The Roles tab in the Access Control section of the Administration console enables you to review the roles in your tenant.
You must have either the Tenant Admin or View Admin role to access the Roles tab.
To view the roles in your tenant:
- In the Administration console, navigate to Access Control > Roles.
- View the list of roles.
The Roles tab displays:
- the roles in your tenant
- the policy associated with each role
- the description of each role
- the number of users assigned to the role
Click on the entry in the Users Assigned column to navigate to the Assignments tab and view a list of users assigned to that role.
Select an entry to view the policy details of the individual role. For more information, see Policies.
Access Control Roles
|View Admin||View Admin||View administrators can view the configuration of a tenant, but cannot update anything.|
|Tenant Admin||Tenant Admin|
Tenant administrators manage the configurations and settings at the tenant level. Tenant administrators:
Tenant administrators have the Read permissions that the view administrator has. In addition, they can:
Note: The Assignments feature cannot remove this role if you're the only user in your tenant assigned to the Tenant Admin role.
|Tenant Security Admin||Tenant Security Admin|
Tenant security administrators manage the tenant’s security settings. They can:
|Encryption Admin||Encryption Admin Policy|
Encryption administrators manage the BYOK encryption keys for their organization and handle the encryption of their workspaces. Encryption administrators can only see the workspaces and keys for the tenant to which they belong.
Encryption administrators can:
Note: To unassign yourself from the encryption administrator role, have another encryption administrator unassign you. Encryption administrators cannot unassign themselves from the Encryption Admin role.
|Integration Admin||Integration Admin|
The Integration Admin role enables you to access the Integration Framework feature to:
|Page Builder||Page Builder|
A Page Builder can:
|Process Owner||Process Owner|
In a future release, process owners can create, edit, update, and delete Workflow processes for their tenant. Workflow processes consist of several tasks that the process owner assigns to users. For example, viewing and modifying information on dashboards and approving or rejecting those changes. In addition, process owners can start cycles of their workflow processes and can complete their own workflow tasks.
Notes: Administrators who have the Process Owner role can run tasks in any workflow process.
|Tenant Auditor||Tenant Auditor|
Tenant Auditors can view audit information for their tenant. See Security - Audit.
Note: Your organization must be licensed for the Audit feature to make use of the tenant auditor role. If you do not have Audit enabled, you can view and assign the tenant auditor role. Tenant auditors have no authorizations until Audit is enabled.