Access Control in Netskope IoT Security
You need to log in using your Super Administrator role to manage user access control. When you create a user account, you can assign a user with one or more roles or you can also modify the user settings after you create the user.
Types of user roles and their access controls
Table 9. Types of user roles and their access controls
User Role | Role Definition | Access Control Ares |
|---|
Super Administrator | Access to all the features | Dashboard > Executive Dashboard > Security Dashboard > IT Ops Inventory Inventory > Save search Inventory > Apply tag Inventory > Suggest reclassification Inventory > Report generation Investigate Policy Policy > Create policy Policy > Blocked devices Manage > Scans Manage > Assets Manage > Users Manage > Sites and regions Manage > Tags and groups Manage > Integration Manage >Configuration Reporting > Saved searches Reporting > Reports Reporting > Reclassification requests
|
Network Administrator | Access to network features of the product | Dashboard > Executive Inventory Inventory > Save search Inventory > Apply tag Inventory > Report generation Investigate Policy Policy > Create policy Policy > Blocked devices Manage > Scans Manage > Assets Manage > Sites and regions Manage > Tags and groups Manage > Integration Manage >Configuration Reporting > Saved searches Reporting > Reports
|
Security Administrator | Access to security features of the product | Dashboard > Executive Dashboard > Security Inventory Inventory > Save search Inventory > Apply tag Inventory > Report generation Investigate Policy Policy > Create policy Policy > Blocked devices Manage > Scans Manage > Assets Manage > Sites and regions Manage > Tags and groups Manage > Integration Manage >Configuration Reporting > Saved searches Reporting > Reports
|
IT Administrator | Access to IT features of the product | Dashboard > Executive Dashboard > IT Ops Inventory Inventory > Save search Inventory > Apply tag Inventory > Report generation Investigate Policy Policy > Blocked devices Manage > Scans Manage > Assets Manage > Sites and regions Manage > Tags and groups Manage > Integration Manage >Configuration Reporting > Saved searches Reporting > Reports
|
Super Reader | Access to only read in the defined scope | |
Scope Based Access Control for Users
When creating a user, in addition to the role, you can also assign the scope for the user. The scope is based on sites and regions in Netskope IoT Security tenants and you can assign one or more sites and regions when creating the user. The Super Administrator and Super Reader roles does not have any scope based restrictions. Only Super Administrator users can provide scope based access control.
Single Sign-On (SSO) Users
For single sign-on (SSO) users who use external identity providers (IdP) such as Okta, Active Directory, etc for authentication, authorization will depend on role mappings. By default, all SSO users will be mapped to the Super Reader role and have access to all the sites. Super Administrator can modify the default role and scope based access control for SSO Users.