Create a custom role to define privileges needed for
a specialized admin role on SaaS Security API.
If you want to define more granular access
privileges than what the predefined roles provide, you
can add custom admin roles.
Custom roles enable you choose
the privileges associated with the role so that you can restrict
access to specific pages or actions on SaaS Security API. For example,
a threat researcher needs access to download quarantined files,
while all other incident handlers should not be allowed to download
quarantined files. When you then assign the role to an administrator,
that administrator inherits the privileges associated with the role.
easiest way to create a custom role is to clone a predefined role,
such as the Limited Admin role, and modify it to enable the access
privileges for the interface elements that you want to allow for
You can create up to 50 custom roles. If you’d like to
clone a predefined role, pick a predefined role, and select
for the new custom
the category—Explore, Incidents,
Policy , Reports , Settings , Actions—for which you want to modify
For each interface element within a category, you can pick
from the following options where applicable:
access to the page.
View— Can view data on the pages.
View, Download—Can download snippets, CSV reports, and PDF
reports, in addition to viewing data.
View, Download, Create—Can create configuration elements
such as policies, data patterns and signatures.
Full Control—Can access and modify everything on the interface.
Giving full control is equivalent to creating a Super Admin.
After you make a selection, minimize the category to view
the total count for each option.