Citrix SD-WAN Orchestrator

Role settings (Preview)

Citrix SD-WAN Orchestrator service allows providers and customers to create custom roles and provide access to specific features. Custom roles help to set up role-based access to manage different aspects of their network.

Only the users with Provider-Master-Admin-All or Customer-Master-Admin-All role can create custom roles.

Users with the Provider-Master-Admin-All role can create and assign custom roles at the customer level. The customer administrators can assign these custom roles created by the provide administrator to its users.

To create a custom role, navigate to Administration > Role Settings and click New Custom Role.

Provide a name and description for the custom role. If you are a provider administrator, then choose the scope of the custom role.

  • Provider: The custom role can only be assigned to users at the provider level.
  • Customer: The custom role is created at the provider level but can only be assigned to users at the customer level.

Choose the access associated with the features and categories.

  • Full Access: Provides access to view and edit the configuration.
  • Read Only: Provides access to view the configuration.
  • No Access: Does not provide access to view or edit the configuration.

The following is an example where a custom role is created at the provider level:

Role settings at the provider level

The following is an example where a custom role is created at the customer level:

Role settings

The features available at the provider, network, and site level are different. The following is the list of features, categories, and the corresponding GUI pages available at the provider level:

Feature Category GUI Pages
Base Msp CONFIG Dashboard, Alerts, Usage, Inventory, Announcements
Site CONFIG Site Profile Templates, WAN Link Templates
Troubleshooting CONFIG Audit Logs, Device Logs
User Settings CONFIG User Settings, Role Settings
Licensing CONFIG Licensing, License Usage Insights

The following is the list of features, categories, and the corresponding GUI pages available at the customer level:

Feature Category GUI pages
Base Customer CONFIG Dashboard, Network Config Home
Base Network CONFIG Delivery Services Internet / Intranet / Virtual Paths, Service & bandwidth, Dynamic Virtual Paths, Network Location Service, Intermediate Nodes, Interlink Communication, Link Sensitive profile, DNS Servers, proxy Auto Config
Base Network REPORT Usage, WiFi, Quality, Historical Statistics, O365 Metrics, ADM Events
Base Security CONFIG IPSec Encryption profiles, Network Security, SSID Profiles, Radius Profiles, Firewall Zones, Firewall Defaults, Firewall Policies, Security Profiles, SSL Inspection, Intrusion Prevention, Virtual Path IPSec, Certificates, Hosted Firewall
Customer Admin CONFIG Alerts
Customer Admin REPORT Inventory
UTM REPORT WebFiltering, AntiMalware, Intrusion Prevention, SSL Inspection
HDX REPORT HDX Sites, HDX Users, HDX Sessions
QoS CONFIG QoS Policies, QoS Profiles
QoS REPORT QoS
Appliance REPORT Realtime Statistics, Realtime Flows, Realtime Firewall Connections
Cloud Direct REPORT Cloud Direct
Application Quality CONFIG App Quality profiles, App Quality Config
Application Quality REPORT Application Quality
Advance Delivery Service CONFIG Zscaler / Secure Internet Access
Routing CONFIG Routing Policies, Routing Domains, Import Route Profiles, Export Route Profiles
Site CONFIG Regions, Custom Groups, IP Groups, Profiles & Templates
Apps CONFIG Custom Apps, App Groups, Application Settings
WAN opt CONFIG WAN Optimization features, WAN Optimization Tuning, WAN Optimization Apps, WAN Optimization App Groups, WAN Optimization Rules
Troubleshooting CONFIG Audit Logs, Device Logs, Diagnostics
User Settings CONFIG User Settings, Role Settings
Licensing CONFIG Licensing, License Usage Insights

The following is the list of features, categories, and the corresponding GUI pages available at the site level:

Feature Category GUI pages
Site CONFIG Dashboard, Alerts, Advance Settings Delivery Services, Advance Settings DHCP, Advance Settings DNS Settings, Advance Settings NAT, Advance Settings Dynamic Routing, Advance Settings Multicast Groups, Advance Settings LAG, Advance Settings VRRP, Advance Settings WAN Optimization, Site Configuration, Advance Settings ARP, Advance Settings Prefix Delegation Group
Base Network CONFIG Advance Settings NDP, Advance Settings Fallback Configuration
Base Network REPORT Usage, Quality, Historical Statistics, O365 Metrics, WAN Link Metering
QoS REPORT QoS
Appliance REPORT Realtime Statistics, Realtime Flows, Realtime Firewall Connections, Realtime Routing Protocols, Realtime DHCP Server & Relay, Realtime IGMP, Realtime VRRP, Realtime PPPoE, Realtime DNS, Realtime IPSec, Appliance Reports
Cloud Direct REPORT Cloud Direct
Appliance CONFIG Appliance Settings, WAN Optimization Settings
Troubleshooting CONFIG Audit Logs, Device Logs, STS Bundles

Once the custom role is successfully created, you can assign the custom role while creating users. Select the newly created custom role from the Role drop-down list under Administration > User Settings.

Role settings (Preview)