VPN Sessions Manager role

The `VPN Sessions Manager` role is intended for administrators who monitor remote access VPN connections, not site-to-site VPN connections.

Users with the VPN Sessions Manager role can:

• View any page or any setting in Security Cloud Control.

• Search and filter the contents of any page.

• Compare device configurations, view the change log, and see RA VPN mappings.

• View every warning regarding any setting or object on any page.

• Generate, refresh, and revoke their own API tokens. Note that if a VPN Sessions Manager user revokes their own token, they cannot recreate it.

• Contact support through our interface and export a change log.

• Terminate existing RA VPN sessions.

Users with the VPN Sessions Manager role cannot:

• Create, update, configure, or delete anything on any page.

• Onboard devices.

• Step-through the tasks needed to create something like an object or a policy, but not be able to save it.

• Create Security Cloud Control user records.

• Change user role.

• Attach or detach access rules to a policy.