This article discusses how to configure regional viewer permissions for a Cato Management Application admin in your account.
Note: You can use admin roles and permissions to apply more granular RBAC settings, see Configuring Roles and Permissions for Admins.
The Cato Management Application lets you define an admin with permissions to only view specific sites and SDP users (in groups) in your account. When the admin logs in to your account, the Cato Management Application only shows screens that are related to the metrics and data for those sites and users. This admin can't access any information about the other sites, users, and groups in the account.
Regional Viewers only have read-only access and can't configure any settings in your account or the regional sites. Email notifications for Health Alerts are not sent to Regional Viewers.
Use the Administrators screen to assign and admin with the role of a Regional Viewer. Then define the specific sites and groups that an administrator is permitted to view.
You can define the following types of items that the admin is permitted to view:
Site - Allow the admin to view individual sites.
Group - Allow the admin to view grouped entities of sites or SDP users.
System Group - Allow the admin to view a predefined group, such as All SDP Users.
Restricting Private Data for a Regional Viewer
By default, regional viewers don't have access to the private data for the permitted items. This means that they can't see the Usage Analytics or the Events screens for these items.
You can choose to allow a regional viewer to access these screens and see the private data for the permitted items.
To restrict an admin to only view specific sites or groups:
From the navigation menu, click Administration > Administrators.
Select the admin.
The General screen for the admin opens.
From the Role drop-down menu, select Regional Viewer.
(Optional) To allow this regional viewer to see private data for the Permitted Items, select Present usage and events data.
In the Permitted Items section, in the drop-down menu, select the type of item that the admin is permitted to view: Site, Group, or System Group.
Select the specific items (sites or groups) for the admin.
Click Save. The admin is restricted to only view the specific sites or groups.