broker	ServerCategories	11010	Manage Unified Assurance server categories.	Read	N/A
broker	Servers	11008	Manage servers for local and remote brokers.	Read, Update, Delete, Execute	Configuration
broker	Services	11009	Manage broker services.	Read, Create, Update, Delete, Execute	Configuration
config	Actions	60001	Manage device configuration actions.	Read, Create, Update, Delete	Configuration
config	Collections	60002	Manage device configuration collections.	Read, Create, Update, Delete, Execute	Configuration
config	Policies	60003	Manage device configuration policies.	Read, Create, Update, Delete	Configuration
config	Profiles	60004	Manage device configuration profiles.	Read, Create, Update, Delete	Configuration
config	ViewConfigs	60005	View device configuration configs and related information.	Read	Dashboards
core	GlobalProperties	13506	Manage Unified Assurance global properties.	Read, Update	Configuration
core	Icons	13501	View and create Unified Assurance icons. Always grant this permission for basic UI functionality.	Read, Create	All
core	Locales	13502	View locales. Always grant this permission for basic UI functionality.	Read	All
core	Navigations	13503	View expanding navigation panels. Always grant this permission for basic UI functionality.	Read	All
core	Themes	13504	View themes. Always grant this permission for basic UI functionality.	Read	All
core	TimeZones	13505	View time zones. Always grant this permission for basic UI functionality.	Read	All
dashboard	DashboardGroups	13101	Manage dashboard groups.	Read, Create, Update, Delete	Configuration
dashboard	Dashboards	13102	Manage dashboards.	Read, Create, Update, Delete	Configuration, Dashboards, Devices, Diagrams
dashboardNavigation	Dashboards	13100	View the Dashboards UI in the main navigation menu.	Read	Dashboards
database	Databases	12101	Manage Unified Assurance databases.	Read, Create, Update, Delete, Execute	Configuration, Dashboards
database	Queries	12102	Manage saved database queries.	Read, Create, Update, Delete, Execute	Configuration, Dashboards
database	QueryTools	12103	Run saved or adhoc database queries.	Read, Create, Update, Delete, Execute	Configuration, Dashboards
device	Categories	12201	Manage device categories.	Read, Create, Update, Delete	Configuration
device	DeviceManagement	12202	Manage bulk actions for devices.	Read, Update, Delete	Configuration
device	Devices	12203	Manage devices.	Read, Create, Update, Delete, Execute	Configuration, Dashboards, Devices, Diagrams, Events
device	DeviceViews	12210	View device details.	Read	Devices, Dashboards, Events
device	Groups	12204	Manage device groups.	Read, Create, Update, Delete	Configuration, Devices
device	MetaData	12211	View device metadata.	Read	Configuration, Dashboards
device	MetaTypes	12205	Manage device metatag types.	Read, Create, Update, Delete	Configuration
device	Remote	12212	Access the endpoint for on-demand Guacamole sessions to sign and encrypt JSON data.	Read, Create, Delete	N/A
device	Types	12206	Manage device types to associate SNMP SysOIDs with vendor and device models.	Read, Create, Update, Delete	Configuration
device	Vendors	12207	Manage device vendors used with device types.	Read, Create, Update, Delete	Configuration
device	Windows	12208	Manage device maintenance windows.	Read, Create, Update, Delete	Configuration
device	Zones	12209	Manage the device zones that organize devices for distributed discovery, polling, and collection.	Read, Create, Update, Delete	Configuration, Dashboards, Devices
deviceNavigation	Devices	12200	View the Devices UI in the main navigation menu.	Read	Devices
diagram	DiagramGroups	40001	Manage diagram groups.	Read, Create, Update, Delete	Configuration
diagram	Diagrams	40002	Manage diagrams.	Read, Create, Update, Delete, Execute	Configuration, Diagrams, Dashboards
diagram	Menus	40003	Manage diagram context menus.	Read, Create, Update, Delete	Configuration, Diagrams, Dashboards
