Manage Cloud Identity Engine App Roles
Table of Contents
Expand all | Collapse all
- Get Help
Manage Cloud Identity Engine App Roles
App roles determine the privileges that users have and how they can use the Cloud Identity Engine
app. For more information on roles, refer to the Common Services documentation. To configure a
role:
- Select.Common ServicesIdentity & Access
- Select the tenant containing the user whose role you want to assign (if it's not already selected).
- Select a user and clickAssign Roles.
- ToAdd Access, selectCloud Identity Enginefrom the list ofApps & Services.
- Select the appropriateRolefor the user based on the following table based on the user’s access needs.
Role | Description |
---|---|
View Only Administrator | This role allows users to view all available data for
the tenant in the Cloud Identity Engine, including detailed Active
Directory (AD) data. |
Deployment Administrator | This role provides access to deployment functionality and
view-only access to other functions. This role allows users to view AD
summary data but they can't view or query detailed AD data. |
MSP Superuser | This role provides full viewing and editing privileges
for all functions for all tenants in a multitenant hierarchy. Assign
this role only to users or service accounts who need unrestricted access
to the Managed Service Provider (MSP) portal. |
Superuser | This role provides full viewing and editing privileges
for all available functions system-wide. It includes all privileges for
all other roles. Assign this role only to users or service accounts who
need unrestricted privileges. |
If a user has multiple roles in the Managed Service Provider
(MSP) portal, the user is granted the same privileges for the role that allows all
granted privileges for all of the user's roles.
For example, if a user has the View
Only Administrator role and the Deployment Administrator role for the Cloud Identity
Engine, the Deployment Administrator role grants management privileges without the
ability to view or query detailed data, while the View Only Administrator role
grants privileges to view all Cloud Identity Engine data, including detailed data.
To allow the privileges granted by both of these roles, a user who has both of these
roles is granted the same privileges as a user with the Superuser role, which allows
full viewing and editing privileges.