Add a role

You can use predefined roles or create custom roles to manage administrator access to features in the management console. Predefined roles have set permissions that cannot be modified. Custom roles are globally scoped and provide full operational access to the related pages and actions for a defined area. Users assigned to a custom role cannot enable notifications on the My Account page.

Based on your role's permissions, some menu options, pages, and features may not be available. For example, if a user does not have access to the zones feature, the zones menu option does not display. The Dashboard screen is available for all predefined and custom roles, but the data it displays only reflects the zones that the logged in user is allowed to manage.

If access is not selected for a role, users will not see that page in the menu or be able to navigate to the page from anywhere within the console. For example, if a custom role has permissions allowed for threats and disallowed for devices, the Threat Protection page displays in the menu while the Devices page does not. If the user views the Threat Details page for a threat, the affected devices and zones will display but the user will receive an error page when attempting to click the link for details for a specific device.

For more information, see Permissions of default administrator roles.

  1. In the management console, on the menu bar, click Settings > Administrators.
  2. Click Roles.
  3. Click Add New Role.
  4. Type a name for the role.
  5. Select the Access checkbox next to any feature that you want to allow this role to access. Expand sections to see more options. For more information, see Permissions of default administrator roles.
  6. Click Add Role.
  • To edit a role, click an existing role and modify the name or permissions. The updated name or permissions will be applied to any users assigned to the existing role.
  • If a predefined or custom role has users assigned, you can click the link in the Assigned Users column to view the email for any users assigned to that role. You can click the email to view the User Details page for that user.
  • To delete a role, click a checkbox beside a role that does not have any users assigned to it, then click Remove. If a role has users assigned to it, you cannot select the checkbox.