|   Trend Micro Cloud One™
Open menu

Roles and Permissions

Last updated: 08 January 2020

Roles

Cloud Conformity supports four user roles:

An Administrator user can assign roles to other users.

Administrator

The Administrator role has access to all of the Cloud Conformity features including addition of new users and managing subscriptions. This role is at a system level rather than at an account level, implying that an Administrator role can see all accounts within an organisation and has complete access to all API endpoints.

By default, the user who registered your organisation on the Cloud Conformity platform is assigned the Administrator role. However, this can be changed once more users with Administrator privileges are added to the system.

Once a user signs in to Cloud Conformity via ADFS, they are given a role in Cloud Conformity based on their ADFS group membership. Permissions and privileges of ADFS-granted Administrator role are the same as the Cloud Conformity local Administrator role.

Power User

Power Users have full privileges for all the existing accounts as well as for the accounts that will be added in the future. Power users do not have access to Organisation level settings.

Read Only

Users with Read only role have read only access to all the existing accounts as well as for the accounts that will be added in the future.

Custom role

Users with Custom role are managed manually by the Administrator. These users can be given three types of custom role

  • Full Access - Provides users complete access to an account. Users can modify settings related to the account for which such access has been granted. However, Organisation level settings are not accessible.
  • Read Only - Users can view account details but do not have permission to modify any settings related to the account for which such access has been granted.
  • No Access - Restricts access to the user for the specified accounts. A user can be assigned the ‘No Access’ role to specific accounts but given ‘Read Only’ or ‘Full Access’ roles to other accounts in the organisation. Such an user will be able to see only those accounts they have access to on the dashboard.

Example: User may have no access to one or more production accounts and have access to only development accounts. In this case, the user should be assigned ‘No Access’ role for all production accounts and either ‘Read Only’ or ‘Full Access’ roles for the development accounts.