SaaS Security
Add a Custom Admin Role
Table of Contents
Expand All
|
Collapse All
SaaS Security Docs
Add a Custom Admin Role
Create a custom role to define the privileges needed for a specialized admin role on
Data Security.
Where Can I Use This? | What Do I Need? |
---|---|
|
Or any of the following licenses that include the Data Security license:
|
If you want to define more granular access privileges than what the predefined roles provide, you
can add custom admin roles.
Custom roles enable you to choose the privileges associated with the role so that you
can restrict access to specific pages or actions on Data Security. For
example, a threat researcher needs access to download quarantined files, while all
other incident handlers should not be allowed to download quarantined files. When
you then assign the role to an administrator, that administrator inherits the
privileges associated with the role.
The easiest way to create a custom role is to clone an existing custom role, such as
the Limited Admin role, and modify it to enable the access privileges for the
interface elements that you want to allow for the administrator.
Use Custom Admin Roles in Data Security
Adding custom roles through Data Security does
not impact the custom roles you created through SaaS Security Console and vice
versa.
- Log in to Strata Cloud Manager as a Super User and add custom admin roles through Common Services.Edit the custom roles as per your requirement available under Next-Generation CASBData Security and Next-Generation CASBSettings.
- Data Security—Dashboard, Applications, Data Assets, Incidents, Policies, Reports, Users & Activity, and Actions.
- Settings—Configure, Workflow, Scan & Data, Service Monitoring & License, and Admin Audit logs.
For each parameter within a category, choose from the following options:- No Access—No access to the page.
- Read— View data on the pages, view and download reports.
- Write—Quarantine, Restore Quarantine, View Snippets, Send Email, Asset Change Sharing, Download Snippets, create configuration elements such as Policies, Data patterns and signatures in addition to viewing data.
Save your changes.After creating the custom admin roles, assign it to specific users.Ensure that you have added your roles to Data Security (under Apps & Services).Custom roles are active on the next login.After creating custom admin roles, the changes are reflected in the Data Security UI. For example, if you created a custom role with No Access to Data Assets, then Data Assets will not be available in your UI. Further, Data Assets will not be accessible through other sections of the application also. For example, you cannot access Data Assets through the Incidents tab.Important Points to Note While Using Custom Admin Roles- By default, permissions are inherited by child elements. For example, the permissions you set for Assets (parent element) are inherited by Data Assets (child element). If you want to set custom permissions for child elements which differ from that of their parent elements, ensure that the parent elements have lesser permissions.
- For Actions, there are only two options available: No Access and Write. If Read is selected, it is the same as No Access.
- You can create up to 50 custom roles.