...
SuperAdmin and Admins can perform all admin tasks for an organization and have full management access. SuperAdmin is the initial account that is provisioned in Zilla Okta to provide access for tenant creation.
Tenant-wide settings
Permission | Super Admin / Admin | Read Only Admin | App Admin | Compliance Admin |
---|---|---|---|---|
View and update system settings | ✔️ | |||
View users list | ✔️ | ✔️ | ✔️ | ✔️ |
View tenant-wide open tasks | ✔️ | ✔️ | ||
View saved searches | ✔️ | ✔️ | ✔️ 1 | |
Take action on search (create ticket, email, etc.) | ✔️ | ✔️ 1 | ||
Download search result✔️ | ✔️ | ✔️ 1 | ||
Create and save new search | ✔️ | ✔️ 1 |
...
Permission | Super Admin / Admin | Read Only Admin | App Admin | Compliance Admin |
---|---|---|---|---|
Manage applications list | ✔️ | |||
Download full application list✔️ | ✔️ | |||
Configure application integration | ✔️ | ✔️ 1 | ||
Trigger new on-demand sync | ✔️ | ✔️ | ✔️ 1 | |
View and edit application profile | ✔️ | ✔️ 1 | ||
View and edit Access Request Summary | ✔️ | ✔️ 1 | ||
View and edit available permission | ✔️ | ✔️ 1 | ||
Download available permission✔️ | ✔️ | ✔️ 1 | ||
View and Edit security setting | ✔️ | ✔️ 1 | ||
View and edit usage profile | ✔️ | ✔️ 1 | ||
Edit account mapping | ✔️ | ✔️ 1 | ||
Download account✔️ | ✔️ | ✔️ 1 | ||
Download permission✔️ | ✔️ | ✔️ 1 | ||
Download group (if applicable)✔️ | ✔️ | ✔️ 1 | ||
Download Resource (if applicable)✔️ | ✔️ | ✔️ 1 | ||
Download integration (if applicable)✔️ | ✔️ | ✔️ 1 | ||
Download findings (if applicable)✔️ | ✔️ | ✔️ 1 |
App Admins only have visibility into applications for which they are assigned an ownership role.
...
Permission | Super Admin / Admin | Read Only Admin | App Admin | Compliance Admin |
---|---|---|---|---|
View existing campaign | ✔️ | ✔️ | ✔️ | |
Download campaign evidence package | ✔️ | ✔️ | ||
Download campaign audit logs | ✔️ | ✔️ | ||
Regenerate report for completed campaigns | ✔️ | ✔️ | ✔️ | |
Create new campaign | ✔️ | ✔️ | ||
Clone new campaign | ✔️ | ✔️ | ||
Configure new campaign (including notifications) | ✔️ | ✔️ | ||
Modify campaign settings | ✔️ | ✔️ | ||
Assign readiness tasks | ✔️ | ✔️ | ||
Launch new campaignRun / launch new campaign | ✔️ | ✔️ | ||
Complete a running campaign | ✔️ | ✔️ | ||
Delete existing campaign | ✔️ | ✔️ | ||
Upload evidence | ✔️ | ✔️ | ||
Complete readiness check task | ✔️ | ✔️ 1 |
...
Permission | Super Admin / Admin | Read Only Admin | App Admin | Compliance Admin |
---|---|---|---|---|
View requestable | ✔️ | ✔️ | ✔️ 1 | |
Edit requestable | ✔️ | ✔️ 1 | ||
View application access request config | ✔️ | ✔️ | ✔️ 1 | |
Edit application access request config | ✔️ | ✔️ 1 | ||
View and download access request✔️ | ✔️ | ✔️ 1 | ||
Create policy | ✔️ |
App Admins only have visibility into applications for which they are assigned an ownership role.
...
Permission | Super Admin / Admin | Read Only Admin | App Admin | Compliance Admin |
---|---|---|---|---|
View security dashboard | ✔️ | ✔️ | ||
View finding | ✔️ | ✔️ | ✔️ 1 | |
Mute / unmute security finding | ✔️ | ✔️ 1 | ||
Take action on security finding | ✔️ | ✔️ 1 | ||
Download security finding✔️ | ✔️ | ✔️ 1 | ||
View security policy | ✔️ | ✔️ | ||
Edit security policy | ✔️ | |||
Create custom policy | ✔️ |
App Admins only have visibility into applications for which they are assigned an ownership role.
An account can have multiple permissions/roles in Zilla, depending on how permissions were assigned will govern which permissions are displayed. Examples:
A user that is initially granted the Admin role, and later is assigned the App (or Compliance) Admin role, the Admin role is the only role displayed (as it was the initial assignment with highest privileges). If the Admin role is subsequently removed, and the user still holds another role, that privilege will be displayed.
A user that is initially granted the App (or Compliance) Admin role, and later granted the Admin role, will have both permissions displayed (as the App (or Compliance) Admin role was initially granted). If the Admin role is later subsequently remove, that permission will no longer be displayed.