Workload Protection Permission Group
There are 10 predefined permission groups with each having different access permissions. The purpose is to be able to delegate the most suitable role to each individual within an organization.
Predefined Permission Group Summary
Permission Group | Permission Group Summary |
---|---|
Admin | Full Read and Write access to all cloud monitoring features and resources besides profile and user management. Accessible to all resource groups. |
Auditor | Full Read access to all cloud monitoring features and resources besides profile and user management. Accessible to all resource groups. |
Configuration Admin | Read and Write access to policy configuration and admin features. Accessible to all resource groups. |
Cloud Provisioning Admin | Read and Write access to cloud monitoring summary, account and resource group management. Accessible to all resource groups. |
Cloud Security and Report Admin | Read and Write access to cloud monitoring summary, alert, resources, documents, policy (read only), report management, partial admin features (read only). Accessible to all resource groups. |
Cloud Security and Report Auditor | Read access to cloud monitoring summary, alert, resources, documents, activity, policy, view reports, and partial admin features. Accessible to all resource groups. |
Cloud Security Admin | Read and write access to cloud monitoring summary, alerts, resources, documents, activity, policy (read only), and partial admin features. Accessible to only the resource group(s) assigned. |
Cloud Security Auditor | Read access to cloud monitoring summary, alerts, resources, documents, activity, policy, and partial admin features. Accessible to only the resource group(s) assigned. |
Report Admin | Read and Write access to cloud monitoring summary and reports. Accessible to all resource groups. |
Report Auditor | Read access to cloud monitoring summary and reports. Accessible to all resource groups. |
Predefined Permission Group and Account Management
- All permission groups have access to all resource groups except Cloud Security Admin and Cloud Security Auditor. Cloud Security Admin and Cloud Security Auditor can only access resource groups assigned to them.
- Admin, Configuration Admin, and Cloud Provision Admin can create, edit, and delete resource groups and cloud accounts in ADMIN. The rest of 7 permission groups can only view but not able to create or edit.
Predefined Permission Group - Full Details
This table shows the access permission of each permission group on all features in Workload Protection. Read indicates that the feature is read only, and Write indicates the feature can be edited. The blank cell indicates that there is no access to the feature.
Permission Group Name | Dashboard | Alert | Resource | Document | Activity | Policy | Report | Admin | User Profile | File Profile | Traffic |
---|---|---|---|---|---|---|---|---|---|---|---|
Global Admin | Read | Write | Read | Read | Read | Write | Write | Write | Read | Read | |
Global Auditor | Read | Read | Read | Read | Read | Read | Read | Read | Read | Read | |
Admin | Read | Write | Read | Read | Read | Write | Write | Write | Read | Read | Read |
Auditor | Read | Read | Read | Read | Read | Read | Read | Read | Read | Read | Read |
Configuration Admin | Read | Write | Write | ||||||||
Cloud Provision Admin | Read | Write (limited) | |||||||||
Cloud Security and Report Admin | Read | Write | Read | Read | Read | Write | Write | Read (limited) | Read | Read | Read |
Cloud Security and Report Auditor | Read | Read | Read | Read | Read | Read | Read | Read (limited) | Read | Read | Read |
Cloud Security Admin | Read | Write | Read | Read | Read | Read | Read (limited) | Read | Read | Read | |
Cloud Security Auditor | Read | Read | Read | Read | Read | Read | Read (limited) | Read | Read | Read | |
Report Admin | Read | Read | Write | Read (limited) | |||||||
Report Auditor | Read | Read | Read | Read (limited) |