Understand People Roles and Permissions

When you add a person to the Conductor, the person's role, and whether the person is a manager or member of an overlay, controls whether they have access to create, edit, or view overlay networks and their Airwall Edge Services and devices.

The Conductor supports the following people roles, with the following default permissions. You can also fine-tune permissions for System and Network Administrators. See Customize Permissions for System and Network Administrators:
  • System Administrator - Designed for administrators who may need to perform all Conductor functions. By default, a system administrator can edit all Airwall Edge Services in the system and is a de facto editor of all Airwall Edge Services and overlay networks. Depending on granular user permissions, a system administrator can modify other users' permissions, edit system-level configuration (such as SMTP, Conductor HA pairing, remote syslog), create cloud Airwall Gateways, and upgrade the Conductor firmware.
  • Network Administrator - Designed for administrators who need to manage and potentially modify existing overlay networks, Airwall Gateways and devices. Depending on granular user permissions, a network administrator can view and edit unassigned (not part of an overlay network) Airwall Edge Services, revoke and delete Airwall Edge Services, and provision and manage Airwall Edge Services. A network administrator cannot create new users or overlay networks or edit system configuration.
  • Read-only System Administrator - Designed for administrators who need to monitor overlay networks, Airwall Gateways, and device information, but who do not have a need to modify configurations. A read-only system administrator can view all Airwall Edge Services in the system and is a de facto viewer of all overlay networks. A read-only system administrator can also run reports and perform diagnostic functions on the Conductor and Airwall Edge Services.
  • Remote Access User - This role is for people who need access to an Airwall secure network through an Airwall Agent or Server. This user can only modify their account email and password. Remote access users can also view the remote access portal where they can see any activation codes assigned to them, a list of remote devices they have access to, and a list of the Airwall Edge Services assigned to them.
This table shows the default permissions. To customize these permissions, see Customize Permissions for System and Network Administrators
Task System Administrator Network Administrator Read-only System Administrator Remote Access User
Manage users

Create
                                    Modify
                                    Delete

 Modify own email and password View all users. Modify own email and password

Modify own email and password
Manage Conductor settings Configure (with permissions) Not available View Not available
Manage overlay networks

Create
                                    Modify
                                    Delete

View
                                    Modify

 View Not available
Manage Airwall Edge Services

Add
                                    Modify
                                    Delete

Add (with permissions)
                                    Modify
                                    Delete

 View Not available
Manage devices

Add
                                    Modify
                                    Delete

Add
                                    Modify
                                    Delete

 View Not available
Manage firmware updates

Download
                                    Update
                                    Publish

 Update Not available Not available
See Also: