Managing Account Access (Legacy)

This article explains how to manage the Account Access for your Cato account and allow Cato Sales Engineers, Customer Success, and other representatives to make changes to your account.

Note

Note: We are currently rolling out an improved process for allowing account access. This article is only relevant to accounts that have not yet been migrated to the new process. For more information, see below Identify the Correct Account Access Page.

Overview

As part of industry-standard best practices, Cato's Role Based Access Control (RBAC) lets you limit admin permissions for your account and only provide the minimum access level to Cato Management Application admins. Similarly, sometimes you may need professional advice from Cato PS or CS, and it's necessary to allow them to view settings in your account. Use the Account Access page to manage access to your account for Cato PS, CS, and other employees.

The Cato Resource Access ID (CRA ID) is a unique ID that you use to grant access to your account.

You can view what changes were made to your account in the Audit Trail. Changes made by Cato representatives identify employees with a user ID and not an email or name for privacy concerns.

Cato Accessing Accounts without Explicit Permission

There are certain situations where a Cato representative, such as a Technical Account Manager, can access your account without providing permission through the Account Access page. For example, when you open Cato Support tickets, read-only access to your account is automatically given to Cato Support engineers addressing the ticket.

Identify the Correct Account Access Page

In December 2024, Cato began rolling out a new method to manage access to your account. This article documents the legacy method. If you go to Account > Access to my Account, you can identify which version your account is using:

  • If the page has a search bar and status filter, your account is using the new method, and see this article.

    access_new.jpg

  • If the page does not have a search bar or status filter, your account is using the legacy method, and you can continue to the next section.

    access_legacy.jpg

Sample Account Access Use Cases

These are some examples where an admin for a Cato customer gives temporary access to the account using the Account Access page.

Customer Needs Advice from Cato SE

In this sample use case, a customer needs assistance from a Cato SE to review the settings for their account.

  1. Admin contacts Cato SE to review their account settings.

  2. Cato SE sends their CRA ID to the admin.

  3. Admin creates an account access rule for the Cato SE:

    1. (Optional) Enter a Reason for the access.

    2. Define the Time Range that is required for this change. After this time, the Cato SE no longer has access to the account.

    3. Define the admin role (Roles & Permissions) for the Cato SE.

      You can define a predefined role or a dedicated Account Control role.

  4. Admin updates the Cato SE that they now have read-only access to the account in the Cato Management Application.

Cato SE Initiates Request for Account Access

In this sample use case, a Cato SE (account manager) contacts the head of IT for a customer to view the account to give advice for a new feature.

  1. Cato SE contacts the admin that is the head of the IT department, and requests access to specific pages to help change account settings.

  2. Admin reviews the request and approves it.

  3. Cato SE sends their CRA ID to the admin.

  4. Admin creates an account access rule for the Cato SE:

    1. (Optional) Enter a Reason for the access.

    2. Define the Time Range that is required for this change. After this time, the Cato SE no longer has access to the account.

    3. Define the Roles & Permissions for the pages that the Cato SE requested.

  5. Admin updates the Cato SE that they now have read-only access to the account in the Cato Management Application.

Granting Account Access to a Cato Account Representative

When you receive the CRA ID from a Cato account representative, create a new Account Access rule for that person. Define the Time Range that the Cato account representative has permissions to access your account. Then select the Roles & Permissions that determine which Cato Management Application pages they can view and edit. You can define admin access for a predefined role or a dedicated Account Control role. For more information about admin roles, see Managing Admin Roles Using RBAC.

You can edit the Account Access rule to update the settings or delete the rule to revoke permissions. The Audit Trail records when an Account Access rule is created, updated, or deleted.

Best Practice: Only allow access for the required amount of time and select a role with the minimal permissions for pages in the Cato Management Application.

AccountAccess.png

To grant account access to a Cato representative:

  1. From the navigation menu, click Account > Access to My Account.

  2. Click New. The New Access panel opens.

  3. Configure the settings to Grant Access to the Cato representative:

    1. Paste the CRA ID that you received, and click Apply.

      The CRA ID is verified, and the admin information is automatically updated.

    2. (Optional) Enter the Reason you're granting access to the account.

  4. Define the Time Range that they will have access to your account.

  5. In Roles & Permissions, select one or more roles for the Cato Management Application.

  6. Click Save. The Account Access rule is added to the page, and the Cato representative can access the account.

Was this article helpful?

1 out of 1 found this helpful

1 comment

Date Votes
  • Comment author
    Lars Dänzer

    This is an excellent new feature! Will it also be extended to resellers? For us, it would be a significant improvement in both visibility and compliance.