What are Admins and Role-Based Access Control (RBAC)

Role-Based Access Control (RBAC) is a system within the CMA that facilitates the assigning of different roles to admins, each encompassing a set of granular permissions. These roles determine the extent of an admin's capabilities, specifying which pages and features they can view or edit. RBAC enhances security by ensuring admins only have the access required for their responsibilities. This maintains the principle of a zero-trust network and minimizes potential damage.

The CMA includes predefined roles, such as Security Admin and Network Admin, and also allows for the creation of custom roles tailored to your organization's specific needs. This flexibility ensures that access within the CMA is both appropriate and secure.

You can define RBAC admin permissions to edit or only view specific sites, groups of sites, and SDP users. Admins that don't have permissions, can't view the sites or SDP users, and the analytics pages and dashboards are automatically filtered to only show the items with the correct permissions. For example, an admin has view permissions for a group of 10 sites. When the admin opens the Events page, only events for those 10 sites are shown on the page. When creating a new rule for a policy, admins can only choose those sites and user groups that they have permissions to edit.

The Roles & Permissions page comes with several predefined roles with predefined permissions for common admin types. You can also create custom roles to fit the specific needs of admins in your organization. When you create a custom role, you define permissions for the role on a per-page basis. These are the permissions that can be defined for each page: