Riverbed Console Built-in Roles

This reference lists every built-in Role-Based Access Control (RBAC Role-Based Access Control) role in Riverbed Console and summarizes what each role allows. Use it when you need a single checklist of role names and scope.

To learn how RBAC controls the UI User Interface. The visual components and controls that users interact with to access features and manage the system., how Contributor, Operator, and Reader naming works, and how access is evaluated, see Role-Based Access Control. To assign roles to user accounts, see User Management. For a UI-area view that maps read, write, and administrative access to major product areas, see User Role Definitions.

Note: You can assign multiple user roles to a single user. For example, a single user can have both a platform role and a PCM role.

Role	Area	Description
Audit Reader	Audit	Read-only access to platform audit logs.
Schedule Contributor	Scheduling	Full scheduling management. Create and manage schedules, and use the related scheduling context (for example, scheduled runbooks, automation runbooks, edge devices, and integration profiles) needed to build and maintain schedules.
Schedule Reader	Scheduling	Read-only scheduling access. View schedules, references, scheduled runbooks, automation runbooks, edge devices, and integration profiles needed to review scheduling.
Automation Contributor	Automation	Full automation management. Manage runbooks and rules, runbook outputs, and related context (for example, edge devices, integration profiles, connectors, and datastore information) needed for automation.
Automation Operator	Automation	View and run automation runbooks. Read rules and outputs. Use related read-only context (for example, edge devices, integration profiles, connectors, and datastore information). Cannot change runbook or rule definitions.
Integration Contributor	Integrations	Manage authentication profiles and connectors. Verify profiles. Install, upgrade, and uninstall integrations. Read automation runbooks when needed for integration work.
Integration Reader	Integrations	Read-only access to authentication profiles, integrations, connectors, and automation runbooks where needed to review integration configuration.
IQ Product abbreviation for the AI-Ops platform that provides intelligent operations and automation capabilities. Ops Operator	IQ Ops	Read-only access to IQ Ops indicators and metrics.
User Access Administrator	User management	Invite users and manage users, roles, and domains. Does not grant access to product resources or features outside user management.
Tenant Administrator	Tenant settings	Manage third-party application registration and credentials, edge devices and cloud-init, and tenant-level datastore datasources. Tenant datastore administration is not covered by Workspaces roles. Assign the Tenant Administrator role for that work.
PCM Admin	PCM	Manages capture profiles A configuration template that defines packet capture parameters., storage profiles A configuration that defines where the Packet Capture Module stores PCAP files, specifying the storage type and connection details for customer-managed repositories., and global settings. Can view device information and capture job Writes network packets to local disk for continuous or on-demand captures. status, but cannot manage capture jobs or perform harvests The process of retrieving PCAP files from Packet Capture Module devices and transferring them to a customer-provided repository for analysis..
PCM Operator	PCM	Full access to all PCM features, including managing capture jobs, performing harvests, and configuring profiles and settings.
PCM Harvester	PCM	Can view device information and capture job status, and can perform harvests. Cannot manage capture jobs, profiles, or settings.
Workspace Contributor	Workspaces	Create, read, update, and delete workspaces. Run datastore queries. Read datasources and datastore information.
Workspace Operator	Workspaces	Read workspaces. Run datastore queries. Read datasources and datastore information.
Data Forensics Contributor	Data forensics	Create, read, update, and delete data forensics workflows. Run datastore queries. Read datasources and datastore information.
Data Forensics Operator	Data forensics	Read data forensics workflows. Run datastore queries. Read datasources and datastore information.

PCM features available by role

Each PCM role maps to a defined set of capabilities in the Packet Capture Module Web UI. Those capabilities control which features appear and which actions are available. The following table shows feature access for the three PCM roles.

PCM Feature	PCM Operator	PCM Harvester	PCM Admin
Capture Features
View device list and search	✓	✓	✓
View capture job status	✓	✓	✓
View harvest history	✓	✓	✓
Create capture jobs	✓	❌	❌
Start capture jobs	✓	❌	❌
Stop capture jobs	✓	❌	❌
Edit/rename capture jobs	✓	❌	❌
Delete capture jobs	✓	❌	❌
Perform harvests	✓	✓	❌
Management Features
View capture profiles	✓	❌	✓
Create/edit/delete capture profiles	✓	❌	✓
View storage profiles	✓	❌	✓
Create/edit/delete storage profiles	✓	❌	✓
View global settings	✓	❌	✓
Configure global settings	✓	❌	✓

Workspaces and data forensics features available by role

The following table summarizes how Workspace Contributor, Workspace Operator, Data Forensics Contributor, and Data Forensics Operator map to common Workspaces and data forensics capabilities. Some screens may require more than one role. The UI enforces the effective access for the signed-in user.

Capability	Workspace Contributor	Workspace Operator	Data Forensics Contributor	Data Forensics Operator
View workspace list and open workspaces	✓	✓	❌	❌
Create, edit, or delete workspaces	✓	❌	❌	❌
Run datastore queries in supported contexts	✓	✓	✓	✓
View datasources and datastore information used for analysis	✓	✓	✓	✓
View data forensics workflows	❌	❌	✓	✓
Create, edit, or delete data forensics workflows	❌	❌	✓	❌