diagram	Tools	40004	Manage diagram context menu tools.	Read, Create, Update, Delete, Execute	Configuration, Diagrams, Dashboards
diagram	Types	40005	View diagram types.	Read	Configuration
diagram	Widgets	40006	View diagram widgets.	Read	Configuration, Diagrams
diagramNavigation	Diagrams	40000	View the Diagrams UI in the main navigation menu.	Read	Diagrams
discovery	Discover	12301	View and run manual device discovery.	Read, Execute	Configuration
discovery	Excludes	12302	Manage exclusion profiles for device discovery.	Read, Create, Update, Delete	Configuration
discovery	Includes	12303	Manage inclusion profiles for device discovery.	Read, Create, Update, Delete	Configuration
discovery	SNMP	12304	Manage SNMP access credentials.	Read, Create, Update, Delete	Configuration
event	CustomEventFields	20017	Manage custom event fields.	Read, Create, Update, Delete, Execute	Configuration, Events, Dashboards
event	DisplayConversions	20014	Manage conversions for how data is displayed in the event list.	Read, Create, Update, Delete	Configuration, Events, Dashboards
event	Displays	20004	Manage event displays.	Read, Create, Update, Delete	Configuration, Dashboards, Devices, Diagrams, Events, Services
event	EventInfo	20002	View individual event details.	Read	N/A
event	EventJournals	20003	Manage event journal entries.	Read, Create	Events, Dashboards
event	Events	20005	Manage events.	Read, Create, Update, Delete	Configuration, Events, Dashboards, Devices, Diagrams, Services
event	FilterGroups	20006	Manage event filter groups.	Read, Create, Update, Delete	Configurations, Events, Dashboards, Devices, Diagrams
event	Filters	20007	Manage event filters.	Read, Create, Update, Delete	Configuration, Events, Dashboards, Devices, Diagrams
event	ForensicViews	20008	View event fields in forensic lists configured for dashboards.	Read	Configuration, Dashboards
event	Gauges	20009	View event gauge data.	Read	N/A
event	Mechanizations	20010	Manage event mechanizations.	Read, Create, Update, Delete	Configuration
event	Menus	20011	Manage Unified Assurance event context menus.	Read, Create, Update, Delete	Configuration, Events, Dashboards
event	MetaEvents	20012	Manage event meta events for the SLM Engine or Watcher Policies.	Read, Create, Update, Delete	Configuration
event	Nodes	20101	Manage CAPE nodes.	Read, Create, Update, Delete, Execute	Configuration
event	Policies	20102	Manage CAPE policies.	Read, Create, Update, Delete	Configuration
event	SupervisedCorrelations	20016	Manage supervised event correlation policies.	Read, Create, Update, Delete	Configuration
event	Tools	20013	Manage and run event context menu tools.	Read, Create, Update, Delete, Execute	Configuration, Events, Dashboards
event	WatcherPolicies	20401	Manage event watcher policies.	Read, Create, Update, Delete	Configuration
eventAnalytics	Admin	20501	Administrator access for Observability Analytics.	N/A	Everything in Analytics: Events
eventAnalytics	Operator	20502	Operator access for Observability Analytics.	N/A	Everything in Analytics: Events except Administration: Console and Management.
eventAnalytics	Viewer	20503	Read-only access to Observability Analytics dashboards.	N/A	Observability Analytics dashboards provided as links directly to users or as default Unified Assurance links for user groups.
eventNavigation	Events	20000	View the Events UI in the main navigation menu.	N/A	Analytics: Events menu items
file	Files	12401	Manage files and images stored within Unified Assurance.	Read, Create, Update, Delete	Configuration, Dashboards
file	FileTypes	12402	Manage file types for files and images stored within Unified Assurance.	Read, Create, Update, Delete, Execute	Configuration
flowAnalytics	Admin	90001	Administrator access for Flow Analytics.	N/A	Everything in Analytics: Flow
flowAnalytics	Operator	90002	Operator access for Flow Analytics.	N/A	Everything in Analytics: Flow
flowAnalytics	Viewer	90003	Read-only access to Flow Analytics dashboards.	N/A	Read-only versions of the dashboards in Analytics: Flow.
