Overview
The tables below show the access to Zilla features, settings, and tasks for standard Admin roles. In addition to the permissions shown in the tables, these roles are also present in the Zilla platform:
ITSM Service - This is an internal Zilla service account role that is used to connect with ITSM providers for access requests and provisioning ticket creation.
ZUS Service - This is an internal Zilla service account role that is used to connect to a cloud instance of Zilla Universal Sync.
(default) - Any user that can access Zilla will have an account with (default) permission. The presence of an account enables a user to access the tasks that are assigned to them and complete the tasks, such as an User Access Review (UAR) task.
SuperAdmin and Admins can perform all admin tasks for an organization and have full management access. SuperAdmin is the initial account that is provisioned in Zilla Okta to provide access for tenant creation.
Tenant-wide settings
Permission | Super Admin / Admin | Read Only Admin | App Admin | Compliance Admin |
---|---|---|---|---|
View and update system settings | ✔️ | |||
View users list | ✔️ | ✔️ | ✔️ | ✔️ |
View tenant-wide open tasks | ✔️ | ✔️ | ||
View saved searches | ✔️ | ✔️ | ✔️ 1 | |
Take action on search (create ticket, email, etc.) | ✔️ | ✔️ 1 | ||
Download search result | ✔️ | ✔️ 1 | ||
Create and save new search | ✔️ | ✔️ 1 |
App Admins only have visibility into applications for which they are assigned an ownership role.
Application management
Permission | Super Admin / Admin | Read Only Admin | App Admin | Compliance Admin |
---|---|---|---|---|
Manage applications list | ✔️ | |||
Download full application list | ✔️ | |||
Configure application integration | ✔️ | ✔️ 1 | ||
Trigger new on-demand sync | ✔️ | ✔️ | ✔️ 1 | |
View and edit application profile | ✔️ | ✔️ 1 | ||
View and edit Access Request Summary | ✔️ | ✔️ 1 | ||
View and edit available permission | ✔️ | ✔️ 1 | ||
Download available permission | ✔️ | ✔️ 1 | ||
View and Edit security setting | ✔️ | ✔️ 1 | ||
View and edit usage profile | ✔️ | ✔️ 1 | ||
Edit account mapping | ✔️ | ✔️ 1 | ||
Download account | ✔️ | ✔️ 1 | ||
Download permission | ✔️ | ✔️ 1 | ||
Download group (if applicable) | ✔️ | ✔️ 1 | ||
Download Resource (if applicable) | ✔️ | ✔️ 1 | ||
Download integration (if applicable) | ✔️ | ✔️ 1 | ||
Download findings (if applicable) | ✔️ | ✔️ 1 |
App Admins only have visibility into applications for which they are assigned an ownership role.
Campaign management
Permission | Super Admin / Admin | Read Only Admin | App Admin | Compliance Admin |
---|---|---|---|---|
View existing campaign | ✔️ | ✔️ | ✔️ | |
Download campaign evidence package | ✔️ | ✔️ | ||
Download campaign audit logs | ✔️ | ✔️ | ||
Regenerate report for completed campaigns | ✔️ | ✔️ | ✔️ | |
Create new campaign | ✔️ | ✔️ | ||
Clone new campaign | ✔️ | ✔️ | ||
Configure new campaign (including notifications) | ✔️ | ✔️ | ||
Run / launch new campaign | ✔️ | ✔️ | ||
Complete a running campaign | ✔️ | ✔️ | ||
Delete existing campaign | ✔️ | ✔️ | ||
Upload evidence | ✔️ | ✔️ | ||
Complete readiness check task | ✔️ | ✔️ 1 |
App Admins only have visibility into applications for which they are assigned a campaign readiness task.
Provisioning management
Permission | Super Admin / Admin | Read Only Admin | App Admin | Compliance Admin |
---|---|---|---|---|
View requestable | ✔️ | ✔️ | ✔️ 1 | |
Edit requestable | ✔️ | ✔️ 1 | ||
View application access request config | ✔️ | ✔️ | ✔️ 1 | |
Edit application access request config | ✔️ | ✔️ 1 | ||
View and download access request | ✔️ | ✔️ | ✔️ 1 | |
Create policy | ✔️ |
App Admins only have visibility into applications for which they are assigned an ownership role.
Security management
Permission | Super Admin / Admin | Read Only Admin | App Admin | Compliance Admin |
---|---|---|---|---|
View security dashboard | ✔️ | ✔️ | ||
View finding | ✔️ | ✔️ | ✔️ 1 | |
Mute / unmute security finding | ✔️ | ✔️ 1 | ||
Take action on security finding | ✔️ | ✔️ 1 | ||
Download security finding | ✔️ | ✔️ 1 | ||
View security policy | ✔️ | ✔️ | ||
Edit security policy | ✔️ | |||
Create custom policy | ✔️ |
App Admins only have visibility into applications for which they are assigned an ownership role.
An account can have multiple permissions/roles in Zilla, depending on how permissions were assigned will govern which permissions are displayed. Examples:
A user that is initially granted the Admin role, and later is assigned the App (or Compliance) Admin role, the Admin role is the only role displayed (as it was the initial assignment with highest privileges). If the Admin role is subsequently removed, and the user still holds another role, that privilege will be displayed.
A user that is initially granted the App (or Compliance) Admin role, and later granted the Admin role, will have both permissions displayed (as the App (or Compliance) Admin role was initially granted). If the Admin role is later subsequently remove, that permission will no longer be displayed.