Cloud Administrator Users and Roles
The Data Security Platform offer granular roles to control access and permissions for Cloud DLP and Account Takeover Protection administrators and users. Roles are mapped to built-in Access Policies that provide access to relevant apps including Cloud DLP , Data Security workbench, Data Classification, and Administration.
For information on how to set up a user, see Users.
The following access policies should be used by Cloud DLP , Cloud DLP and Account Takeover Protection admins:
-
Cloud Full Administration: Provides full read and write capabilities for Cloud DLP and ATO administrator to the Cloud DLP app, and cloud related data in the Data Security Workbench pages such as dashboard, alerts, explorations, Data, Users, reports as well as the Cloud DLP Classification app and certain capabilities in the administration app.
Full Administration: Provides full read and write capabilities to the data security platform and all of its applications (Cloud DLP , Workbench, administration etc).
-
Cloud Full View: Provides read only capabilities for Cloud DLP and ATO administrator to the Cloud DLP app, and cloud related data in the Data Security Workbench pages such as dashboard, alerts, explorations, Data, Users, reports as well as the cloud DLP classification app and certain capabilities in the administration app.
-
Cloud Activity Exploration: Intended for cloud DLP and Threat Analysts providing read only access to the Cloud DLP app and write permissions for cloud related data in the Data Security Workbench pages such as dashboard, alerts, explorations, Data, Users, reports.
Note: customers with Cloud Activity View access policy can also view cloud related alerts and activities in the data security workbench but cannot view users or data related to cloud events. therefore its recommended to user one of the access policies listed above.
|
Access Policy/ Capabilities |
Full Administration |
Cloud Activity Exploration |
Cloud Full Administration |
Cloud Full View |
GenAI Protection Access |
|---|---|---|---|---|---|
|
Cloud DLP Rules / policy lists |
W |
R |
W |
R |
W (AI-related only) |
|
Cloud DLP Settings |
W |
|
W |
R |
W (AI-related only) |
|
Cloud DLP Connected Cloud apps |
W |
R (Required to view the cloud apps dashboard) |
W |
R |
W (AI-related only) |
|
Workbench Alerts |
W |
R (Cloud)-> W (Cloud) |
W (Cloud) |
R (Cloud) |
W (AI only) |
|
Workbench Exploration / Dashboard |
W |
R (Cloud)-> W (Cloud) |
W (Cloud) |
R(Cloud) |
W (AI only) |
|
Workbench Users |
W |
R |
W |
R |
R |
|
Workbench Data |
W |
W (Cloud) |
W (Cloud) |
R (Cloud) |
W (AI only) |
|
Workbench Reports |
W |
R (Cloud) |
W (Cloud) |
R (Cloud) |
R |
|
(Cloud DLP )SaaS Security->3PA |
W |
R → W |
W |
R |
W (AI-related only) |
|
Administration Notifications |
W |
R |
W |
R |
|
|
Administration Tags |
W |
R |
W |
R |
|
|
Administration Justifications |
W |
R |
W |
R |
|
|
Data Classification app (all pages) |
W |
|
W |
R |
W (AI-related only) |
|
Administration User Management |
W |
|
R |
R |
|
|
Administration Policies |
W |
|
R |
R |
|
|
Administration Alert Workflow |
W |
|
|
|
|
|
Developer App |
W |
|
W |
W |
W |
|
Documentation App |
W |
W |
W |
W |
W |
|
Account Settings |
W |
|
R |
R |
|
|
Account Statistics |
W |
R (Cloud) |
R (Cloud) |
R (Cloud) |
For information about other access policies, see Access Policies .