gateway	Elements	13401	Manage TL1 elements.	Read, Create, Update, Delete	Configuration
gateway	Gateways	13402	Manage TL1 gateways.	Read, Create, Update, Delete	Configuration
global	PUBLISHER	10002	View users and groups when setting multi-tenant permissions.	N/A	Configuration
global	SUPER	10001	View and modify all resources.	N/A	Configuration
graph	Edges	12501	Manage edges between two graph vertices.	Read, Create, Update, Delete	Configuration, Dashboards, Devices
graph	EdgeTypes	12503	Manage graph edge types.	Read, Create, Update, Delete	Configuration, Dashboards, Devices
graph	Graphs	12507	View topology graphs.	Read	Configuration, Dashboards, Devices
graph	NodeDetails	12508	View topology graph node details.	Read	Configuration, Dashboards, Devices
graph	PropertyTypes	12506	Manage property types of graph vertices and edges.	Read, Create, Update, Delete	Configuration, Dashboards, Devices
graph	VertexTypes	12505	Manage graph vertex types.	Read, Create, Update, Delete	Configuration, Dashboards, Devices
graph	Vertices	12504	Manage graph vertices.	Read, Create, Update, Delete	Configuration, Dashboards, Devices
knowledgebase	Articles	70001	Manage knowledgebase wiki articles.	Read, Create, Update, Delete	Context menus in Events, Links
link	LinkGroups	12801	Manage link groups.	Read, Create, Update, Delete	Configuration
link	Links	12802	Manage links.	Read, Create, Update, Delete	Configuration
linkNavigation	Links	12800	View the Links UI in the main navigation menu.	Read	Links
logNavigation	Logs	11006	View the Logs UI in the main navigation menu.	N/A	Logs
metric	AbnormalProfiles	30701	Manage abnormal profiles for advanced metric thresholds.	Read, Create, Update, Delete	Configuration
metric	AllMetricsOverview	30201	View metric overviews.	Read	Configuration, Dashboards, Devices
metric	AvailabilityData	30001	View metric availability data.	Read	Configuration, Dashboards, Devices
metric	Calculations	30301	Manage metric consolidation policies.	Read, Create, Update, Delete, Execute	Configuration
metric	Categories	30202	Manage metric categories.	Read, Create, Update, Delete	Configuration
metric	Collections	30002	Manage metric collections.	Read, Create, Update, Delete	Configuration
metric	DeviceGroupAvailabilityData	30003	View device group availability data.	Read	Configuration, Dashboards
metric	DisplayInstances	30004	Manage metric display instances.	Read, Create, Update, Delete	Configuration, Dashboards
metric	Instances	30005	Manage metric instances.	Read, Create, Update, Delete	Configuration, Dashboards, Diagrams
metric	Measurements	30014	Manage metric measurements.	Read	Configuration, Dashboards
metric	MetricGroups	30006	Manage metric groups.	Read, Create, Update, Delete	Configuration, Dashboards
metric	Metrics	30007	Manage metrics.	Read, Create, Update, Delete	Configuration, Dashboards, Devices, Events, Services
metric	NetworkTraffic	30203	View network traffic DDOs.	Read	Configuration, Dashboards
metric	PerformanceData	30008	View metric performance data.	Read	Configuration, Dashboards, Devices, Events, Services
metric	PollerTemplates	30009	Manage poller templates.	Read, Create, Update, Delete	Configuration
metric	PollingAssignments	30010	Manage polling metrics and threshold assignments in bulk.	Read, Create	Configuration
metric	PollingPolicies	30011	Manage polling policies.	Read, Create, Update, Delete	Configuration
metric	RetentionPolicies	30015	Manage retention policies.	Read	Configuration, Dashboards
metric	ThresholdFunctions	30604	Manage threshold functions.	Read	Configuration
metric	ThresholdGroups	30601	Manage threshold groups.	Read, Create, Update, Delete	Configuration
metric	Thresholds	30602	Manage thresholds.	Read, Create, Update, Delete	Configuration, Dashboards, Devices, Services
metric	ThresholdTypes	30603	Manage threshold types.	Read	Configuration, Diagrams
metric	TopNData	30012	View metric top-N data.	Read	Configuration, Dashboards
