: Manage Cloud Identity Engine App Roles
Focus
Focus

Manage Cloud Identity Engine App Roles

Table of Contents

Manage Cloud Identity Engine App Roles

App roles determine the privileges that users have and how they can use the Cloud Identity Engine app. For more information on roles, refer to the Common Services documentation. To configure a role:
  1. Select
    Common Services
    Identity & Access
    .
  2. Select the tenant containing the user whose role you want to assign (if it's not already selected).
  3. Select a user and click
    Assign Roles
    .
  4. To
    Add Access
    , select
    Cloud Identity Engine
    from the list of
    Apps & Services
    .
  5. Select the appropriate
    Role
    for the user based on the following table based on the user’s access needs.
Role
Description
View Only Administrator
This role allows users to view all available data for the tenant in the Cloud Identity Engine, including detailed Active Directory (AD) data.
Deployment Administrator
This role provides access to deployment functionality and view-only access to other functions. This role allows users to view AD summary data but they can't view or query detailed AD data.
MSP Superuser
This role provides full viewing and editing privileges for all functions for all tenants in a multitenant hierarchy. Assign this role only to users or service accounts who need unrestricted access to the Managed Service Provider (MSP) portal.
Superuser
This role provides full viewing and editing privileges for all available functions system-wide. It includes all privileges for all other roles. Assign this role only to users or service accounts who need unrestricted privileges.
If a user has multiple roles in the Managed Service Provider (MSP) portal, the user is granted the same privileges for the role that allows all granted privileges for all of the user's roles.
For example, if a user has the View Only Administrator role and the Deployment Administrator role for the Cloud Identity Engine, the Deployment Administrator role grants management privileges without the ability to view or query detailed data, while the View Only Administrator role grants privileges to view all Cloud Identity Engine data, including detailed data. To allow the privileges granted by both of these roles, a user who has both of these roles is granted the same privileges as a user with the Superuser role, which allows full viewing and editing privileges.

Recommended For You