Security Policy Planning Sheet

	C	E	F	G	I	J	K	L	M	N	O	P	Q	R	S	T	U
1							To use this planning sheet, click File > Make a Copy. To plan security policy configuration for different folder levels, on the bottom tab, right-click, and select Duplicate.
2					Security Policy Planning Sheet
3					Security Policy Planning Sheet
4					Last updated 4.27.23 by ControlUp.
5
6
7	For more information on Security Policy configuration, see				Security Policy Overview		DEFAULT USER ROLES cannot be deleted, but can be edited or renamed.
8						Inherit	Local Admins	Organization Members	ControlUp Monitors	Automation Admins	Helpdesk	ControlUp Admins	Custom Role 1	Custom Role 2	Custom Role 3	Custom Role 4	Custom Role 5
9	FOLDER:		ROOT		Action Definition	Inherit	Local Admins	Organization Members	ControlUp Monitors	Automation Admins	Helpdesk	ControlUp Admins	Custom Role 1	Custom Role 2	Custom Role 3	Custom Role 4	Custom Role 5

10		Perform organization-wide actions			Action performed at the organizational level, not in the context of a specific machine, user session, or process.
11			Change Permissions		Modify the access and management permissions for users in your environment. Note: As a security precaution. your organization's owner(s) can always change the permissions		N/A	Not Set	Not Set	Not Set	Not Set	Allow	Not Set	Not Set	Not Set	Not Set	Not Set
12			Change Settings		Modify settings such as: presets, agent, AD Connections, schedule, monitors, Virtual Expert, auditing.		N/A	Not Set	N/A	Not Set	Not Set	Allow	Not Set	Not Set	Not Set	Not Set	Not Set
13			Manage data upload settings		Modify data upload and incident reporting settings on the Data Upload tab of the Settings Window.		N/A	Not Set	Not Set	Not Set	Not Set	Allow	Not Set	Not Set	Not Set	Not Set	Not Set
14			Use Web Application		Launch and use Web Application interface for your organization.		N/A	Not Set	Not Set	Not Set	Not Set	Allow	Not Set	Not Set	Not Set	Not Set	Not Set
15			Manage Web Application		Modify Web Application settings of your organization.		N/A	Not Set	Not Set	Not Set	Not Set	Allow	Not Set	Not Set	Not Set	Not Set	Not Set
16			Edit Stress Settings		Modify who is able to edit the Stress Settings.		N/A	Not Set	Not Set	Not Set	Not Set	Allow	Not Set	Not Set	Not Set	Not Set	Not Set
17			Manage branch mapping settings		Configure the lookup table of client IP addresses to branch office names in the Settings window.		N/A	Not Set	Not Set	Not Set	Not Set	Allow	Not Set	Not Set	Not Set	Not Set	Not Set
18			Configure Incident Triggers		Configure Incident Triggers		N/A	Not Set	Not Set	Not Set	Not Set	Allow	Not Set	Not Set	Not Set	Not Set	Not Set
19			Create Automated Actions		Create Automated Actions		N/A	Not Set	Not Set	Allow	Not Set	Allow	Not Set	Not Set	Not Set	Not Set	Not Set
20			Add Machine		Add a managed machine to the organizational tree view.		N/A	Not Set	Not Set	Not Set	Not Set	Allow	Not Set	Not Set	Not Set	Not Set	Not Set
21			Add Folder		Add a folder in the organizational tree view to arrange similar machines.		N/A	Not Set	Not Set	Not Set	Not Set	Allow	Not Set	Not Set	Not Set	Not Set	Not Set
22			Change Folder Description		Change description for folder.		N/A	Not Set	Not Set	Not Set	Not Set	Allow	Not Set	Not Set	Not Set	Not Set	Not Set
23			Remove Machine		Remove a managed machine from the organizational tree.		N/A	Not Set	Not Set	Not Set	Not Set	Allow	Not Set	Not Set	Not Set	Not Set	Not Set
24			Remove Folder		Remove a folder from the organizational tree view.		N/A	Not Set	Not Set	Not Set	Not Set	Allow	Not Set	Not Set	Not Set	Not Set	Not Set
25			Rename Folder		Rename a machine folder in the organizational tree view.		N/A	Not Set	Not Set	Not Set	Not Set	Allow	Not Set	Not Set	Not Set	Not Set	Not Set
26			Run shared Script Actions		Perform all of the actions in this category on shared Script objects in the current container.		N/A	Not Set	Not Set	Not Set	Not Set	Allow	Not Set	Not Set	Not Set	Not Set	Not Set
27			Run draft Script Actions		Perform all of the actions in this category on draft Script objects in the current container.		N/A	Not Set	Not Set	Not Set	Not Set	Allow	Not Set	Not Set	Not Set	Not Set	Not Set
