Create a custom user role that is configured with unique Umbrella dashboard access permissions, so that when you add a user to the Umbrella dashboard you can give that user very specific Umbrella dashboard access.
- Navigate to Admin > User Roles and click Add.
- Give the role a descriptive name, optionally add a description for this role, and then select the access Permissions you want to grant the new role.
- Policy—When you select Policy, Deployments, Destinations Lists, and Block Page Settings are selected. Thus, allows for the management of all the identities, policy settings, and block page settings, which includes the ability to add, delete and modify policies, and apply those policies to identities. This role is restricted from managing other users within the dashboard, adding or modifying roles or any of the other Admin features.
- Deployments—Allows for the management—create, modify, rename, and delete—of identities and configurations as listed at Deployments > Core Identities and Deployments > Configuration except for Network Devices. The role cannot download Mobile Devices configuration, Chromebook configuration download, add or remove tags from Roaming Computer, and cannot assign a policy to a newly created identity. This role is ideal for provisioning new devices under Umbrella as part of initially bringing computers online to your network.
- Destination Lists—Allows for the management of destination lists, which gives the role the ability to add or delete destinations in destination lists.
Including either the Global Allow List or the Global Block List enables this role to allow or block a destination for the entire organization.
- Block Page Settings —Allows for the management of all Block Page Settings (but not the full policy), which gives the role the ability to change a block page's appearance, add, modify or delete a block page user or add, modify or delete a block page bypass code. However, if selected on its own, it cannot add a user account to be assigned to the block page user.
- Reports—Allows for the management of reports section of the dashboard, which gives the role the ability to create reports, run reports, and export reports. However, if selected on its own, no other part of the dashboard is available. For more information, see Reporting Only User Role.
If a role can provision identities, but not manage policies, ensure that your "catch-all" policies are ordered correctly according to the policy execution arrow (which points downward in the policy section). For example, if a user with the Identities role only provisioned a new roaming computer, that roaming computer would receive the Default Policy unless All Roaming Clients was selected for a policy higher up the hierarchy.
- Click Save.
Once created you can assign this role to a user. For more information about creating user accounts, see Add a New Account.
Once you've configured the user with a role, their dashboard is automatically limited to only the elements they've been assigned. This can mean their dashboard is different than what you may be used to as elements may be missing—areas of the dashboard that a user role is not granted access to are not greyed out; instead, they are not displayed.
Updated 5 months ago