icon-zia.svg
Secure Internet and SaaS Access (ZIA)

About Admin Rank

Watch a video about admin rank

Admin rank is a feature you use when creating roles for role-based administration.

Admin rank enables you to create a hierarchy among admins and ensure that policies and settings configured by admins with higher rank cannot be overridden by admins with lower rank. For example, if the CISO, who has the highest rank, sets a rule for the organization blocking all access to pornography, no lower-ranked admin can create a pornography rule that overrides the one set by the CISO. The admin rank ranges from 0 (high) to 7 (low). The highest rank, 0, belongs to the super admin. For each additional role you create, you can assign an admin rank between 1 (high) and 7 (low).

By default, the admin ranking is disabled. To use this feature, you must enable admin rank in Administration > Advanced Settings. To learn more, see About Advanced Settings.

The admin rank affects admins in the following areas:

  • Rule-based policies in the ZIA Admin Portal include:

    • Sandbox (requires Advanced Sandbox)
    • URL & Cloud App Control
    • File Type Control
    • Bandwidth Control
    • Data Loss Prevention
    • Mobile App Control
    • Firewall Control
    • DNS Control

    When creating rules for any of the above policies, admins must assign the rule an admin rank that is lower than their own rank. The rule’s admin rank in turn automatically determines the rule order, so that rules with a higher admin rank are always given precedence in the rule order. Rules with the same admin rank can be manually moved before or after another rule with the same rank.

    Admins can edit a rule or change a rule’s place in the rule order only if the rule’s admin rank is equal to or lower than their own admin rank.

    Close

  • Admins who have permission to manage roles can only create or edit roles with lower rank.

    Close

  • Admins who have permission to manage other admin accounts can only create, edit, or view accounts with a lower rank.

    Close

  • Admins are also users that can be specified in the criteria for a particular rule. For example, an admin can be chosen as a user to whom a URL filtering rule applies. Thus, if admins add another admin as a user for a rule, they can only select admins that have a lower admin rank.

    Close
Related Articles
About Role ManagementAbout Admin RankAdding Admin RolesAdding SD-WAN Partner API RolesAdding API RolesEditing the Default Executive Insights App Role