Creation / Editing / Deletion
In CloudM Automate, you are able to setup and configure your own roles and permissions using the Role Configuration and Role Assignment tabs.
Delegated Support
Why not delegate access to common tasks to 1st line support or even some business contacts using Role Assignments and Role Configuration?
There are 2 default roles - "Normal User" & "Administrators", and these are used and assigned based on the user having admin rights within your native platform (Google Workspace or Microsoft Office 365). If they are an existing Admin user, then they will be automatically given the "Administrators" role within CloudM Automate. Whilst they cannot be deleted, you can still change the permissions and edit what users are able to do by default. It is important to note that when editing these 2 roles, anything assigned to the User has the scope of "Own Profile". This means any editing rights can only be carried out against their own profile, where as an Administrator has "Global" scope and can, therefore, perform actions against the entire domain.
Creating a New Role
- Select Settings > Roles.
- Click Create new Role.
- Set the Name of the new role.
- If using a template, enable Create from template and use the drop down menu next to Select template to add one of the predefined role templates to your new role.
- This is optional, but is a good way of making sure that, at the very least, you have given your 1st Line Support users all of the permissions that they require. You can remove any of the predefined permissions and add any additional permissions that you see fit.
- Add a Description of your new role.
- This is optional, but can be useful as you can use it to define what the role has been created to achieve.
- Assign the Scope of the new role (see definition below)
- Click Add.
When creating your own role, you will be asked to provide a name and scope. The scope can have the following options:
- Global - Applies to the whole organisation
- Specific OU - When assigned, actions can only be performed against the selected OU
- OU & Child OUs - When assigned, actions can be performed against the selected OU and any child OU it has.
- Parent OU - When assigned, actions can be performed against the parent OU of the person to whom it is assigned.
- Own Profile - Any actions can only be applied to the logged in user profile.
Role Naming Convention
Make the name of your new role meaningful so that it is easier to identify. For example, it is much easier to understand what a role does if it is called "Email Sig Manager" than if it is called "ES Role".
Assigning and Editing Permissions
Select the role you want to edit from the Roles column on the left.
On the Permissions tab, use the Unused Permissions (left) and Assigned Permissions (right) columns to create the role you need.
Click on the arrow icons to add or remove permissions respectively. Permissions with the Globe icon in front of them can only be assigned to a role if it is set to the Global scope (and will be grayed out if applied to a none Global scope).
Save Settings
Always be sure to Save your changes to make sure they are committed.
Group Sync
Changes to permissions for groups will need to synchronise before taking effect. to remember that role changes permission or assignment or removal, the propagation is instant unless you've a group that needs to sync the userlist first.