: Add a Custom Admin Role
Focus
Focus

Add a Custom Admin Role

Table of Contents

Add a Custom Admin Role

Create a custom role to define the privileges needed for a specialized admin role on
Data Security
.
If you want to define more granular access privileges than what the predefined roles provide, you can add custom admin roles.
Custom roles enable you to choose the privileges associated with the role so that you can restrict access to specific pages or actions on
Data Security
. For example, a threat researcher needs access to download quarantined files, while all other incident handlers should not be allowed to download quarantined files. When you then assign the role to an administrator, that administrator inherits the privileges associated with the role.
The easiest way to create a custom role is to clone an existing custom role, such as the Limited Admin role, and modify it to enable the access privileges for the interface elements that you want to allow for the administrator.

Use Custom Admin Roles in
Data Security

Adding custom roles through
Data Security
does not impact the custom roles you created through SaaS Security Console and vice versa.
  1. Log in to
    Strata Cloud Manager
    as a Super User and add custom admin roles through Common Services.
  2. Edit the custom roles as per your requirement available under
    Next-Generation CASB
    Data Security
    and
    Next-Generation CASB
    Settings
    .
    • Data Security
      —Dashboard, Applications, Data Assets, Incidents, Policies, Reports, Users & Activity, and Actions.
    • Settings—Configure, Workflow, Scan & Data, Service Monitoring & License, and Admin Audit logs.
    For each parameter within a category, choose from the following options:
    • No Access—No access to the page.
    • Read— View data on the pages, view and download reports.
    • Write—Quarantine, Restore Quarantine, Request Snippets, Send Email, Asset Change Sharing, Download Snippets, create configuration elements such as Policies, Data patterns and signatures in addition to viewing data.
  3. Save
    your changes.
  4. After creating the custom admin roles, assign it to specific users.
  5. Ensure that you have added your roles to Next-Generation CASB (under
    Apps & Services
    ).
    Custom roles are active on the next login.
    After creating custom admin roles, the changes are reflected in the
    Data Security
    UI. For example, if you created a custom role with
    No Access
    to Data Assets, then Data Assets will not be available in your UI. Further, Data Assets will not be accessible through other sections of the application also. For example, you cannot access Data Assets through the Incidents tab.
    Important Points to Note While Using Custom Admin Roles
    • By default, permissions are inherited by child tabs. For example, the permissions you set for Assets (parent tab) are inherited by Data Assets (child tab). If you want to set custom permissions for child tabs which differ from that of their parent tabs, ensure that the parent tabs have lesser permissions.
    • For
      Actions
      , there are only two options available: No Access and Write. If Read is selected, it is the same as No Access.
    • You can create up to 50 custom roles.

Recommended For You