User roles and permissions in Mysonicwall and NSM

In mysonicwall, there are 6 permissions for firewall, with ‘Admin’ having all permissions, to ‘No Access” for no permissions:
Admin
Support
Operator
ReadOnly
Guest
No Access

In NSM, there are 6 Base Roles:
SuperAdmin
Admin
Read Only
Operator
Support
Guest

SuperAdmin is reserved and not available to use.
The rest 5 Base Roles are corresponding to mysonicwall permissions one to one.

New custom roles can be created on top of Base Roles. For example, to give less permission to a Guest role, a new role can be created by clicking on ‘Add Role’ at the top, or ‘Clone’ at the end of the line.

Assume a new role was created by cloning ‘Guest’ role. We can edit the permissions by clicking the Action 3-dotes (…) at the end of the line. Here is a screenshot on modified permissions for ‘Guest – Copy’ role.

Now if you want to change user permissions in NSM, you can assign the custom role to this user. Note only same level of roles are available to be selected.

For example, If a user A has ‘Guest’ permission in mysonicwall, then when assigning new roles in NSM, only ‘Guest’ and its variants (like ‘Guest – Copy’) are available. In the example below, custom role ‘Guest – Copy’ was selected. Clicking on ‘Save’ to save role selection, and ‘Save’ again to save ‘Edit User’ selection.

Now when this user logs into NSM, the user can view ‘Home’ and ‘Monitor’. But clicking on ‘Device’ or ‘Objects’ or ‘Policy’ will get prompt ‘You do not have permission to view this screen.’