With Role Management, you can manage access to Zscaler Client Connector Portal settings.

For ZIdentity-enabled tenants (that are linked to ZIdentity), admin roles must be assigned in the ZIdentity Admin Portal. To learn more, see About Administrative Entitlements.

The following three permissions are available when you add a role. You can also create a custom access level based on these permissions:

• Full: View and configure settings.
• View Only: View settings.
• None: Setting is hidden.

To add a role:

4. In the Edit Admin Role window, provide information for the following fields:
   See image.

   

   Close
   • Role Info

     Name: Enter a name for the role. The name you enter cannot contain special characters, except periods (.), hyphens (-), and underscores ( _ ).

     Close
   • Permissions

     Permissions allow you to control an admin’s access to Zscaler Client Connector Portal administration settings. You can choose one of the following permissions: Full, View Only, None, or Customize.

     For some settings, only View Only or None is available.

     Expand each section to display the settings under that section and choose the permission for the role you’re creating. When you choose Full, View Only, or None, that permission applies to the setting's entire section. When you choose Customize, you can select a mix of permissions for each setting.
     See image.

     

     Close

     • Dashboard

       On the Dashboard, admins can view data for all or specific users, all or specific device states, and all or specific operating systems. View Only is the default permission for the Dashboard and cannot be changed.

       Close
     • Enrolled Devices

       The Enrolled Devices menu includes the following settings:

       • Device Overview: View, sort, filter, and export data for enrolled devices and removed devices.
       • Machine Tunnel: View a list of machine tunnels, details about each machine tunnel, and remove machine tunnels.
       • Partner Devices: View, sort, filter, and export data for Partner Devices.

       Choose one of the following permissions:

       • Full: Allows access to all settings on the Device Overview page and the Machine Tunnel page. Admins must have full access to remove devices and machine tunnels.
       • View Only: Allows access to view, filter, sort, export, and search data on the Device Overview page and the Machine Tunnel page.
       • None: Does not allow access to the Device Overview page and the Machine Tunnel page.
       • Customize: Allows you to choose a permission level for each setting.

       Close
     • App Profiles

       Admins can view app profile rules for a specific platform, a list of all configured app rules, the policy token for an app profile rule, and the default policy. Admins can also configure, edit, or delete an app profile rule.

       For each platform listed, choose one of the following permissions:

       • Full: Allows access to all settings for all platforms on the App Profiles page. Admins must have full access to configure, edit, and delete app profile rules, except the default policy.
       • View Only: Allows access to only view data on the App Profiles page.
       • None: Does not allow access to the App Profiles page.
       • Customize: Allows you to choose a permission level for each platform.

       Close
     • Administration

       The Administration menu includes the following settings:

       • Client Connector App Store
       • Client Connector Notifications
       • Audit Logs
       • Forwarding Profile
       • Trusted Networks
       • Client Connector Support
       • Zscaler Service Entitlement
       • User Agent
       • Client Connector IdP
       • Device Posture
       • Business Continuity
       • Application Bypass Info
       • Dedicated Proxy Port
       • Public API
       • Platform Settings (formerly Authentication Settings)
       • Device Groups
       • ZPA Partner Logins
       • Administration Management

       For each setting, select one of the following permissions:

       • Full: Allows access to all settings in the Administration menu. Admins must have full access to configure settings.
       • View Only: Allows access to only view settings on the Administration page.
       • None: Does not allow access to the Administration page.
       • Customize: Allows you to choose a permission level for each Administration setting.

       Close
     • Sensitive Data

       The Sensitive Data section includes the option to obfuscate passwords and tokens in the Zscaler Client Connector Portal.

       Obfuscate Passwords and Tokens: When enabled, all passwords, OTP, Policy Tokens, Device Tokens, and Machine Tokens in the Zscaler Client Connector Portal are obfuscated. This feature is applicable to admins who have read-only access.

       Close

     Close