metric	Transactions	30801	Manage metric synthetic transactions.	Read, Create, Update, Delete, Execute	Configuration
metric	Types	30013	Manage metric types.	Read, Create, Update, Delete	Configuration, Dashboards, Diagrams
metricAnalytics	Admin	30901	Administrator access for Metric Analytics.	N/A	Everything in Analytics: Metrics
metricAnalytics	Operator	30902	Operator access for Metric Analytics.	N/A	Analytics: Metrics: Alerting, Dashboard, and Playlists
metricAnalytics	Viewer	30903	Read-only access to Metric Analytics dashboards.	N/A	Metric Analytics dashboards provided as links directly to users or as default Unified Assurance links for user groups.
microservice	Catalogs	15002	View microservice Helm charts.	Read	Configuration
microservice	Clusters	15000	View microservice clusters.	Read	Configuration
microservice	Deploy	15004	Deploy microservices.	Read, Create, Update, Delete	Configuration
microservice	Namespaces	15001	Manage namespaces for microservices.	Read, Create, Update, Delete	Configuration
microservice	Releases	15003	Manage microservice releases.	Read, Create, Update, Delete	Configuration
microservice	Workload	15005	View microservice workloads.	Read	Configuration
navigation	Bookmarks	13507	Manage Unified Assurance bookmarks.	Read, Create, Update, Delete	Bookmarks
navigation	Configurations	12000	View the Configuration menu in the main navigation menu.	Read	Configuration
notification	Profiles	12901	Manage notification profiles.	Read, Create, Update, Delete	Configuration, Dashboards
notification	Templates	12902	Manage notification templates.	Read, Create, Update, Delete	Configuration, Dashboards
package	Depots	13002	Manage the package depots for updating Unified Assurance.	Read, Create, Update, Delete	Configuration
package	Packages	13001	Manage installed packages.	Read, Delete, Execute	Configuration
report	Profiles	13601	Manage report profiles.	Read, Create, Update, Delete	Configuration
report	Reports	13602	Manage reports.	Read, Create, Update, Delete, Execute	Configuration
rule	Branches	13201	Manage rule repository branches.	Read	Configuration
rule	Rules	13204	Manage custom rules.	Read, Create, Update, Delete, Execute	Configuration
SLM	Dashboards	13303	View service dashboards.	Read	Dashboards, Services
SLM	Metrics	30402	Manage SLM metric definitions.	Read, Create, Update, Delete	Configuration
SLM	ServiceFilters	20301	Manage event service definitions.	Read, Create, Update, Delete	Configuration, Services
SLM	ServiceMetrics	30401	Manage metric service definitions.	Read, Create, Update, Delete	Configuration, Services
SLM	Services	13301	Manage SLM service definitions.	Read, Create, Update, Delete	Configuration, Dashboards, Services
SLM	ServiceViews	13302	View service details information panels.	Read	Configuration, Dashboards, Services
SLM	Widgets	13304	View service dashboard widgets.	Read	Dashboards, Services
SLMNavigation	NavServices	13300	View the services navigation menu.	Read	Services
topology	Layouts	50005	Manage topology graph layouts.	Read, Create, Update, Delete, Execute	Configuration, Dashboards
topology	Menus	50002	Manage topology graph context menus.	Read, Create, Update, Delete	Configuration, Dashboards
topology	NetworkDetails	50001	View topology graph network details.	Read	Configuration, Dashboards, Devices
topology	Tools	50003	Manage topology graph context menu tools.	Read, Create, Update, Delete, Execute	Configuration
vision	Admin	100001	Administrator access for Vision.	N/A	Everything in Analytics: Vision
vision	Api	100004	API access for Vision.	N/A	N/A
vision	Menus	100011	Manage custom context menus for Vision.	Read, Create, Update, Delete	Configuration
vision	Operator	100002	Operator access for Vision.	N/A	Everything in Analytics: Vision except group tabs
vision	Tools	100010	Manage custom tools for Vision.	Read, Create, Update, Delete, Execute	Configuration
vision	Viewer	100003	Read-only access for Vision.	N/A	The map and view-only tabs in Analytics: Vision.

