Skip to main content

Netskope Help

Access Control in Netskope IoT Security

You need to log in using your Super Administrator role to manage user access control. When you create a user account, you can assign a user with one or more roles or you can also modify the user settings after you create the user.

Types of user roles and their access controls

Table 9. Types of user roles and their access controls

User Role

Role Definition

Access Control Ares

Super Administrator

Access to all the features

  • Dashboard > Executive

  • Dashboard > Security

  • Dashboard > IT Ops

  • Inventory

  • Inventory > Save search

  • Inventory > Apply tag

  • Inventory > Suggest reclassification

  • Inventory > Report generation

  • Investigate

  • Policy

  • Policy > Create policy

  • Policy > Blocked devices

  • Manage > Scans

  • Manage > Assets

  • Manage > Users

  • Manage > Sites and regions

  • Manage > Tags and groups

  • Manage > Integration

  • Manage >Configuration

  • Reporting > Saved searches

  • Reporting > Reports

  • Reporting > Reclassification requests

Network Administrator

Access to network features of the product

  • Dashboard > Executive

  • Inventory

  • Inventory > Save search

  • Inventory > Apply tag

  • Inventory > Report generation

  • Investigate

  • Policy

  • Policy > Create policy

  • Policy > Blocked devices

  • Manage > Scans

  • Manage > Assets

  • Manage > Sites and regions

  • Manage > Tags and groups

  • Manage > Integration

  • Manage >Configuration

  • Reporting > Saved searches

  • Reporting > Reports

Security Administrator

Access to security features of the product

  • Dashboard > Executive

  • Dashboard > Security

  • Inventory

  • Inventory > Save search

  • Inventory > Apply tag

  • Inventory > Report generation

  • Investigate

  • Policy

  • Policy > Create policy

  • Policy > Blocked devices

  • Manage > Scans

  • Manage > Assets

  • Manage > Sites and regions

  • Manage > Tags and groups

  • Manage > Integration

  • Manage >Configuration

  • Reporting > Saved searches

  • Reporting > Reports

IT Administrator

Access to IT features of the product

  • Dashboard > Executive

  • Dashboard > IT Ops

  • Inventory

  • Inventory > Save search

  • Inventory > Apply tag

  • Inventory > Report generation

  • Investigate

  • Policy

  • Policy > Blocked devices

  • Manage > Scans

  • Manage > Assets

  • Manage > Sites and regions

  • Manage > Tags and groups

  • Manage > Integration

  • Manage >Configuration

  • Reporting > Saved searches

  • Reporting > Reports

Super Reader

Access to only read in the defined scope

  • Dashboard > Executive

  • Dashboard > Security

  • Dashboard > IT Ops

  • Inventory

  • Inventory > Save search

  • Inventory > Report generation

  • Investigate

  • Policy

  • Policy > Blocked devices

  • Reporting > Saved searches

  • Reporting > Reports



Scope Based Access Control for Users

When creating a user, in addition to the role, you can also assign the scope for the user. The scope is based on sites and regions in Netskope IoT Security tenants and you can assign one or more sites and regions when creating the user. The Super Administrator and Super Reader roles does not have any scope based restrictions. Only Super Administrator users can provide scope based access control.

Single Sign-On (SSO) Users

For single sign-on (SSO) users who use external identity providers (IdP) such as Okta, Active Directory, etc for authentication, authorization will depend on role mappings. By default, all SSO users will be mapped to the Super Reader role and have access to all the sites. Super Administrator can modify the default role and scope based access control for SSO Users.