Zscaler’s role-based administration enables you to control what different admins can do in the Admin Portal. You can delegate responsibilities among admins and granularly control their level of access to the Admin Portal to ensure they do not create conflicting policies and settings.
To facilitate role-based administration, each admin account comprises a role and scope:
You can configure role-based administration using role and scope. For example, you can give your organization’s CISO the ability to set only security policies in the Admin Portal (specified through role), but enable the CISO to set security policies for the entire organization (specified through scope). Similarly, you could give the Marketing Director the ability to set access policies relevant to productivity and compliance (specified through role), but allow him or her to do so only for a specific location or department (specified through scope). To read more about other use cases for role-based administration, see Role-Based Administration Configuration Examples.
Zscaler provides a default admin account that has full access to the Admin Portal and scope over the entire organization. This account cannot be edited or deleted. With role-based administration, you can add as many additional admins as necessary to meet the specific needs of your organization. You can also edit and delete admins as necessary at any time. Also, depending on their admin role and scope, configured admins can add, edit, or delete admin accounts with lower rank.
Configuring an administrator is one of the tasks you must complete when configuring role-based administration. To learn more, see Configuring Role-based Administration.
On the Administrators page (Administration > Administrator Management), you can do the following: