In addition to the CLP administrator that has full access to the management console,
Cloud App Security supports customizing administrative roles to grant
limited access to users or groups that they need to perform their tasks. For example,
specify
a role to let one view and manage only Advanced Threat Protection policies, while
another can
view the existing Data Loss Prevention policies without having the ability to edit
them. This
enables more fine-grained, role-based access control and lowers the risk of corporate
data
exposure to attackers.
Cloud App Security comes with a default global administrator role that
has unrestricted permissions, and up to 20 custom roles that you can create to fit
the
specific needs of your organization. Cloud App Security role-based
access control provides the following:
-
Define a role by specifying permissions for it and optionally adding users or groups as members.
-
Create an administrator account by adding a user and assigning an appropriate role to it.
Only a user with the global administrator role can add an administrator account,
create a custom role, and assign users or groups to the role.