Access profiles#

Each profile grants a specified set of actions to a user account or group. There are four different types of profiles uou can use for permission assignment. Each profile grants to user or group a specified set of actions. The Administration and Device access profiles contain more granular permissions for further defining their permitted operations.




Full control the domain organization and log. Has more granular permissions to define the role.

Network security

Full control of the firewall configuration.

Device installer

Permitted to associate devices to accessible domain and organization folders.

Device access

Permitted to perform remote device operations, composed of actions and functions that can be performed during the assistance section.

Grant permissions at the level within the domain that is appropriate for the user or group scope. For example, grant Administration permissions at the root level to the organizational administrator. Grant Administration permissions at the folder level for site level administrators.

The Administration profile includes these permissions:



Access users

View all of the user accounts defined for the folder.

Manage users

Create, edit, and delete user accounts and change user permissions.

Manage folders

Create, edit, move, and remove folders.

View connection audit

Access to the connections log.

View operations audit

Access to the administration log.


An administrator with the Access users and Manage users permissions cannot grant or remove permissions that they do not have.


  • An administrator without the Manage folders permission cannot add this permission to their own account and the user accounts they create will not have the right to manage folders

  • An administrator without View connection audit permission will not be able to remove that permission from another user to which the permission has been granted.

The Device Access profile includes this permission:



Network access (VPN)

VPN activation and sub network access; the sub network access can be additionally filtered by applying the firewall policies.