Role Management

The steps outlined below detail how to create, edit, and remove a role.

Parent topic: Administrator and Role

Adding a Role

  1. Go to Administration > Administrator and Role > Roles.

    Cloud App Security comes with a default Global administrator role that is granted full permissions on the management console, including provision service accounts, configure policies, and manage logs and roles.

  2. Click Add.
    Note:

    A maximum of 19 custom roles can be added.

    The Role screen appears.
  3. Type a name and optionally a description for the role.
  4. Specify one or several permissions for the role:
    1. Select the check box of the permission to add.
    2. Select View only or Full control from the drop-down list.

      • View only: Administrators can view the existing policies, query logs and reports, or view quarantined messages and files, with no ability to edit them.

      • Full control: Administrators can view and manage policies, logs and reports, or quarantined messages and files.

      Note:

      Only the default Global administrator role is granted full permissions on the management console, including provision service accounts, add an RMS account, configure policies, and manage logs and roles.

  5. Optionally select an organization from the Organization drop-down list and select one or several users or groups as role members.

    The administrators created on the Administrators screen and the AD users and groups (if an Exchange Online service account is provisioned) are displayed under Available Targets.

    Note:

    • A role can have a maximum of 20 members.

    • When an AD group is selected, all the users belonging to the group, rather than the group itself, are added and displayed under Selected Targets.

  6. Optionally click Click here to synchronize AD users and groups if a OneDrive service account is provisioned, or to resynchronize the AD users and groups if the user or group to add is not in the list.
    Important:

    For an already selected group, after it is resynchronized and reselected, if it has new users, they are automatically added to Selected Targets; if it has users that no longer exist, they still remain under Selected Targets. You need to manually remove them.

  7. Click Save.

Managing Roles

  1. Go to Administration > Administrator and Role > Roles.
  2. Do the following:
    Option Description

    Edit a role

    Click the role name, update the name, permissions, and optionally role members, and then click Save.

    Delete a role

    Select the check box of the role to delete, and then click Remove.

    Note:

    • The Global administrator role is a default role and cannot be deleted.

    • A role with assigned administrators cannot be deleted.

    • You can delete one role at a time.