The steps outlined below detail how to create, edit, and remove a role.
Cloud App Security comes with a default Global administrator role that is granted full permissions on the management console, including provision service accounts, configure policies, and manage logs and roles.
A maximum of 19 custom roles can be added.
View only: Administrators can view the existing policies, query logs and reports, or view quarantined messages and files, with no ability to edit them.
Full control: Administrators can view and manage policies, logs and reports, or quarantined messages and files.
Only the default Global administrator role is granted full permissions on the management console, including provision service accounts, add an RMS account, configure policies, and manage logs and roles.
The administrators created on the Administrators screen and the AD users and groups (if an Exchange Online service account is provisioned) are displayed under Available Targets.
A role can have a maximum of 20 members.
When an AD group is selected, all the users belonging to the group, rather than the group itself, are added and displayed under Selected Targets.
For an already selected group, after it is resynchronized and reselected, if it has new users, they are automatically added to Selected Targets; if it has users that no longer exist, they still remain under Selected Targets. You need to manually remove them.
Edit a role
Click the role name, update the name, permissions, and optionally role members, and then click Save.
Delete a role
Select the check box of the role to delete, and then click Remove.