Cloud Protection Permission Group

There are 10 predefined permission groups with each having different access permissions. The purpose is to be able to delegate the most suitable role to each individual within an organization.

Predefined Permission Group Summary

Permission Group	Permission Group Summary
Admin	Full Read and Write access to all cloud monitoring features and resources besides profile and user management. Accessible to all resource groups.
Auditor	Full Read access to all cloud monitoring features and resources besides profile and user management. Accessible to all resource groups.
Configuration Admin	Read and Write access to policy configuration and admin features. Accessible to all resource groups.
Cloud Provisioning Admin	Read and Write access to cloud monitoring summary, account and resource group management. Accessible to all resource groups.
Cloud Security and Report Admin	Read and Write access to cloud monitoring summary, alert, resources, documents, policy (read only), report management, partial admin features (read only). Accessible to all resource groups.
Cloud Security and Report Auditor	Read access to cloud monitoring summary, alert, resources, documents, activity, policy, view reports, and partial admin features. Accessible to all resource groups.
Cloud Security Admin	Read and write access to cloud monitoring summary, alerts, resources, documents, activity, policy (read only), and partial admin features. Accessible to only the resource group(s) assigned.
Cloud Security Auditor	Read access to cloud monitoring summary, alerts, resources, documents, activity, policy, and partial admin features. Accessible to only the resource group(s) assigned.
Report Admin	Read and Write access to cloud monitoring summary and reports. Accessible to all resource groups.
Report Auditor	Read access to cloud monitoring summary and reports. Accessible to all resource groups.

Predefined Permission Group and Account Management

1. All permission groups have access to all resource groups except Cloud Security Admin and Cloud Security Auditor. Cloud Security Admin and Cloud Security Auditor can only access resource groups assigned to them.
2. Admin, Configuration Admin, and Cloud Provision Admin can create, edit, and delete resource groups and cloud accounts in ADMIN. The rest of 7 permission groups can only view but not able to create or edit.

Predefined Permission Group - Full Details

This table shows the access permission of each permission group on all features in Cloud Protection. Read indicates that the feature is read only, and Write indicates the feature can be edited. The blank cell indicates that there is no access to the feature.

Permission Group Name	Dashboard	Alert	Resource	Document	Activity	Policy	Report	Admin	User Profile	File Profile	Traffic
Global Admin	Read	Write	Read	Read	Read	Write	Write	Write	Read	Read
Global Auditor	Read	Read	Read	Read	Read	Read	Read	Read	Read	Read
Admin	Read	Write	Read	Read	Read	Write	Write	Write	Read	Read	Read
Auditor	Read	Read	Read	Read	Read	Read	Read	Read	Read	Read	Read
Configuration Admin	Read					Write		Write
Cloud Provision Admin	Read							Write (limited)
Cloud Security and Report Admin	Read	Write	Read	Read	Read	Write	Write	Read (limited)	Read	Read	Read
Cloud Security and Report Auditor	Read	Read	Read	Read	Read	Read	Read	Read (limited)	Read	Read	Read
Cloud Security Admin	Read	Write	Read	Read	Read	Read		Read (limited)	Read	Read	Read
Cloud Security Auditor	Read	Read	Read	Read	Read	Read		Read (limited)	Read	Read	Read
Report Admin	Read					Read	Write	Read (limited)
Report Auditor	Read					Read	Read	Read (limited)