Skip to main content

Getting Started with the Illumio Console

  • Getting Started with the Illumio Console
  • Scopes
  • Roles with Custom Scopes

Roles with Custom Scopes

You can apply the following roles to specific scopes. These roles are called Scoped Roles.

Role

Granted Access

Ruleset Manager

  • Add, edit, and delete all policies (rulesets) within the specified scope.

  • Add, edit, and delete rules when the destination matches the specified scope. The rule source can match any scope.

Limited Ruleset Manager

  • Add, edit, and delete all policies (rulesets) within the specified scope.

  • Add, edit, and delete rules when the destination and source match the specified scope.

  • Ruleset Managers with limited privileges cannot manage rules that use IP lists, custom iptables rules, user groups, label groups, iptables rules as sources, or have internet connectivity.

Ruleset Provisioner

Provision policies (rulesets) within the specified scope.

Ruleset Viewer

Read-only access to policies (rulesets) within the specified scope. Cannot edit policies or rules.

Workload Manager

Manage workloads and pairing profiles within the specified scope. Read-only access provided to all other resources.