Role settings
Citrix SD-WAN Orchestrator service allows providers and customers to create custom roles and provide access to specific features. Custom roles help to set up role-based access to manage different aspects of their network.
Only the users with Provider-Master-Admin-All or Customer-Master-Admin-All role can create custom roles.
Users with the Provider-Master-Admin-All role can create and assign custom roles at the customer level. The customer administrators can assign these custom roles created by the provide administrator to its users.
To create a custom role, navigate to Administration > Role Settings and click New Custom Role.
Provide a name and description for the custom role. If you are a provider administrator, then choose the scope of the custom role.
- Provider: The custom role can only be assigned to users at the provider level.
- Customer: The custom role is created at the provider level but can only be assigned to users at the customer level.
Choose the access associated with the features and categories.
- Full Access: Provides access to view and edit the configuration.
- Read Only: Provides access to view the configuration.
- No Access: Does not provide access to view or edit the configuration.
The following is an example where a custom role is created at the provider level:
The following is an example where a custom role is created at the customer level:
The features available at the provider, network, and site level are different. The following is the list of features, categories, and the corresponding GUI pages available at the provider level:
| Feature | Category | GUI Pages |
|---|---|---|
| Base Msp | CONFIG | Dashboard, Alerts, Usage, Inventory, Announcements |
| Site | CONFIG | Site Profile Templates, WAN Link Templates |
| Troubleshooting | CONFIG | Audit Logs, Device Logs |
| User Settings | CONFIG | User Settings, Role Settings |
| Licensing | CONFIG | Licensing, License Usage Insights |
The following is the list of features, categories, and the corresponding GUI pages available at the customer level:
| Feature | Category | GUI pages |
|---|---|---|
| Base Customer | CONFIG | Dashboard, Network Home |
| Base Network | CONFIG | Delivery Services Internet / Intranet / Virtual Paths, Bandwidth Allocation, Dynamic Virtual Paths, Network Location Service, Intermediate Nodes, Interlink Communication, Link Sensitive profile, DNS Servers, proxy Auto Config |
| Base Network | REPORT | Usage, WiFi, Quality, Historical Statistics, O365 Metrics, ADM Events |
| Base Security | CONFIG | IPSec Encryption profiles, Network Security, SSID Profiles, Radius Profiles, Firewall Zones, Firewall Defaults, Firewall Policies, Security Profiles, SSL Inspection, Intrusion Prevention, Virtual Path IPSec, Certificates, Hosted Firewall |
| Customer Admin | CONFIG | Alerts |
| Customer Admin | REPORT | Inventory |
| UTM | REPORT | WebFiltering, AntiMalware, Intrusion Prevention, SSL Inspection |
| HDX | REPORT | HDX Sites, HDX Users, HDX Sessions |
| QoS | CONFIG | QoS Policies, QoS Profiles |
| QoS | REPORT | QoS |
| Appliance | REPORT | Realtime Statistics, Realtime Flows, Realtime Firewall Connections |
| Cloud Direct | REPORT | Cloud Direct |
| Application Quality | CONFIG | App Quality profiles, App Quality Config |
| Application Quality | REPORT | Application Quality |
| Advance Delivery Service | CONFIG | Zscaler / Secure Internet Access |
| Routing | CONFIG | Routing Policies, Routing Domains, Import Route Profiles, Export Route Profiles |
| Site | CONFIG | Regions, Custom Groups, IP Groups, Profiles & Templates |
| Apps | CONFIG | Custom Apps, App Groups, Application Settings |
| WAN opt | CONFIG | WAN Optimization features, WAN Optimization Tuning, WAN Optimization Apps, WAN Optimization App Groups, WAN Optimization Rules |
| Troubleshooting | CONFIG | Audit Logs, Device Logs, Diagnostics |
| User Settings | CONFIG | User Settings, Role Settings |
| Licensing | CONFIG | Licensing, License Usage Insights |
The following is the list of features, categories, and the corresponding GUI pages available at the site level:
| Feature | Category | GUI pages |
|---|---|---|
| Site | CONFIG | Dashboard, Alerts, Advance Settings Delivery Services, Advance Settings DHCP, Advance Settings DNS Settings, Advance Settings NAT, Advance Settings Dynamic Routing, Advance Settings Multicast Groups, Advance Settings LAG, Advance Settings VRRP, Advance Settings WAN Optimization, Site Configuration, Advance Settings ARP, Advance Settings Prefix Delegation Group |
| Base Network | CONFIG | Advance Settings NDP, Advance Settings Fallback Configuration |
| Base Network | REPORT | Usage, Quality, Historical Statistics, O365 Metrics, WAN Link Metering |
| QoS | REPORT | QoS |
| Appliance | REPORT | Realtime Statistics, Realtime Flows, Realtime Firewall Connections, Realtime Routing Protocols, Realtime DHCP Server & Relay, Realtime IGMP, Realtime VRRP, Realtime PPPoE, Realtime DNS, Realtime IPSec, Appliance Reports |
| Cloud Direct | REPORT | Cloud Direct |
| Appliance | CONFIG | Appliance Settings, WAN Optimization Settings |
| Troubleshooting | CONFIG | Audit Logs, Device Logs, STS Bundles |
Once the custom role is successfully created, you can assign the custom role while creating users. Select the newly created custom role from the Role drop-down list under Administration > User Settings.