Cloud Administrator Users and Roles
The Data Security & Posture Platform offer granular roles to control access and permissions for CASB, Cloud DLP and Account Takeover Protection administrators and users. Roles are mapped to built-in Access Policies that provide access to relevant apps including CASB, Data Security workbench, Data Classification, and Administration.
The following access policies should be used by CASB, Cloud DLP and Account Takeover Protection admins:
-
Cloud Administration: Provides full read and write capabilities for CASB and ATO administrator to the CASB app, and cloud related data in the Data Security Workbench pages such as dashboard, alerts, explorations, Data, Users, reports as well as the Cloud DLP Classification app and certain capabilities in the administration app.
Full Administration: Provides full read and write capabilities to the data security platform and all of its applications (CASB, Workbench, administration etc).
-
Cloud Read-Only Administration: Provides read only capabilities for CASB and ATO administrator to the CASB app, and cloud related data in the Data Security Workbench pages such as dashboard, alerts, explorations, Data, Users, reports as well as the cloud DLP classifiction app and certain capabilities in the administration app.
-
Cloud Activity Exploration: Intended for cloud DLP and Threat Analysts providing read only access to the CASB app and write permissions for cloud related data in the Data Security Workbench pages such as dashboard, alerts, explorations, Data, Users, reports.
Note: customers with Cloud Activity View access policy can also view cloud related alerts and activities in the data security workbench but cannot view users or data related to cloud events. therefore its recommended to user one of the access policies listed above.
|
Access Policy/ Capabilities |
Full Administration |
Activity Exploration |
Cloud Administration |
Cloud Read-Only Administration |
|---|---|---|---|---|
|
CASB Rules / policy lists |
Read/Write |
Read only |
Read/Write |
Read only |
|
CASB Settings/connected apps |
Read/Write |
Read only |
Read/Write |
Read only |
|
Workbench Alerts |
Read/Write | Read/Write |
Read/Write (Cloud) |
Read only |
|
Workbench Exploration / Dashboard |
Read/Write | Read/Write |
Read/Write (Cloud) |
Read only |
|
Workbench Users |
Read/Write |
|
Read/Write |
Read only |
|
Workbench Data |
Read/Write |
|
Read/WriteW (Cloud) |
Read only (Cloud) |
|
Workbench Reports |
Read/Write |
Read only |
Read/Write (Cloud) |
Read only R (Cloud) |
|
(CASB)SaaS Security->3PA |
Read/Write |
|
Read/Write |
Read only |
|
Administration Notifications |
Read/Write |
|
Read/Write (Email) |
Read only |
|
Administration Tags |
Read/Write |
|
Read/Write W (Email) |
Read only |
|
Administration Justifications |
Read/Write |
|
Read/Write |
Read only |
|
Data Classification app (all pages) |
Read/Write |
|
Read/Write |
Read only |
|
Administration User Management |
Read/Write |
|
Read only |
Read only |
|
Administration Policies |
Read/Write |
|
|
|
|
Administration Alert Workflow |
Read/Write |
|
|
|
|
Developer App |
Read/Write |
|
Read/Write | Read/Write |
|
Documentation App |
Read/Write | Read/Write | Read/Write | Read/Write |
|
Account Settings |
Read/Write |
|
|
|
|
Account Statistics |
Read/Write |
|
|
|
For information about other access policies, see Access Policies .