Netskope Help

Managing Administrators

The Netskope UI provides full access for deploying and managing admin rights for the Netskope solution.  As a Tenant Admin, you have full privileges to create and manage other admins.

Summary of Operations by Predefined Roles and Privileges

Read/write means admins with this designation can perform all actions. Read means admins with this designation can view, export CSV files, plus download and email PDFs.

Privilege/Role

Iaas/PaaS

Admins

Advanced Settings

Settings

CCI

Events

Tenant Admin

read/write

read/write

read/write

read/write

read/write

read/write

Delegated Admin

read/write

read/write

read/write

read/write

Restricted Admin

read

read

Cloud Intelligence Analyst

Application Risk Analyst

read

Enterprise Applications Admin

read/write

Directory Admin

read

read

Security Admin

read/write

read/write

read/write

read/write

InfoSec Operations Admin

read/write

read/write

Compliance Office

read/write

Security Analyst

read/write

read

Iaas/PaaS

read/write

read/write

read/write

Privilege/Role

API Data Protection

Policies

Reports

End Users

Incident Management

Threat

Tenant Admin

read/write

read/write

read/write

read/write

read/write

read/write

Delegated Admin

read/write

read/write

read/write

read/write

read/write

read/write

Restricted Admin

read

read/write

read

read/write

Cloud Intelligence Analyst

read/write

read/write

Application Risk Analyst

read/write

read/write

Enterprise Applications Admin

read/write

read/write

Directory Admin

read

read

read/write

read/write

read/write

Security Admin

read/write

read/write

read/write

read/write

read/write

read/write

InfoSec Operations Admin

read/write

read/write

read/write

read/write

read/write

Compliance Officer

read

read/write

read/write

read/write

Security Analyst

read/write

read/write

IaaS/PaaS

read/write

read/write

read/write

Functional Areas and UI Mapping

Each functional area has access to functionality in the UI. The table below shows the general mapping. Note, we do not have a menu item called Advanced Settings but the mapping shows the areas for which we consider to be advanced settings.

Functional Area

UI Component

Admins

Settings > Administration > Admins

Settings > Administration > Roles

Settings > Administration > Audit Logs

Advanced Settings

Settings > Administration > SSO

Settings > Administration > IP Allowlist

Settings > Tools > Rest API

Settings > Tools > Clear Events

End Users

Settings > Security Cloud Platform > Users

Settings > Security Cloud Platform > Groups

Settings > Security Cloud Platform > Devices

Policies

Everything under Policies (Main Menu)

Settings > Manage

Cloud Infrastructure

Everything under Cloud Infrastructure (Main Menu)

Settings > API-enabled Protection > Cloud Infrastructure

Settings

Everything under Settings except the ones called out above

CCI

Everything under Cloud Confidence Index (Main Menu)

Events

SkopeIT > Events

SkopeIT> Alerts

SkopeIT > Applications

SkopeIT > Sites

SkopeIT > Users

Reports

Everything under Reports (Main Menu) 

API Data Protection

Everything under API Data Protection (Main Menu)

Incident > Quarantine

Incident > Legal Hold

Incident Management

Incidents > DLP

Incidents > Behavior Analytics

Threat

Incident > Anomaly

Incident > Compromised Credentials

Incident > Malware

Incident > Malsites