28			Download and share Script Actions		Download and share Script Actions.		N/A	Not Set	Not Set	Not Set	Not Set	Allow	Not Set	Not Set	Not Set	Not Set	Not Set
29			Manage Script Actions		Manage Script Actions.		N/A	Not Set	Not Set	Not Set	Not Set	Allow	Not Set	Not Set	Not Set	Not Set	Not Set
30			View Folder		View folder in the organizational tree view.		N/A	Allow	Not Set	Not Set	Not Set	Allow	Not Set	Not Set	Not Set	Not Set	Not Set
31			Launch Controllers		Work in Controllers pane. You can only configure this permission on the root folder.		N/A	Not Set	Not Set	Not Set	Not Set	Allow	Not Set	Not Set	Not Set	Not Set	Not Set
32			View Incidents		View Incidents pane.		N/A	Not Set	Not Set	Not Set	Allow	Allow	Not Set	Not Set	Not Set	Not Set	Not Set
33			View Events		View Events pane.		N/A	Not Set	Not Set	Not Set	Allow	Allow	Not Set	Not Set	Not Set	Not Set	Not Set
34			View All Hypervisors		View all hypervisor related objects (VMS. Hosts, and hypervisor connections) in your organization.		N/A	Not Set	Not Set	Not Set	Allow	Allow	Not Set	Not Set	Not Set	Not Set	Not Set
35			Manage All Hypervisors		Create, edit, and delete hypervisor connections in your organization.		N/A	Not Set	Not Set	Not Set	Not Set	Allow	Not Set	Not Set	Not Set	Not Set	Not Set
36			Manage All Cloud Connections		Create, edit, and delete cloud connections in your organization.		N/A	Not Set	Not Set	Not Set	Not Set	Allow	Not Set	Not Set	Not Set	Not Set	Not Set
37			Manage All EUC Environments		Create, edit, and delete EUC Environment connections in your organization.		N/A	Not Set	Not Set	Not Set	Not Set	Allow	Not Set	Not Set	Not Set	Not Set	Not Set
38			Manage All NetScaler Appliances		Create, edit, and delete NetScaler connections in your organization.		N/A	Not Set	Not Set	Not Set	Not Set	Allow	Not Set	Not Set	Not Set	Not Set	Not Set
39			Manage application load time settings		Configure the parameters ControlUp Agent uses when measuring application load times.		N/A	Not Set	Not Set	Not Set	Not Set	Allow	Not Set	Not Set	Not Set	Not Set	Not Set
40			Manage Monitor		Perform management taks for ControlUp Monitors.		N/A	Not Set	Not Set	Not Set	Not Set	Allow	Not Set	Not Set	Not Set	Not Set	Not Set
41			Manage application title settings		Configure the parameters the ControlUp agent uses to monitor the title of active windows.		N/A	Not Set	Not Set	Not Set	Not Set	Allow	Not Set	Not Set	Not Set	Not Set	Not Set
42			Manage browser URL settings		Configure the parameters the ControlUp agent uses to monitor the URLs of browser processes.		N/A	Not Set	Not Set	Not Set	Not Set	Allow	Not Set	Not Set	Not Set	Not Set	Not Set
43			Connect to Data Source		Collect data from an external data source. such as hypervisor, XenDesktop site, NetScaIer appliance, or public cloud.		N/A	Not Set	Not Set	Not Set	Not Set	Allow	Not Set	Not Set	Not Set	Not Set	Not Set
44		▼	Shared Credentials		Perform all actions related to Shared Credentials. Some can be granted only for non-built-in roles.
45			↳	Credentials	Assign permissions for shared credentials in your environment. If you set "Deny" or "Not Set", then a user in this role won't be able to use this permission in any script or automated action. If credentials are configured for a hypervisor. EUC environment, etc. in a specific monitor site, we recommend to set "Alow" only to users from that site.		N/A	Allow	Not Set	Not Set	Not Set	Allow	Not Set	Not Set	Not Set	Not Set	Not Set
46			↳	Manage Shared Credentials	Create, edit, and delete Shared Credentials in your organization. Add the first Shared Credentials: "Monitor Settings", screen -> Choose a monitor in the monitors list -> Click "Settings.." above the monitors list -> Click "Add Credentials Set" -> Keep "Shared" option checked.		N/A	Allow	Not Set	Not Set	Not Set	Allow	Not Set	Not Set	Not Set	Not Set	Not Set
47			↳	Use Shared Credentials	Connect to an organizational tree view connection with Shared Credentials. Can be granted only for non-built-in roles.		N/A	Not Set	Not Set	Not Set	Allow	Allow	Not Set	Not Set	Not Set	Not Set	Not Set
