Roles Overview

A role is a function assigned to a user that defines the tasks that the user can perform within CSO. Each user can be assigned one or more roles depending on the tasks that the user is expected to perform.

User roles enable you to classify users based on the privileges to perform tasks on CSO objects. Roles assigned to a user determine the tasks and actions that the user can perform.

This topic contains the following sections:

Types of Roles

There are two types of roles: predefined roles and custom roles.

You can create custom roles and assign access privileges to each role by using the Roles page (Administration > Roles).

You can assign one or more roles to a user when you create or edit a user account. Each role can have one or more access privileges.

Role Scopes

A role scope defines the capabilities of the user under a scope (OpCo and tenant). An OpCo administrator can assign OpCo, and tenant roles to OpCo users and tenant roles to tenant users. A tenant administrator can assign tenant roles only to tenant users. A role can have the following scopes:

Access Privileges

The following access privileges and actions can be assigned to a user role to access objects (Dashboard, Device Templates, Tenants, and so on) in CSO. For example, a user can be given only read, create, update privileges to device objects and only the delete privilege to security alerts objects.

Relationship Between Users, Roles, and Access Privileges

Figure 11 shows the relationship between users, user roles, and access privileges. A user can have one or more roles and each role can have one or more access privileges.

Figure 11: Relationship Between a User, Roles, and Access Privileges

Relationship
Between a User, Roles, and Access Privileges

Benefits of Roles in CSO