Roles in Zilla

Owned by Nitin Sonawane
Last updated: Sept 24, 2024 by Aaron Beaudoin
1 min read

The Zilla system supports the following roles for an account.

Admin

This is the most privileged role in the system. An account with admin access has access to all functionality in the system

Super Admin

This is the initial account that is provisioned in Zilla upon setup. This is the only account that has username/password access to the system in order to setup SSO. Role has identical permissions to Admin Role.

Read Only Admin

This service account role provides access to the system with view only scope. A service account with view only admin access has access to all functionality with read only scope in the system

App Admin

This role is implicitly assigned to an account by making the user an application owner. An App Owner is able to see the list of applications that they are assigned to.

Compliance Admin (Campaign Monitor)

This role is implicitly assigned to an account by making the user a monitor of an access review campaign. A ComplianceAdmin is able to perform management tasks such as task reassignment associated with an access review

ITSM Service

This is an internal Zilla service account role that is used to connect with ITSM providers for access requests and provisioning ticket creation.

ZUS Service

This is an internal Zilla service account role that is used to connect to a cloud instance of Zilla Universal Sync.

(default)

Any user that is assigned access to Zilla via the SSO provider gets a default account in Zilla. The presence of an account enables a user to just see the tasks that are assigned to them and complete the tasks. The User role is implicitly assigned to a user once they are authenticated by the SSO provider.

Where to view assigned roles

  • Applications > ZIlla > Accounts & Permissions tabs will display the accounts and their assigned permissions (roles):

     

  • An account can have multiple permissions/roles in Zilla, depending on how permissions were assigned will govern which permissions are displayed. Examples:

    • A user that is initially granted the Admin role, and later is assigned the App (or Compliance) Admin role, the Admin role is the only role displayed (as it was the initial assignment with highest privileges). If the Admin role is subsequently removed, and the user still holds another role, that privilege will be displayed.

    • A user that is initially granted the App (or Compliance) Admin role, and later granted the Admin role, will have both permissions displayed (as the App (or Compliance) Admin role was initially granted). If the Admin role is later subsequently remove, that permission will no longer be displayed.