Skip to main content

 

 

Cisco Defense Orchestrator

Defense Orchestrator User Roles

There are three types of user roles in Cisco Defense Orchestrator (Defense Orchestrator): Super Admin, Admin, and Read-only. A Defense Orchestrator user may have access to more than one tenant. When that user logs in to a tenant, their actions are governed by their role. A user may have a read-only role on one tenant and a Super Admin role on another. When the interface or the documentation refers to a Read-only user, an Admin user, or a Super Admin user we are describing that user's permission level on a particular tenant. We are not describing that user's permission level on all of the tenants they may have access to.

Read-only Role

Users with the read-only role can view any page or any setting in Defense Orchestrator. Read-only users can search and filter the contents of any page. They can compare device configurations, view the change log, and see VPN mappings. They will see every warning regarding any setting or object on any page. They can also generate and refresh their own API tokens. Users with the read-only role can contact support through our interface and can export a change log. 

Read-only users cannot create, update, configure, or delete anything on any page. They cannot onboard devices. Read-only users can revoke their own token. Once they revoke their token, they cannot recreate it. They can step-through the tasks needed to create something like an object or a policy but they will not be able to save it. Read-only users see the same messages as Admins. If read-only users tried to create and save an object, for example, they would receive the message "Object failed to save. Please correct any invalid values and try again." when, in fact, they cannot save any object.

A user assigned the read-only role sees this blue banner on every page: read-only-user-banner.png and they are identified by their role in the User Management table. 

Admin Role

User assigned the Admin role have complete access to all aspects of Defense Orchestrator. They can create, read, update, and delete any object or policy in Defense Orchestrator and configure any setting. They can onboard devices. Admin users cannot create Defense Orchestrator user records. Admin users are identified by their role in the User Management table. 

Super Admin Role

Users assigned the Super Admin role have complete access to all aspects of Defense Orchestrator. They can create, read, update, and delete any object or policy in Defense Orchestrator and configure any setting. They can onboard devices. In addition, they can create user records and change user roles. Super Admin users are identified by their role in the User Management table.