You can create and assign Admin roles to users in the Setup> Manage Admin Roles page.
Pre-Defined Admin Roles
By default, there are 4 pre-defined Admin roles present. They are the following,
- Super Administrator : Super administrator will have full access to Syscloud application
- Administrator : Users assigned to this role will have almost the same access as the super admin, but certain settings and functionalities are not available for this user role (refer attached admin-role-differences.jpg)
- Backup Administrator : Users assigned to this role will have access to check the reports of the overall Backup application. But they will not be able to see the Security app options.
- Security Administrator : Users assigned to this role will have access to check the reports of the overall Security application. But they will not be able to see the Backup app options.
Granting Access for Export and Cross-User Restore for the Admins
For the admins present in the Super Administrator, Administrator, Backup Administrator roles, the option 'Grant Access' will be displayed beside their name in the 'Who this role applies to' section.
This will allow the admin the privilege to perform Export of the users archive and also perform Cross-User Restore (restore data from an user's archive to another user's account). If this privilege is not granted, the assigned admins will only be able to perform regular Restores(restore data from an user's archive to the same user's account). Once the privilege is assigned, the provided privilege will be displayed beside the admin's name in the 'Who this role applies to' section.
Creating Custom Admin Roles for Security Application
You can also create custom admin roles for the Security app that suit your organization needs. To create an admin role,
Step 1: Click on 'Create New Role' button.
Step 2: Enter the name of the custom admin role.
Step 3: Select the type of policies to admin by the user assigned to this role.
Step 4: Select the users whose violations the admin can view and take actions on. You can add the users by Domain, Org Units or Groups.
Step 5: Select the privileges allowed in this role to the admin. There are 3 privileges available.
Reports: ability to view Security Reports like Sharing Insights, Violations List, etc.,
Policies Create/Edit: ability to create or edit DLP & Compliance policies
Violations Approve/Take Action: ability to approve/dismiss violations, or take appropriate action on the violated file.
Step 6: Here, you will be able to preview the settings set in the previous steps. To save the admin role, click on 'Finish' button. You can choose to assign users to this role in this step, or save the admin role and later assign the users to this admin role.
Once saved, the newly created custom Admin Role will be visible in the left-pane under the 'User Created Roles'.
Assigning Users to Admin Roles
To assign users to the admin roles, click on the admin role, click on the Edit(or Add) button present in the 'Who this role applies to' section.
Once you click on Add/Edit option, you will be able to add or remove users assigned to the admin role. You can either assign by a individual user account or by a group. You cannot have both users and groups assigned in the same admin role. Also, users assigned to an admin roles will not be available to be assigned again to another admin role. Once you have assigned the users, you can click on 'Update' to finish assigning the admins to the role.
Once updated, you will be see the admin assigned listed in the 'Who this role applies to' section of the admin role. Note that, if there are multiple clouds present in the Syscloud account and the assigned admin email id being present in both the cloud accounts, then the user will be able to access the Syscloud app as the assigned admin from both of his cloud accounts.