Users who can log in to WatchGuard Cloud to view and manage account information and configure services are called operators. Your operator role determines what information you can see and what actions you can take within your own account or managed accounts.
There are different operator roles for Subscriber accounts and Service Provider accounts.
Operators are separate from licensed users of services such as AuthPoint. They do not require a license and can only log in to WatchGuard Cloud. A separate user account must be created for any operator who uses a security service.
You add and manage the operators for your account on the My Account page in WatchGuard Cloud.
Subscriber Operator Roles
There are four operator roles for Subscriber accounts:
- Administrator — Administrators have full permissions within their Subscriber account and managed services. They can add custom branding options to the account. They are the only Subscriber operators who can add, edit, and delete other operators.
- Analyst — Analysts have full permissions to configure services and read-only permission everywhere else.
- Observer — Observers have read-only permission throughout their account.
- No Access — Operators who have the No Access role cannot log in to WatchGuard Cloud until they are assigned a different role.
If you add an operator to a Subscriber account, the new operator can only log into WatchGuard Cloud (cloud.watchguard.com), not Support Center.
Service Provider Operator Roles
There are five operator roles for Service Provider accounts:
- Owner — Owners have full permissions within their Service Provider account and managed services. They can add custom branding options to the account. They are the only Service Provider operators who can add, edit, and delete operators for their account.
- Sales — Sales operators have full permissions for inventory and account management, but read-only permission for configure services and operators.
- Helpdesk — Helpdesk operators have full permissions to configure services and read-only permission everywhere else.
- Auditor — Auditors have read-only permission throughout their Service Provider account.
- No Access — Operators who have the No Access role cannot log in to WatchGuard Cloud until they are assigned a different role.
Role Mapping
Because different operator roles are available for Service Providers and Subscribers, when Service Providers look at a Subscriber account, their permissions are mapped to the relevant Subscriber operator role.
This is called role mapping, and it is when the permissions of the Service Provider operator are mapped to the permissions of a Subscriber operator role. Role mapping occurs when a Service Provider operator looks at the Subscriber account for a managed account or their own Subscriber account.
| Service Provider Role | Mapped Subscriber Role |
|---|---|
| Owner | Administrator |
| Sales | Observer |
| Helpdesk | Analyst |
| Auditor | Observer |
Tier-1 Account Operators
For tier-1 accounts, operators are the users on your account in the WatchGuard Portal. By default, when you add a user to your account in the WatchGuard Portal, that user is given the No Access operator role for WatchGuard Cloud.
If you have a tier-1 account, you manage your operators in the Support Center. From WatchGuard Cloud, you can only see the operators on your account and change their role.
For more information, see Manage User Account Permissions in the WatchGuard Portal and Manage User Accounts in the WatchGuard Portal.
In the WatchGuard Portal, the WatchGuard Cloud permissions sets the operator role in WatchGuard Cloud and Threat Detection and Response (TDR).
Add Operators to Managed Accounts