48
49
50		Run Host Actions			Perform all of the actions in this category on Host objects in the current container.
51			Enable Maintenance Mode		Enter a certain host into Maintenance Mode.		N/A	Not Set	Not Set	Not Set	Not Set	Allow	Not Set	Not Set	Not Set	Not Set	Not Set
52			Disable Maintenance Mode		Remove a certain host from Maintenance Mode.		N/A	Not Set	Not Set	Not Set	Not Set	Allow	Not Set	Not Set	Not Set	Not Set	Not Set
53
54
55		Run Machines Actions			Performs all of the actions in this category on machine objects in the current container.
56			Connect to Windows Machine		Connect to Windows machine.		Not Set	Not Set	Not Set	Not Set	Allow	Allow	Not Set	Not Set	Not Set	Not Set	Not Set
57			Change Machine Description		Change description for machine.		N/A	Not Set	Not Set	Not Set	Not Set	Allow	Not Set	Not Set	Not Set	Not Set	Not Set
58			Event Viewer on Remote Machine*		Open the event viewer of the remote machine. *Note: This action requires RPC access and valid administrative credentials on the target machines(s).		N/A	Not Set	Not Set	Not Set	Not Set	Allow	Not Set	Not Set	Not Set	Not Set	Not Set
59			RDP to Machine		Switch to Remote Desktop view and establishes an RDP connection.		N/A	Not Set	Not Set	Not Set	Not Set	Allow	Not Set	Not Set	Not Set	Not Set	Not Set
60		▼	ControlUp Agent Management		Perform all of the actions related to Control Up agent components.
61			↳	Disable Outbound Communication	Disable outbound communication at the selected machine.		N/A	Not Set	Not Set	Not Set	Not Set	Allow	Not Set	Not Set	Not Set	Not Set	Not Set
62			↳	Enable Outbound Communication	Disable outbound communication at the selected machine.		N/A	Not Set	Not Set	Not Set	Not Set	Allow	Not Set	Not Set	Not Set	Not Set	Not Set
63			↳	Install Remote Agent as Master Image*	Install the remote agent as a master image at the selected machine. *Note: This action requires RPC access and valid administrative credentials on the target machine(s).		N/A	Not Set	Not Set	Not Set	Not Set	Allow	Not Set	Not Set	Not Set	Not Set	Not Set
64			↳	Start Remote Agent*	Starts the remote agent at the selected machine. *Note: This action requires RPC access and valid administrative credentials on the target machine(s).		N/A	Not Set	Not Set	Not Set	Not Set	Allow	Not Set	Not Set	Not Set	Not Set	Not Set
65			↳	Stop Remote Agent*	Stops the remote agent at the selected machine. *Note: This action requires RPC access and valid administrative credentials on the target machine(s).		N/A	Not Set	Not Set	Not Set	Not Set	Allow	Not Set	Not Set	Not Set	Not Set	Not Set
66			↳	Restart Remote Agent*	Restart the remote agent at the selected machine. *Note: This action requires RPC access and valid administrative credentials on the target machine(s).		N/A	Not Set	Not Set	Not Set	Not Set	Allow	Not Set	Not Set	Not Set	Not Set	Not Set
67			↳	Remove Remote Agent*	Remove the remote agent from the selected machine. *Note: This action requires RPC access and valid administrative credentials on the target machine(s).		N/A	Not Set	Not Set	Not Set	Not Set	Allow	Not Set	Not Set	Not Set	Not Set	Not Set
68			↳	Upgrade/Install Remote Agent*	Upgrade the remote agent at the selected machine. *Note: This action requires RPC access and valid administrative credentials on the target machine(s).		N/A	Not Set	Not Set	Not Set	Not Set	Allow	Not Set	Not Set	Not Set	Not Set	Not Set
69			↳	Listening Port Remote Agent*	Set the listening port for the remote agent at the selected machine. *Note: This action requires RPC access and valid administrative credentials on the target machine(s).		N/A	Not Set	Not Set	Not Set	Not Set	Allow	Not Set	Not Set	Not Set	Not Set	Not Set
70		▼	VM Power Management		Control power management of virtual machines.