UI Permissions Reference

The topics in this section describe the permissions required to access and use each UI, organized by the options available in the main navigation menu.

The Bookmarks menu requires the navigation: Bookmarks permission. To give users complete control over their bookmarks, enable all actions for this permission.

The UIs in the Configuration menu require at least the read action for the permissions listed in the following table. You can enable other actions where indicated to give roles more control.

All UIs in this table require the navigation: Configurations permission.

Note:

Be cautious when granting database permissions. Users with these permissions can edit, disable, and delete the actual databases that Unified Assurance depends on, and users with access to query tools can run queries regardless of data restrictions set in restrictive user group settings.

User Interface	Package: Permissions	Notes
AAA: Authentication Types	AAA: AuthTypes (enable actions as needed)	N/A
AAA: Roles	AAA: Permissions, Roles (enable actions as needed)	N/A
AAA: Users	AAA: AuthTypes, Preferences, Subgroups, UserGroups, UserProperties, Users (enable actions as needed)	User preferences that require additional permissions: For DefaultDisplayID, event: Displays For DefaultLink, link: Links
AAA: User Groups	AAA: Preferences, Roles, UserGroupProperties, UserGroups (enable actions as needed), Users	User group preferences that require additional permissions: For DefaultDisplayID, event: Displays For DefaultLink, link: Links
Broker Control: Application Config Types	broker: ApplicationConfigTypes (enable actions as needed), RenderTypes	N/A
Broker Control: Failover Service States	broker: FailoverStates, Services	N/A
Broker Control: Jobs	broker: ApplicationConfigTypes, Jobs (enable actions as needed), Servers, Services package: Packages	Job configurations that require additional permissions: For BranchDir, rule: Branches For DatabaseID, database: Databases For DeviceGroupID, device: Groups For DeviceID, device: Devices For DeviceZoneID, device: Zones For EdgeTypeID, graph: EdgeTypes For NotificationProfileID, notification: Profiles For NotificationTemplateID, notification: Templates
Broker Control: Package Depots	package: Depots (enable actions as needed)	N/A
Broker Control: Servers	broker: Servers (enable actions as needed)	N/A
Broker Control: Services	broker: ApplicationConfigTypes, Servers, Services (enable actions as needed) package: Packages	Service configurations that require additional permissions: For BranchDir, rule: Branches For DatabaseID, database: Databases For DeviceGroupID, device: Groups For DeviceID, device: Devices For DeviceZoneID, device: Zones For EdgeTypeID, graph: EdgeTypes For NotificationProfileID, notification: Profiles For NotificationTemplateID, notification: Templates
Dashboards: Dashboards	AAA: UserGroups, Users dashboard: Dashboards (enable actions as needed)	Most panels require additional permissions. These are described in the next rows.
Dashboards: Dashboards, View Config panel	config: ViewConfigs	Required in addition to the permissions for the Dashboards UI.
Dashboards: Dashboards, Chart panel	database: Queries, QueryTools (requires the execute action)	Required in addition to the permissions for the Dashboards UI.
Dashboards: Dashboards, Dynamic Inputs panel	broker: RenderTypes The following, depending on the API selected for combo boxes: AAA: UserGroups, Users core: Locales, TimeZones database: Databases device: Devices, Zones diagram: Diagrams event: Displays graph: EdgeTypes, Vertices link: Links notification: Profiles, Templates	Required in addition to the permissions for the Dashboards UI.
Dashboards: Dashboards, Database Grid panel	database: Queries	Required in addition to the permissions for the Dashboards UI.
Dashboards: Dashboards, Device Info panel	device: Devices, DeviceViews	Required in addition to the permissions for the Dashboards UI.
Dashboards: Dashboards, Diagram panel	diagram: Diagrams	Required in addition to the permissions for the Dashboards UI. Also requires any additional permissions needed by widgets in diagrams.
Dashboards: Dashboards, Event List panel	device: Devices, MetaData, MetaTypes event: Displays, Events, FilterGroups, Filters, ForensicViews, Menus	Required in addition to the permissions for the Dashboards UI.
Dashboards: Dashboards, Image panel	file: Files	Required in addition to the permissions for the Dashboards UI.
Dashboards: Dashboards, Topology Graph and Adhoc Topology panels	AAA: UserGroups, Users device: Devices, Zones deviceNavigation: Devices event: Displays, Events file: Files graph: Edges, EdgeTypes, Graphs, NodeDetails, PropertyTypes, VertexTypes, Vertices metrics: Metrics topology: Layouts, Menus	Required in addition to the permissions for the Dashboards UI.
