Add a Custom User Role

Create a custom user role that is configured with unique Umbrella dashboard access permissions. When your add a user to the Umbrella dashboard, you can enable a custom role for the user.



  1. Navigate to Admin > User Roles and click Add.
  1. Give the role a descriptive name, optionally add a description for this role, and select the access Permissions you want to grant the new role.

Permissions for custom user role:

  • Policy—Allows for the management of deployed identities, policy settings including destination lists, and block page settings. The Policy permission is not allowed to:
    • Manage other users within the dashboard
    • Add or modify roles, or any of the other Admin features

Note: If you require permission to configure certain Secure Web Gateway (SWG) settings (HTTPS Inspection and File Type Control) in a Web policy rule or edit Data Loss Prevention (DLP) policies, then you must have the Full Admin role not a custom user role.

  • Deployments—Allows for the management—create, modify, rename, and delete—of deployed Umbrella identities and configurations except for Network Devices. The role cannot download Mobile Devices configuration, download Chromebook configuration, add or remove tags from Roaming Computer, nor assign a policy to a newly created identity. This role is ideal for provisioning new devices under Umbrella as part of initially bringing computers online to your network.
  • Destination Lists—Allows for the management of destination lists, which gives the role the ability to add or delete destinations in destination lists. Including either the Global Allow List or the Global Block List enables this role to allow or block a destination for the entire organization.
  • Block Page Settings—Allows for the management of all Block Page Settings (but not the full policy), which gives the role the ability to change a block page's appearance; add, modify or delete a block page user; or add, modify or delete a block page bypass code. However, if selected on its own, it cannot add a user account to be assigned to the block page user.
  • Reports—Allows for the management of Umbrella reports, which gives the role the ability to create reports, run reports, and export reports. In addition, the role includes the Investigate role. If you select only the Reports access permission, you can only access the Reports and Investigate sections of the dashboard.
  • Investigate—Allows for the management of Investigate, which includes the Investigate Smart Search and Pattern Search. If your subscription includes the Umbrella Investigate API, you can list the Investigate API access tokens. The Investigate permission can not create or delete an Investigate API access token.

Note: If you enable a role that can provision identities but not manage policies, ensure that your policies are ordered correctly according to the policy execution arrow (which points downward in the policy section). For example, if a user with the Deployments role only provisions a new roaming computer, Umbrella applies the Default policy to the roaming computer unless you select All Roaming Clients in a policy that has higher priority.

  1. Click Save.
    Once created, you can assign the custom role to a user. For more information about creating user accounts, see Add a New Account.

After you enable a role for a user, Umbrella automatically displays only the elements permitted by user's role. This can mean that their dashboard only contains certain elements whereas a user with another role may have access to other elements on the dashboard.

Add a New User < Add a Custom User Role > Manage Your Logs