Views:
The steps outlined below detail how to create, edit, and remove a role.
Related information

Adding a role

Procedure

  1. Go to AdministrationAdministrator and RoleRoles.
    Cloud App Security comes with a default Global administrator role that is granted full permissions on the management console, including granting access, configuring policies, and managing logs and roles.
  2. Click Add.
    Note
    Note
    A maximum of 19 custom roles can be added.
    The Role screen appears.
  3. Type a name and optionally a description for the role.
  4. Define the role by specifying the organizations that the role can manage and granting one or several permissions to the role.
    1. Select one or multiple organizations for the role to manage.
      Note
      Note
      • If you select All organizations, the role can manage not only all the existing organizations but also the organizations created later.
      • Only roles with the All organizations scope can access the classic Cloud App Security console.
    2. Select View only or Full control or No access from the drop-down list.
      • View only: Administrators with the role can view the screen but cannot manage the configuration on the screen.
      • Full control: Administrators with the role can view and manage the configuration on the screen.
      • No access: Administrators with the role cannot access the screen.
      Note
      Note
      Only the default Global administrator role is granted full permissions on the management console, including the Administration screen.
  5. Optionally select an organization from the Organization drop-down list and select one or several users or groups as role members.
    The administrators created on the Administrators screen (non-AD users) and the AD users and groups (if you have granted access to Exchange Online) are displayed under Available Targets.
    Note
    Note
    • A role can have a maximum of 20 members.
    • When an AD group is selected, all the users belonging to the group, rather than the group itself, are added and displayed under Selected Targets.
  6. Optionally click Click here to synchronize AD users and groups if you have granted access to OneDrive, or to resynchronize the AD users and groups if the user or group to add is not in the list.
    Important
    Important
    For an already selected group, after it is resynchronized and reselected, if it has new users, they are automatically added to Selected Targets; if it has users that no longer exist, they still remain under Selected Targets. You need to manually remove them.
  7. Click Save.

Managing roles

Procedure

  1. Go to AdministrationAdministrator and RoleRoles.
  2. Do the following:
    Option Description
    Edit a role
    Click the role name, update the name, permissions, and optionally role members, and then click Save.
    Delete a role
    Select the check box of the role to delete, and then click Remove.
    Note
    Note
    • The Global administrator role is a default role and cannot be deleted.
    • A role with assigned administrators cannot be deleted.
    • You can delete one role at a time.