Dashboards: Dashboards, Adhoc Graph panel	metric: PerformanceData, RetentionPolicies	Required in addition to the permissions for the Dashboards UI.
Dashboards: Dashboards, All Metrics Overview panel	device: Devices, Groups, Zones metric: AllMetricsOverview, MetricGroups, RetentionPolicies, Types	Required in addition to the permissions for the Dashboards UI.
Dashboards: Dashboards, Device Availability Pie panel	device: Devices metric: RetentionPolicies, Types	Required in addition to the permissions for the Dashboards UI.
Dashboards: Dashboards, Device Group Availability panel	device: Devices, Groups metric: DeviceGroupAvailability, RetentionPolicies, Types	Required in addition to the permissions for the Dashboards UI.
Dashboards: Dashboards, Network Traffic panel	device: Devices metric: NetworkTraffic, RetentionPolicies	Required in addition to the permissions for the Dashboards UI.
Dashboards: Dashboards, Top-N Metrics Table panel	device: Groups metric: MetricGroups, TopNData, Types	Required in addition to the permissions for the Dashboards UI.
Dashboards: Dashboards, SLM Compliance Graph panel	SLM: Services	Required in addition to the permissions for the Dashboards UI.
Dashboards: Dashboards, SLM Gauge panel	SLM: Services	Required in addition to the permissions for the Dashboards UI.
Dashboards: Dashboards, SLM Tree panel	SLM: Services, ServiceViews	Required in addition to the permissions for the Dashboards UI.
Dashboards: Dashboards, Network Details panel	device: Devices topology: NetworkDetails	Required in addition to the permissions for the Dashboards UI.
Dashboards: Dashboard Groups	dashboard: DashboardGroups (enable actions as needed), Dashboards	N/A
Databases: Databases	database: Databases (enable actions as needed)	Oracle recommends caution when granting database permissions. These permissions can allow users to edit, disable, and delete the actual databases that Unified Assurance depends on, and users with access to query tools can run queries regardless of data restrictions set in restrictive user group settings.
Databases: Queries	AAA: UserGroups, Users database: Databases, Queries (enable actions as needed)	N/A
Databases: Query Tools	AAA: UserGroups, Users database: Databases, QueryTools (enable actions as needed)	N/A
Device Catalog: Devices	device: Categories, Devices (enable actions as needed), Groups, MetaTypes, Zones discovery: SNMP	N/A
Device Catalog: Device Groups	device: Devices, Groups (enabled actions as needed)	N/A
Device Catalog: Device Management	device: Categories, DeviceManagement (enable actions as needed), Devices (enable delete to allow the Force Device Delete action), Groups, MetaTypes, Zones	N/A
Device Catalog: Device Type Categories	device: Categories (enable actions as needed)	N/A
Device Catalog: Device Types	device: Categories, Types (enable actions as needed), Vendors	N/A
Device Catalog: Device Zones	device: Zones (enable actions as needed)	N/A
Device Catalog: Maintenance Windows	device: Devices, Windows (enable actions as needed)	N/A
Device Catalog: Meta Types	broker: RenderTypes device: MetaTypes (enable actions as needed)	N/A
Device Catalog: Vendors	device: Vendors (enable actions as needed)	N/A
Device Configuration: Actions	config: Actions (enable actions as needed)	N/A
Device Configuration: Collections	config: Actions, Collections (enable actions as needed), Profiles device: Devices	N/A
Device Configuration: Policies	config: Actions, Policies (enable actions as needed), Profiles device: Categories, MetaTypes, Types	N/A
Device Configuration: Profiles	config: Profiles (enable actions as needed) notification: Profiles, Templates	N/A
Device Discovery: Exclusion Profiles	device: Zones discovery: Excludes (enable actions as needed)	N/A
Device Discovery: Inclusion Profiles	device: Zones discovery: Includes (enable actions as needed)	N/A
Device Discovery: Manual Discovery	discovery: Discover (enable actions as needed)	N/A
Device Discovery: SNMP Access	device: Zones discovery: SNMP (enable actions as needed)	N/A
Diagrams: Diagrams	diagram: DiagramGroups, Diagrams (enable actions as needed), Menus, Types, Widgets device: Devices, MetaTypes, MetaData event: Displays, FilterGroups, Filters file: Files metric: Metrics, RetentionPolicies, Thresholds, Types	N/A
Diagrams: Diagram Groups	diagram: DiagramGroups (enable actions as needed), Diagrams	N/A
Diagrams: Menus	AAA: UserGroups diagram: Menus (enable actions as needed), Tools	N/A
Diagrams: Tools	diagram: Tools (enable actions as needed)	N/A
Events: CAPE: Nodes	event: Nodes (enable actions as needed)	N/A
Events: CAPE: Policies	device: Zones event: Nodes, Policies (enable actions as needed)	N/A
Events: Processing: Mechanizations	event: Mechanizations (enable actions as needed)	N/A
Events: Processing: Meta Events	event: Events, MetaEvents (enable actions as needed)	N/A
Events: Processing: Watcher Policies	event: Events, WatcherPolicies (enable actions as needed) notification: Profiles, Templates	N/A
