Custom roles

You can create custom roles with a specific set of permissions. This provides more flexibility than the built-in roles, which have a fixed set of permissions.

Custom roles allow company administrators to define granular access control by creating roles with a specific set of permissions, and then assigning these roles to users. This provides more flexibility than the built-in roles, which have a fixed set of permissions.

Custom roles can be created at the partner, customer, or folder tenant level. Child tenants inherit custom roles that were defined at the upper level, and can directly use them or clone and customize them to better suit their needs, by reducing the granted permissions.

Custom roles can only be created and managed by company administrators.

Permissions

Permissions are the building blocks of custom roles. Each permission controls access to a specific operation or group of operations within a service, such as the Cyber Protect console or Management Portal. When you create a custom role, you select the permissions that you want to include.

Each permission specifies:

  • The service it affects: the Cyber Protect console or Management Portal.
  • The area within the service that it affects. For example, devices, protection plans, or backup storage.
  • The operation that it allows. For example, managing, configuring, or starting a specific feature.

When a user does not have a permission, the corresponding UI elements are hidden or disabled, and direct API calls are blocked with a permission error. Users get read-only access to such features.

Custom role properties

When creating a custom role, you must specify the following:

  • Name. A descriptive name for the role, unique within the tenant.
  • Description. A brief description of the role's purpose.
  • Permissions. One or more permissions to include in the role.

Managing custom roles

Company administrators can perform the following actions on custom roles:

  • Create a new custom role with a specific set of permissions.
  • Edit a custom role that was created in their tenant.
  • Delete a custom role that was created in their tenant, if no users are currently assigned to it.
  • Clone a custom role that was created in their tenant or in the parent tenant, to use it as a starting point for a new role.
  • Export a custom role as a JSON file.
  • Import a custom role from a JSON file.

You can manage custom roles from Settings > Roles and permissions.