Built-in Roles and Permissions
The following table lists all the permissions that are available to users in the first column, a brief description of the permission in the second, and the built-in roles to which they apply in the remaining three columns.
Roles and Permissions Table
| Permission Name | Permission Description | Organization Admin | Account Admin | Regular User |
|---|---|---|---|---|
Accept inbound live shares | Be able to accept a live share of a test | x | x | |
Administer WAN Insights * | Be able to make changes to administer WAN Insights | x | x | |
API access | Full API access based on user permissions | x | x | x |
Assign agent to account group | Creating agents in and sharing agents to an account group | x | ||
Assign email address of users to alerts | Add subscriber emails to alerts | x | x | |
Assign management permissions | Assign management permissions | x | ||
Be able to view my own saved events | Be able to view events saved by me | x | x | x |
Can add or modify tests to consume over 100% resources | Ability to create and modify tests that would consume more than the purchased resource amount. This permission would only apply if your account has overage enabled. | x | x | |
Connected Devices Data API access | Be able to access Connected Devices Data API. | x | x | |
Connected Devices Instant Test API access | Be able to access Connected Devices Instant Test API. | x | x | |
Connected Devices Metadata API access | Be able to access Connected Devices Metadata API. | x | x | |
Connected Devices Test Schedule Move API access | Be able to access Connected Devices Test Schedule Move API. | x | x | |
Create live shares for inside the organization | Be able to create live shares to share with other account groups in the organization | x | x | |
Create live shares for outside the organization | Be able to share data with other organizations | x | x | |
Create saved events | Be able to save an event within views | x | x | x |
Create snapshot shares | Be able to create and share a snapshot within views | x | x | x |
Create web transaction tests | Be able to create a web transaction tests that records various transactions during a webpage interaction. The Edit tests permission is also required for this permission to work. | x | x | |
Delete account | Delete Account Group | x | ||
Download Endpoint Agents | Be able to download a custom endpoint agent installer for the organization to use within different account groups | x | x | |
Edit agent notifications | Be able to edit agent notification rules in agent settings | x | x | |
Edit agents in account group | Be able to modify enterprise agents and their configurations (e.g. proxy settings) in an account group | x | x | |
Edit alert rules | Be able to create and edit the alert rules for a test | x | x | |
Edit alert suppression windows | Be able to configure and edit an alert suppression window | x | x | |
Edit all account groups | Be able to create and edit all account group settings | x | ||
Edit BGP monitors | Be able to create and edit private BGP monitors | x | x | |
Edit Connected Devices agents | Be able to edit Connected Devices agents | x | x | |
Edit Connected Devices agent owners | Be able to edit Connected Devices agent owners | x | x | |
Edit Connected Devices metadata fields | Be able to edit Connected Devices metadata fields | x | x | |
Edit Connected Devices packages | Be able to edit Connected Devices packages | x | x | |
Edit dashboard templates for all users in account group | Be able to edit dashboard templates for all users within an account group | x | x | |
Edit dashboards for all users in account group | Be able to edit dashboards for all users in an account group | x | x | |
Edit default timezone settings | Be able to edit organization-wide timezone settings | x | ||
Edit device notifications | Be able to edit device notifications in device layer view | x | x | |
Edit endpoint agent monitored domain sets | Be able to edit the monitored domain sets by endpoint agents | x | x | |
Edit endpoint agent monitored networks | Be able to edit the monitored networks by endpoint agents | x | x | |
Edit endpoint agent settings | Be able to modify endpoint agents and their configurations in an account group | x | x | |
Edit endpoint tests | Be able to edit endpoint tests | x | x | |
Edit Internet Insights - Catalog settings | Be able to modify catalog entries | x | x | |
Edit labels | Edit labels | x | x | |
Edit live shares sent by all users in account group | Be able to edit the live shares sent by all users in an account group | x | x | |
Edit live shares shared by ThousandEyes | Be able to edit the live shares shared by ThousandEyes | x | x | |
Edit my domains | Be able to write the domains to be monitored | x | x | |
Edit organization and account group quotas | In order to edit quotas, you must also be able to view usage and billing | x | ||
Edit own dashboard templates | Be able to edit your personal dashboard template | x | ||
Edit own live shares | Be able to edit own live shares | x | ||
Edit own report snapshots | Be able to edit report snapshots created by you | x | ||
Edit own reports | Be able to edit your reports created by you | x | ||
Edit own saved events | Be able to edit your own saved events | x | x | |
Edit own saved events for all users in account group | Be able to edit all saved events within an account group | x | x | |
Edit own snapshots | Be able to edit your own snapshots | x | ||
Edit Path Visualization interface groups | Be able to edit interface groups in test views | x | x | |
Edit payment and contact details | Be able to edit the billing information and credit card information | x | ||
Edit roles | Be able to edit the roles. This is a separate tab that will appear in Account Settings to users with this permission | x | ||
Edit security & authentication settings | Be able to modify security and authentication settings. This is a separate tab that will appear to users with this permission | x | ||
Edit snapshots for all users in account group | Be able to edit all snapshots in an account group | x | ||
Edit snapshots shared by all users in account group | Be able to edit all shared snapshots in an account group | x | x | |
