List of all Roles
The following are all the roles currently supported by SASE:
| Role | UI Label | Description |
|---|---|---|
| auditor | Auditor | This role provides read-only access to functions related to all configuration, including subscriptions and licenses. Assign this role to users or service accounts that need to examine the system for accuracy. |
| business_admin | Business Administrator | This role provides access to all subscription and license management. This role also provides read-only access to other functions, including but not limited to: access policies, service accounts, and tenant service group operations. |
| data_security_admin | Data Security Administrator | This role provides access to all data security functions. In addition, it provides read-only access to logs. This role contains a very small subset of privileges compared to the Security Admin role. |
| deployment_admin | Deployment Administrator | This role provides access to functions related to deployments. In addition, this role provides read-only access to other functions. |
| iam_admin | IAM Administrator | This role provides access to identity and authentication functions. In addition, it provides read-only access to logs. Assign this role to users or service accounts that need to manage users or service accounts. |
| msp_iam_admin | MSP IAM Administrator | This role provides access to identity and authentication functions for all tenants in a multitenant hierarchy. In addition, it provides read-only access to logs. |
| msp_superuser | MSP Superuser | This role provides full read and write access to all functions for all tenants in a multitenant hierarchy. Assign this role only to users or service accounts that need unrestricted access to the MSP portal. |
| network_admin | Network Administrator | This role provides access to functions related to network configuration. This role also provides read-only access to other functions, including but not limited to: alerts, license quotas, devices, and tenant service group operations. |
| security_admin | Security Administrator | This role provides access to functions related to security policy configuration. This role also provides read-only access to other functions, including but not limited to: alerts, license quotas, devices, and tenant service group operations. |
| soc_analyst | SOC Analyst | This role provides read-only access to functions related to logs, reports, events, alerts, and all configuration. Assign this role to users or service accounts that need to view and investigate threats and trends. |
| superuser | Superuser | This role provides full read and write access to all the available system-wide functions. It includes all the permissions of all the other roles, including MSP Superuser. Assign this role only to users or service accounts that need unrestricted access. |
| tier_1_support | Tier 1 Support | This role provides access to specific incident remediation workflows that update network, security, SD-WAN, GlobalProtect, and device configuration. This role also provides read-only access to other functions. |
| tier_2_support | Tier 2 Support | This role provides access to specific incident remediation workflows that update network, security, SD-WAN, GlobalProtect, and device configuration. This role also provides read-only access to other functions. |
| view_only_admin | View Only Administrator | Read only access to all functions. |