71			↳	Shutdown Guest	Gracefully shut down the virtual machine.		N/A	Not Set	Not Set	Not Set	Not Set	Allow	Not Set	Not Set	Not Set	Not Set	Not Set
72			↳	Force Power Off VM	Forcefully power off the virtual machine.		N/A	Not Set	Not Set	Not Set	Not Set	Allow	Not Set	Not Set	Not Set	Not Set	Not Set
73			↳	Restart Guest	Gracefully restart the virtual machine.		N/A	Not Set	Not Set	Not Set	Not Set	Allow	Not Set	Not Set	Not Set	Not Set	Not Set
74			↳	Force Reset VM	Forcefully reset the virtual machine.		N/A	Not Set	Not Set	Not Set	Not Set	Allow	Not Set	Not Set	Not Set	Not Set	Not Set
75			↳	Power On VM	Power on the virtual machine on the hypervisor infrastructure.		N/A	Not Set	Not Set	Not Set	Not Set	Allow	Not Set	Not Set	Not Set	Not Set	Not Set
76			Enable Remote Assistance in Group Policy		Remove the unsolicited remote assistance restriction on the target machine.		Not Set	Not Set	Not Set	Not Set	Not Set	Allow	Not Set	Not Set	Not Set	Not Set	Not Set
77			Flush DNS		Flush DNS on the selected machine.		Not Set	Not Set	Not Set	Not Set	Not Set	Allow	Not Set	Not Set	Not Set	Not Set	Not Set
78			Install Remote Assistance Feature		Install Remote Assistance Feature.		Not Set	Not Set	Not Set	Not Set	Not Set	Allow	Not Set	Not Set	Not Set	Not Set	Not Set
79		▼	File System		Perform all file-system related actions in this category.
80			↳	Manage File System	Perform actions on file system objects. *Note: This action requires RPC access and valid administrative credentials on the target machine(s).		Not Set	Not Set	Not Set	Not Set	Not Set	Allow	Not Set	Not Set	Not Set	Not Set	Not Set
81			↳	Monitor File System	View, analyze, and compare file-system objects.		Not Set	Not Set	Not Set	Not Set	Not Set	Allow	Not Set	Not Set	Not Set	Not Set	Not Set
82		▼	Group Policy		Perform all group policy-related actions in this category.
83			↳	Refresh Machine Policy	Refresh the machine group policy using the command 'gpupdate.exe /target: machine'		Not Set	Not Set	Not Set	Not Set	Not Set	Allow	Not Set	Not Set	Not Set	Not Set	Not Set
84		▼	Installed Software		View information about the software package currently installed.
85			↳	Display Installed Software	Display information about currently installed programs.		Not Set	Not Set	Not Set	Not Set	Not Set	Allow	Not Set	Not Set	Not Set	Not Set	Not Set
86			↳	Display Installed Updates	Display information about currently installed updates.		Not Set	Not Set	Not Set	Not Set	Not Set	Allow	Not Set	Not Set	Not Set	Not Set	Not Set
87		▼	Power Management		Perform all power management tasks in this category.
88			↳	Shutdown	Shutsdown the selected machine.		Not Set	Not Set	Not Set	Not Set	Not Set	Allow	Not Set	Not Set	Not Set	Not Set	Not Set
89			↳	Reboot	Restart the selected machine.		Not Set	Not Set	Not Set	Not Set	Not Set	Allow	Not Set	Not Set	Not Set	Not Set	Not Set
90			↳	Wake-On-LAN	Send a Wake-On-LAN magic packet to wake up the machine.		Not Set	Not Set	Not Set	Not Set	Not Set	Allow	Not Set	Not Set	Not Set	Not Set	Not Set
91		▼	Processes		Execute processes on the managed machine.
92			↳	Start Process As User	Stars a new process on the target machine, with the supplied credentials, or with the remote agent credentials.		Not Set	Not Set	Not Set	Not Set	Not Set	Allow	Not Set	Not Set	Not Set	Not Set	Not Set
93			↳	Enable Process Execution	Enable a process execution.		Not Set	Not Set	Not Set	Not Set	Not Set	Allow	Not Set	Not Set	Not Set	Not Set	Not Set
94			↳	Disable Process Execution	Disable a process execution.		Not Set	Not Set	Not Set	Not Set	Not Set	Allow	Not Set	Not Set	Not Set	Not Set	Not Set
95		▼	Registry		Perform all registry-related actions in this category.
96			↳	Import Registry Machine	Import a registry key from a file. Type a file name or browse for a registry file to import.		Not Set	Not Set	Not Set	Not Set	Not Set	Allow	Not Set	Not Set	Not Set	Not Set	Not Set
97			↳	Modify Machine Registry	Perform registry actions on machines in this container.		Not Set	Not Set	Not Set	Not Set	Not Set	Allow	Not Set	Not Set	Not Set	Not Set	Not Set
98			↳	‬Monitor Machine Registry	Analyze and compare registry settings on machines in this container.		Not Set	Not Set	Not Set	Not Set	Not Set	Allow	Not Set	Not Set	Not Set	Not Set	Not Set
99		▼	Services		Perform all service-related actions in this category.
100			↳	Manage Services	Perform system service actions on machines in this container.		Not Set	Not Set	Not Set	Not Set	Not Set	Allow	Not Set	Not Set	Not Set	Not Set	Not Set