Events: Conversions	event: DisplayConversions (enable actions as needed)	N/A
Events: Custom Event Fields	event: CustomEventFields (enable actions as needed)	N/A
Events: Displays	AAA: UserGroups, Users event: Displays (enable actions as needed)	N/A
Events: Filters	AAA: UserGroups, Users event: Displays, Filters (enable actions as needed)	N/A
Events: Filter Groups	AAA: UserGroups, Users event: FilterGroups (enable actions as needed), Filters	N/A
Events: Menus	AAA: UserGroups event: Menus (enable actions as needed), Tools	N/A
Events: Supervised Correlations	event: Events, DisplayConversions, MetaEvents, SupervisedCorrelations (enable actions as needed)	N/A
Events: Tools	event: Tools (enable actions as needed)	N/A
Files: Files	AAA: UserGroups, Users file: Files (enable actions as needed), FileTypes	N/A
Files: File Types	file: FileTypes	N/A
Global Properties	core: GlobalProperties (enable actions as needed)	N/A
Graph: Topology: Menus	topology: Menus (enable actions as needed), Tools	N/A
Graph: Topology: Tools	topology: Tools (enable actions as needed)	N/A
Graph: Edges	AAA: UserGroups, Users device: Devices, Groups, Zones diagram: DiagramGroups, Diagrams event: Displays, FilterGroups graph: Edges (enable actions as needed), EdgeTypes, PropertyTypes, Vertices notification: Profiles	N/A
Graph: Edge Types	graph: EdgeTypes (enable actions as needed)	N/A
Graph: Property Types	broker: RenderTypes graph: PropertyTypes (enable actions as needed)	N/A
Graph: Vertices	AAA: UserGroups, Users device: Devices, Groups, Zones diagram: DiagramGroups, Diagrams event: Displays, FilterGroups graph: EdgeTypes, PropertyTypes, Vertices (enable actions as needed) notification: Profiles	N/A
Graph: Vertex Types	graph: VertexTypes (enable actions as needed)	N/A
Links: Links	AAA: UserGroups, Users link: Links (enable actions as needed)	N/A
Links: Link Groups	link: LinkGroups (enable actions as needed), Links	N/A
Metrics: Thresholds: Abnormal Profiles	metric: AbnormalProfiles (enable actions as needed)	N/A
Metrics: Thresholds: Thresholds	metric: Measurements, Thresholds (enable actions as needed), ThresholdTypes	N/A
Metrics: Thresholds: Threshold Groups	metric: ThresholdGroups (enable actions as needed), Thresholds	N/A
Metrics: Calculations	metric: Calculations (enable actions as needed), Collections	N/A
Metrics: Collections	metric: Collections (enable actions as needed)	N/A
Metrics: Display Instances	device: Devices metric: DisplayInstances (enable actions as needed), Instances	N/A
Metrics: Instances	device: Devices metric: Instances (enable actions as needed)	N/A
Metrics: Metrics	device: Devices metric: Instances, Metrics (enable actions as needed), Thresholds, Types	N/A
Metrics: Metric Groups	metric: MetricGroups (enable actions as needed), Types	N/A
Metrics: Metric Types	metric: MetricGroups, Types (enable actions as needed)	N/A
Metrics: Overview Categories	metric: Categories (enable actions as needed), Types	N/A
Metrics: Poller Templates	metric: PollerTemplates (enable actions as needed), Types	N/A
Metrics: Polling Assignments	metric: PollerTemplates, PollingAssignments (enable actions as needed), ThresholdGroups	N/A
Metrics: Polling Policies	device: Categories, MetaTypes, Types metric: PollerTemplates, PollingPolicies (enable actions as needed), Threshold Groups	N/A
Metrics: Transactions	metric: Transactions (enable actions as needed), Types	N/A
Microservices: Installed	microservice: Deploy (enable actions as needed)	N/A
Microservices: Helmcharts	microservice: Catalogs	N/A
Microservices: Helmcharts: Deploy	microservice: Clusters, Deploy (also enable create)	Required to deploy a microservice, when you select a Helm chart and click the Deploy button.
Microservices: Workloads	microservice: Workload	The navigation menu options under Workloads open different views of the same table. The Workload permission grants access to all of them.
Notifications: Profiles	notification: Profiles (enable actions as needed)	N/A
Notifications: Templates	notification: Templates (enable actions as needed)	N/A
Reports: Profiles	notification: Profiles, Templates report: Profiles (enable actions as needed)	N/A
Reports: Reports	AAA: UserGroups, Users dashboard: Dashboards report: Profiles, Reports (enable actions as needed)	N/A
Rules	rule: Rules (enable actions as needed)	N/A
Service Management	AAA: UserGroups, Users device: Devices event: Events, MetaEvents metric: Thresholds SLM: ServiceFilters (enable actions to match Services), ServiceMetrics (enable actions to match Services), Services (enable actions as needed)	N/A
TL1: Elements	gateway: Elements (enable actions as needed), Gateways	N/A
TL1: Gateways	device: Devices gateway: Elements, Gateways (enable actions as needed)	N/A
Vision: Menus	AAA: UserGroups vision: Menus (enable actions as needed), Tools	N/A
Vision: Tools	vision: Tools (enable actions as needed)	N/A