Edit streaming integrations | Be able to edit streaming integrations | x | x | |
Edit test templates | Be able to edit test templates | x | ||
Edit tests | Be able to create and edit tests | x | x | |
Edit user email addresses | Be able to edit email addresses of all users | x | x | |
Edit users | Be able to create and edit users in an account group | x | x | |
Edit users in all account groups | Be able to create and edit users in an organization | x | ||
Embed own widgets | Embed your own widgets into other applications | x | ||
Embed widgets for all users in account group | Embed widgets within an account group in other applications | x | x | |
Internet Insights - Catalog settings | Be able to view Internet Insights - Catalog set | x | x | x |
Keep session alive on auto-update | Be able to keep the ThousandEyes session alive during an auto-update | x | x | x |
Login via Single Sign-On | Be able to login by using SSO | x | x | x |
Login via ThousandEyes login page | Be able to login by typing username and password interactively into ThousandEyes | x | x | x |
Set dashboard template as account group default | Be able to set default dashboards for an account group | x | x | |
Set report template as account group default | Be able to set default reports for an account group | x | x | |
View activity log for all users in account group | Be able to view an account group's activity log. The activity log will appear in a new tab within Account Settings for users with this permission | x | x | |
View agent notifications | Be able to receive enterprise agent notifications | x | x | |
View agents in account group | Be able to view Enterprise Agents settings and their configurations (e.g. proxy settings) in an account group | x | x | x |
View alert rules | Be able to view alert rules | x | x | x |
View alert suppression windows | Be able to view alert suppression windows | x | x | x |
View all account groups settings | Be able to view account group settings | x | ||
View all users | Be able to view all users in an organization | x | x | |
View and edit Connected Devices Chart Views and Reports | Be able to view and edit Connected Devices Chart Views and Reports | x | x | |
View BGP monitors | Be able to view all privately created BGP monitors | x | x | x |
View billing | Be able to view the billing tab | x | ||
View Connected Devices agents | Be able to view Connected Devices agents | x | x | |
View Connected Devices Analytics | Be able to view Connected Devices Analytics | x | x | |
View Connected Devices ConstantCare | Be able to view Connected Devices ConstantCare | x | x | |
View Connected Devices Mapping | Be able to view Connected Devices Mapping | x | x | |
View Connected Devices Test Manager | Be able to view Connected Devices Test Manager | x | x | |
View dashboards | Be able to view dashboards | x | x | x |
View device notifications | Be able to receive and view device notifications | x | x | x |
View endpoint agent data | Be able to view endpoint agent data | x | x | x |
View endpoint agent monitored domain sets | Be able to view endpoint agent monitored domain sets | x | x | x |
View endpoint agent monitored networks | Be able to view endpoint agent monitored networks | x | x | x |
View endpoint agent settings | Be able to view endpoint agent settings | x | x | x |
View endpoint data that identifies users | Be able to view endpoint data that identifies users | x | x | x |
View endpoint data that identifies network | Be able to view endpoint data that identifies network | x | x | x |
View endpoint data that identifies endpoint agents | Be able to view endpoint data that identifies endpoint agents | x | x | x |
View endpoint data that identifies visited pages | Be able to view endpoint data that identifies visited pages | x | x | x |
View endpoint tests | Be able to view endpoint tests | x | x | x |
View labels | Be able to view labels within an account group | x | x | x |
View live shares shared by ThousandEyes | Be able to view live shares created by ThousandEyes | x | x | x |
View live sharings from all users in account group | Be able to view live shares in an account group | x | x | |
View my domains | Be able to view my own domains | x | x | x |
View organization usage | Be able to view my organization's units and licenses consumption | x | ||
View own activity log | Be able to view my own activity log | x | ||
View own live shares | Be able to view my own live shares | x | ||
View own snapshots | Be able to view snapshots saved by me | x | ||
View roles | Be able to view the Roles tab within Account Settings | x | ||
View security & authentication settings | Be able to view the security and authentication settings for an organization within Account Settings | x | ||
View sensitive data in web transaction scripts | Be able to view sensitive data in transactions scripts in a transaction test | x | x | |
View snapshots | Be able to view snapshots shared to me in an account group | x | x | x |
View snapshots shared by all users in account group | Be able to view snapshots shared by all users in an account group | x | x | |
View streaming integrations | Be able to view streaming integrations | x | x | x |
View test templates | Be able to view test templates | x | x | x |
View tests | Be able to view the tests created in an account group | x | x | x |
View user activity in all account groups | Be able to view the activity log for the organization within Account Settings | x | ||
View WAN Insights * | Be able to view WAN Insights | x | x | x |
View WAN Insights anonymously * | Be able to view WAN Insights anonymously |
* You will only see WAN Insights permissions on the permissions list on the platform if your organization has activated WAN Insights. For more information, see the WAN Insights documentation.
Related Information
Role-Based Access Control provides an overview of all the user features available under the management interface such as roles, users, user profiles, and organization settings.
Role-Based Access Control, Explained explains how role-based acces control works.
What Is an Account Group explains how to use the account group feature.
Last updated