Cloud Administrator Users and Roles
The Data Security & Posture Platform offer granular roles to control access and permissions for CASB, Cloud DLP and Account Takeover Protection administrators and users. Roles are mapped to built-in Access Policies that provide access to relevant apps including CASB, Data Security workbench, Data Classification, and Administration.
For information on how to set up a user, see Users.
The following access policies should be used by CASB, Cloud DLP and Account Takeover Protection admins:
-
Cloud Full Administration: Provides full read and write capabilities for CASB and ATO administrator to the CASB app, and cloud related data in the Data Security Workbench pages such as dashboard, alerts, explorations, Data, Users, reports as well as the Cloud DLP Classification app and certain capabilities in the administration app.
Full Administration: Provides full read and write capabilities to the data security platform and all of its applications (CASB, Workbench, administration etc).
-
Cloud Full View: Provides read only capabilities for CASB and ATO administrator to the CASB app, and cloud related data in the Data Security Workbench pages such as dashboard, alerts, explorations, Data, Users, reports as well as the cloud DLP classification app and certain capabilities in the administration app.
-
Cloud Activity Exploration: Intended for cloud DLP and Threat Analysts providing read only access to the CASB app and write permissions for cloud related data in the Data Security Workbench pages such as dashboard, alerts, explorations, Data, Users, reports.
Note: customers with Cloud Activity View access policy can also view cloud related alerts and activities in the data security workbench but cannot view users or data related to cloud events. therefore its recommended to user one of the access policies listed above.
|
Access Policy/ Capabilities |
Full Administration |
Cloud Activity Exploration |
Cloud Full Administration |
Cloud Full View |
|---|---|---|---|---|
|
CASB Rules / policy lists |
W |
R |
W |
R |
|
CASB Settings |
W |
|
W |
R |
|
CASB Connected apps |
W |
R (Required to view the cloud apps dashboard) |
W |
R |
|
Workbench Alerts |
W |
R (Cloud)-> W (Cloud) |
W (Cloud) |
R (Cloud) |
|
Workbench Exploration / Dashboard |
W |
R (Cloud)-> W (Cloud) |
W (Cloud) |
R(Cloud) |
|
Workbench Users |
W |
R |
W |
R |
|
Workbench Data |
W |
W (Cloud) |
W (Cloud) |
R (Cloud) |
|
Workbench Reports |
W |
R (Cloud) |
W (Cloud) |
R (Cloud) |
|
(CASB)SaaS Security->3PA |
W |
R → W |
W |
R |
|
Administration Notifications |
W |
R |
W |
R |
|
Administration Tags |
W |
R |
W |
R |
|
Administration Justifications |
W |
R |
W |
R |
|
Data Classification app (all pages) |
W |
|
W |
R |
|
Administration User Management |
W |
|
R |
R |
|
Administration Policies |
W |
|
R |
R |
|
Administration Alert Workflow |
W |
|
|
|
|
Developer App |
W |
|
W |
W |
|
Documentation App |
W |
W |
W |
W |
|
Account Settings |
W |
|
R |
R |
|
Account Statistics |
W |
R (Cloud) |
R (Cloud) |
R (Cloud) |
For information about other access policies, see Access Policies .