Alignment of RBAC Models of Security Cloud Control Firewall Management and Catalyst SD-WAN Manager

User roles in Catalyst SD-WAN Manager and Security Cloud Control Firewall Management operate independently, with each role defined by its specific responsibilities. However, the RBAC (Role-Based Access Control) models across these platforms are aligned to ensure consistent and seamless user actions.

A user with elevated permissions in Security Cloud Control may still encounter restrictions if their role in Catalyst SD-WAN Manager has lower permissions, and vice versa.

Attempting to save changes in Security Cloud Control without appropriate permissions in Catalyst SD-WAN Manager will result in errors. For example: a user assigned the 'Super Admin' role in Security Cloud Control will be unable to save NGFW security policies changes to Catalyst SD-WAN Manager if they are assigned the 'Operator' role in the latter.

The table below outlines the access permissions for various combinations of user roles in Catalyst SD-WAN Manager and Security Cloud Control.

Security Cloud Control Role Name	Catalyst SD-WAN Manager Role Name	Allowed Actions
Read Only	Operator	- Allowed read-only access in Security Cloud Control - Allowed read-only access in Catalyst SD-WAN Manager
VPN Sessions Manager	Operator	- Allowed read-only access in Catalyst SD-WAN Manager
Administrator	security_operations	- Allowed to create/edit security policies in Security Cloud Control - Allocated SecOps user role in Catalyst SD-WAN Manager
Super Administrator	security_operations	- Unrestricted access to all functions in Security Cloud Control - Allocated SecOps user role in Catalyst SD-WAN Manager
Deploy Only	Operator	- Not allowed to create/edit security policies in Security Cloud Control - Allowed read-only access in Catalyst SD-WAN Manager
Edit Only	security_operations	- Not allowed to onboard or deboard Catalyst SD-WAN Manager - Unrestricted access to all functions in Security Cloud Control - Allocated SecOps user role in Catalyst SD-WAN Manager