Read-only Role
Users with the Read-Only role can do the following:
View any page or any setting in CDO.
Search and filter the contents of any page.
Compare device configurations, view the change log, and see VPN mappings.
View every warning regarding any setting or object on any page.
Generate, refresh, and revoke their own API tokens. Note that if a read-only user revokes their own token, they cannot recreate it.
Contact support through our interface and can export a change log.
Read-Only users cannot do the following:
Create, update, configure, or delete anything on any page.
Onboard devices.
Step-through the tasks needed to create something like an object or a policy, but not be able to save it.
Create CDO user records.
Change user role.
Attach or detach access rules to a policy.