Standard administrator roles and permissions

Overview

The tables below show the access to Zilla features, settings, and tasks for standard Admin roles. In addition to the permissions shown in the tables, these roles are also present in the Zilla platform:

  • ITSM Service - This is an internal Zilla service account role that is used to connect with ITSM providers for access requests and provisioning ticket creation.

  • ZUS Service - This is an internal Zilla service account role that is used to connect to a cloud instance of Zilla Universal Sync.

  • (default) - Any user that can access Zilla will have an account with (default) permission. The presence of an account enables a user to access the tasks that are assigned to them and complete the tasks, such as an User Access Review (UAR) task.

SuperAdmin and Admins can perform all admin tasks for an organization and have full management access. SuperAdmin is the initial account that is provisioned in Zilla Okta to provide access for tenant creation.

Tenant-wide settings

Permission

Super Admin / Admin

Read Only Admin

App Admin

Compliance Admin

Permission

Super Admin / Admin

Read Only Admin

App Admin

Compliance Admin

View and update system settings

 

 

 

View users list

View tenant-wide open tasks

 

 

View saved searches

1

 

Take action on search (create ticket, email, etc.)

 

1

 

Download search result

 

1

 

Create and save new search

 

1

 

  1. App Admins only have visibility into applications for which they are assigned an ownership role.

 

Application management

Permission

Super Admin / Admin

Read Only Admin

App Admin

Compliance Admin

Permission

Super Admin / Admin

Read Only Admin

App Admin

Compliance Admin

Manage applications list

 

 

 

Download full application list

 

 

 

Configure application integration

 

1

 

Trigger new on-demand sync

1

 

View and edit application profile

 

1

 

View and edit Access Request Summary

 

1

 

View and edit available permission

 

1

 

Download available permission

 

1

 

View and Edit security setting

 

1

 

View and edit usage profile

 

1

 

Edit account mapping

 

1

 

Download account

 

1

 

Download permission

 

1

 

Download group (if applicable)

 

1

 

Download Resource (if applicable)

 

1

 

Download integration (if applicable)

 

1

 

Download findings (if applicable)

 

1

 

  1. App Admins only have visibility into applications for which they are assigned an ownership role.

 

Campaign management

Permission

Super Admin / Admin

Read Only Admin

App Admin

Compliance Admin

Permission

Super Admin / Admin

Read Only Admin

App Admin

Compliance Admin

View existing campaign

 

Download campaign evidence package

 

 

Download campaign audit logs

 

 

Regenerate report for completed campaigns

 

Create new campaign

 

 

Clone new campaign

 

 

Configure new campaign (including notifications)

 

 

Modify campaign settings

 

 

Assign readiness tasks

 

 

Run / launch new campaign

 

 

Complete a running campaign

 

 

Delete existing campaign

 

 

Upload evidence

 

 

Complete readiness check task

 

1

 

  1. App Admins only have visibility into applications for which they are assigned a campaign readiness task.

 

Provisioning management

Permission

Super Admin / Admin

Read Only Admin

App Admin

Compliance Admin

Permission

Super Admin / Admin

Read Only Admin

App Admin

Compliance Admin

View requestable

1

 

Edit requestable

 

1

 

View application access request config

1

 

Edit application access request config

 

1

 

View and download access request

 

1

 

Create policy

 

 

 

  1. App Admins only have visibility into applications for which they are assigned an ownership role.

 

Security management

Permission

Super Admin / Admin

Read Only Admin

App Admin

Compliance Admin

Permission

Super Admin / Admin

Read Only Admin

App Admin

Compliance Admin

View security dashboard

 

 

View finding

1

 

Mute / unmute security finding

 

1

 

Take action on security finding

 

1

 

Download security finding

 

1

 

View security policy

 

 

Edit security policy

 

 

 

Create custom policy

 

 

 

  1. App Admins only have visibility into applications for which they are assigned an ownership role.

 

An account can have multiple permissions/roles in Zilla, depending on how permissions were assigned will govern which permissions are displayed. Examples:

  • A user that is initially granted the Admin role, and later is assigned the App (or Compliance) Admin role, the Admin role is the only role displayed (as it was the initial assignment with highest privileges). If the Admin role is subsequently removed, and the user still holds another role, that privilege will be displayed.

  • A user that is initially granted the App (or Compliance) Admin role, and later granted the Admin role, will have both permissions displayed (as the App (or Compliance) Admin role was initially granted). If the Admin role is later subsequently remove, that permission will no longer be displayed.