Welcome to the Netskope One DSPM Knowledge Base

You will find your answers here!

    Sorry, we didn't find any relevant articles for you.

    Send us your queries using the form below and we will get back to you with a solution.

    Platform Roles

    Table of Contents

    Overview Role Based Access Control (RBAC) Framework Built-In Platform Roles Custom Platform Roles Creating New Platform Roles Edit Existing Platform Roles

    Overview

    Dasera provides granular control & visibility to Data Sets connected to Dasera and which actions Dasera Platform Users can perform within the Dasera application.

    If you assign a Platform User as a Data Owner, the Platform Role assigned to that User also helps defined what actions this Data Owner can or cannot perform for this Data Set. To learn more, please visit our Platform Users article.

    Role Based Access Control (RBAC) Framework

    Dasera's approach to access management is modeled on Role Based Access Control, where permissions are assigned to Platform Roles, which are in turn assigned to Platform Users.

    Key concepts of Role Based Access Control include the following:

    • User: an identity recognized by Dasera as an individual person. 
    • Permissions: a defined level of access within the Dasera application. Multiple distinct permissions may be bundled together to control granular access to different screens, functions, and data sets.
    • Data Set Access: a data entity to which access can be explicitly granted. A Data Set could be an entire Data Store or objects within it such as databases, schemas, and/or tables. Users can configure roles to access all data sets, now and in the future.
    • Roles: a bundling of one or more permissions and/or data set access. Roles are assigned to Platform Users, which allow them to perform actions required for business functions in their organization. Platform Users can be assigned multiple roles, allowing them to switch context between them to perform different actions against separate data sets.

    Built-In Platform Roles

    Dasera comes delivered with built-in roles to help you get started using the application. Built-in roles cannot be deleted and their assigned permissions cannot be changed. However, you can edit some of the built-in roles to define their Data Set Access. If additional permission & Data Set Access combinations are needed, Dasera recommends creating custom role (see the following section).

    The built-in roles include the following:

    Role Name Description
    Super_Admin

    Has permissions to perform any action in Dasera, including Onboarding Infrastructures, Connecting Data Stores & Employee Directories, and all operations against all data stores.

    “Super_Admin” Platform Users:

    • Cannot edit this role
    • Can clone this role, then edit all of its fields
    Data_Set_Admin

    Has permissions to perform any action in Dasera, but limited to data sets defined in the role's Data Set Access field (empty by default).

    “Super_Admin” Platform Users can:

    • Edit this role's Data Set Access only
    • Clone this role, then edit all of its fields
    Data_Team

    Has permissions to perform limited actions in Dasera, but limited to data sets defined in the role's Data Set Access field (empty by default).

    “Super_Admin” Platform Users can:

    • Edit this role's Data Set Access only
    • Clone this role, then edit all of its fields

    Custom Platform Roles

    Some customers have organizational needs that cannot be accommodated by the built-in roles. Any Platform User with the Platform Role Create permission can create custom roles, with their own combination of permissions and Data Set Access.

    Creating New Platform Roles

    1. Navigate to the Platform > Platform Roles screen.
    2. Click the CREATE A NEW ROLE button.
    3. On the Basic Information tab, enter the following information:
      1. Role Name: any unique value. This value is displayed on other screens like the Add/Edit User modals.
      2. Data Set Access: select one or more Data Sets that Platform Users assigned this role should also be able to access. You can only select from Data Sets for those you can also access. For example, if you cannot access a Data Set called “marketing,” that Data Set will not be available for selection in the pick list. Selecting the option for All Data Sets means this role can access all current and future Data Sets within Dasera.
      3. Alias: If applicable, enter the corresponding Object ID value from your IDP. Learn more about SSO User Management via IDP.
    1. Click the NEXT button.
    2. On the Permissions tab, use the checkboxes to configure the create/read/update/delete permissions for this role. You can only configure checkboxes for permissions you also have yourself. For example, if none of your currently-assigned roles permit any use of the Policy Management screens, the related permission checkboxes will be disabled.
    1. Click the NEXT button.
    2. On the Assign Tab, select one or more Platform Users who should be assigned this role. If necessary, you can also create new Platform Users by clicking the ADD NEW USER button.
    1. Click the SAVE button.

    Edit Existing Platform Roles

    Any Platform User with the Platform Role Update permission can edit any Platform Role they also created. In addition, Platform Users with the “Super_Admin” permission can edit any Platform Role regardless of creator.

    1. Navigate to the Platform > Platform Roles screen.
    2. In the list, click the name hyperlink of the Platform Role you wish to edit.
    3. Perform your desired changes on any of the tabs.
    4. When ready, navigate to the Assign tab and click the SAVE button.

    The permission & Data Set Access changes go into effect as soon as the Platform Role is saved. Any Platform Users logged in with the edited Platform Role will be logged out & asked to log in again to take advantage of the access changes.

    Was this article helpful?

    Still can't find what you are looking for?

    Contact Netskope Technical Support