The Analytics menu has a simpler style of permissions than the other UIs. There are fewer permissions, and you do not enable specific actions for them. The UIs available from this menu are embedded OpenSearch dashboards.

All options in this menu require the analyticsNavigation: Analytics permission and use permissions as follows:

For Events:
- eventAnalytics: Admin: Grants access to every UI.
- eventAnalytics: Operator: Grants access to every UI except the Console and Management UIs under Administration.
- eventAnalytics: Viewer: Does not grant access to the UIs through the navigation menu. Viewers can access the UIs by navigating directly to their URLs. You can also use the Configuration: Links UI to create Unified Assurance links to an analytics UI, and set it in the DefaultLink setting in the user or user group preferences. The analytics UI will load automatically when the user logs in.
For Flow, any permission under flowAnalytics (Admin, Operator, or Viewer) grants access to the Dashboards option.

Within the OpenSearch dashboards, roles with the Viewer permission can only view dashboards. The Admin and Operator permissions grant full access to the options in the OpenSearch Dashboards menu and control over dashboards.
For Metrics:
- metricAnalytics: Admin: Grants access to every UI.
- metricAnalytics: Operator: Grants access to the following UIs:
  - Alerting
    - List
    - Notifications
  - Dashboard
  - Playlists
- metricAnalytics: Viewer: Does not grant access to the UIs through the navigation menu. Viewers can access the UIs by navigating directly to their URLs. You can also use the Configuration: Links UI to create Unified Assurance links to an analytics UI, and set it in the DefaultLink setting in the user or user group preferences. The analytics UI will load automatically when the user logs in.
For Vision:
- vision: Admin: Grants access to the Vision map and settings, including tabs for viewing and adding groups for entities, layers, custom layers, dashboards, and links. Administrators can add these elements to groups to make the elements visible to other users.
- vision: Operator: Grants access to the Vision map and settings, but does not include group tabs, and users can only see their own user information in the Users section.
- vision: Viewer: Grants access to the Vision map and settings, but only includes the View tab for the settings, and users can only see their own user information in the Users section. Viewers can edit their own general settings, but attempting to edit anything in other tables will result in a permission error when they confirm the changes.

Dashboards Permissions Reference

The Dashboards UI requires at least the read action for following permissions:

dashboardNavigation: Dashboards
dashboard: Dashboards, DashboardGroups

These permissions grant access to the dashboard list and individual dashboards, but in order to see meaningful data in dashboards, roles need additional permissions. The required permissions depend on the dashboard and panels.

For example, to let users create an adhoc event dashboard and see data in it, their role would need the read action for at least the Displays, Events, FilterGroups, and Filters permissions from the event package. It might also include DisplayConversions, CustomEventFields, and Menus.

See Configuration Menu Permissions Reference for permissions required when configuring dashboard panels and Creating an Event List, Diagram, and Dashboard Viewer Role for an example of the permissions needed for a more complex dashboard viewer role.

Devices Permissions Reference

The Devices UI requires at least the read action for the following permissions:

dashboard: Dashboards
device: Devices, DeviceViews, Groups, Zones
deviceNavigation: Devices
event: Displays, Events, FilterGroups, Filters
graph: Graphs, NodeDetails
metric: AllMetricsOverview, AvailabilityData, Metrics, PerformanceData, Thresholds
topology: NetworkDetails

Diagrams Permissions Reference

The Diagrams UI requires at least the read action for the following permissions:

diagram: DiagramGroups, Diagrams, Menus, Widgets
diagramNavigation: Diagrams

These permissions grant access to the diagram list and individual diagrams, and enable any menus and widgets configured in diagrams. In order to see meaningful data in diagrams or access other UIs linked in diagrams, roles may need additional permissions. The required permissions depend on the diagram and widgets. For example:

If a diagram includes metric widgets, the role will need metric and device permissions.
If a widget includes a menu that uses the Network Details tool, the role will need access to dashboards and the data on the panels of the default Network Details dashboard.

Events Permissions Reference

The Events UI requires at least the read action for the following permissions:

device: Devices, DeviceViews
event: Displays, Events, FilterGroups, Filters, Menus, Tools (hybrid tools also require the execute action)
eventNavigation: Events
metric: Metrics, PerformanceData

Links Permissions Reference

The Links UI requires the read action for the linkNavigation: Links permission.

Note:

The permissions in the link package grant access to the link management in the Configuration menu. Roles do not need these permissions to see and access links in the Links UI.

Logs Permissions Reference

The Logs UI requires the logNavigation: Logs permission.

Services Permissions Reference

The Services UI requires at least the read action for the following permissions:

event: Displays, Events
metric: Metrics, PerformanceData, Thresholds
SLM: Dashboards, ServiceFilters, ServiceMetrics, Services, ServiceViews
SLMNavigation: NavServices

User Profile Permissions Reference

The user profile UI, shown in the main navigation menu as the name of the user who is logged in, requires at least the read action for the following permissions:

AAA: Preferences, UserProfiles, UserProperties

To let users update their profile and preferences, enable the update action as well.

Title and Copyright Information

Security Guide

G18219-01