Views:
The steps outlined below detail how to create, edit, and remove a role.
Related information

Add a role

Procedure

  1. Go to AdministrationAdministrator and RoleRoles.
    Cloud App Security comes with a default Global administrator role that is granted full permissions on the management console, including granting access, configuring policies, and managing logs and roles.
  2. Click Add.
    Note
    Note
    A maximum of 19 custom roles can be added.
    The Role screen appears.
  3. Type a name and optionally a description for the role.
  4. Specify one or several permissions for the role.
    1. Select the check box of the permission to add.
    2. Select View only or Full control from the drop-down list.
      • View only: Administrators with the role can view the screen but cannot manage the configuration on the screen.
      • Full control: Administrators with the role can view and manage the configuration on the screen.
      Note
      Note
      Only the default Global administrator role is granted full permissions on the management console, including the Administration screen.
  5. Optionally select an organization from the Organization drop-down list and select one or several users or groups as role members.
    The administrators created on the Administrators screen (non-AD users) and the AD users and groups (if you have granted access to Exchange Online) are displayed under Available Targets.
    Note
    Note
    • A role can have a maximum of 20 members.
    • When an AD group is selected, all the users belonging to the group, rather than the group itself, are added and displayed under Selected Targets.
  6. Optionally click Click here to synchronize AD users and groups if you have granted access to OneDrive, or to resynchronize the AD users and groups if the user or group to add is not in the list.
    Important
    Important
    For an already selected group, after it is resynchronized and reselected, if it has new users, they are automatically added to Selected Targets; if it has users that no longer exist, they still remain under Selected Targets. You need to manually remove them.
  7. Click Save.

Manage roles

Procedure

  1. Go to AdministrationAdministrator and RoleRoles.
  2. Do the following:
    Option Description
    Edit a role
    Click the role name, update the name, permissions, and optionally role members, and then click Save.
    Delete a role
    Select the check box of the role to delete, and then click Remove.
    Note
    Note
    • The Global administrator role is a default role and cannot be deleted.
    • A role with assigned administrators cannot be deleted.
    • You can delete one role at a time.