Getting Started with Users and Roles
| Limited Availability: To access the Roles feature, contact Skyhigh Support. |
Use Users and Roles (Settings > User Management > Users and Roles) to create users and custom roles. You can assign roles to one or more users. The Users and Roles page provides a unified location for managing existing users, adding new users, creating roles, and assigning them to users.
NOTE: This page is displayed only to Administrator users with User Management permissions.
The Users and Roles page includes the following tabs:
- Users. Displays existing users and their details (such as first name, last name, email address, assigned roles, and permissions). The Users tab is the legacy Users page, enhanced to support role assignments. Use the Users tab to assign roles to existing and new users.
- Roles. Use the Roles tab to create, edit, delete, or assign roles to users. You can group Permissions to create a role and assign it to users. Permissions define the actions users can perform, and Roles group those permissions to manage access.
Key Benefits
- Granular and customizable access control through RBAC
- Improved security with role-based permission enforcement
- Built-in audit logs to support compliance and monitoring
- Assign and update roles for multiple users at once
- API support to automate role assignment and user onboarding
Use Cases
- Standardized Access for Security Operations Teams. Large or distributed security teams often assign permissions manually, which can lead to inconsistent access levels among analysts and increase operational risks. By utilizing the Roles feature, a Security Operations Center (SOC) analyst can create a custom role with the appropriate granularity of permissions and assign it to users. For instance, auditors and compliance users frequently receive broader access than necessary due to limited granularity in access levels. In this situation, the SOC analyst can establish a Read-Only Auditor or Compliance Analyst role that has read-only permissions for logs, reports, and dashboards. This approach clearly defines ownership and accountability for access.
You can achieve:- Stronger enforcement of the least-privilege principle
- Clear separation between operational and oversight roles
- Improved audit posture and governance
- Reduced risk of accidental configuration changes
- Simplified User Onboarding and Role Changes. Manual permission updates during onboarding, role changes, or offboarding can be prone to errors and time-consuming. With the Roles feature, you can assign users to predefined custom roles during the onboarding process. When a user’s responsibilities change, you need only to update their role assignment rather than modifying individual permissions.
You can achieve:- Faster onboarding and transitions
- Decreased administrative workload
- Reduced risk of outdated or excessive permissions
- Centralized Permission Updates Across Multiple Users. Individually updating permissions for many users is operationally inefficient and inconsistent. The Roles feature allows you to modify permissions at the role level, automatically applying changes to all users assigned to that role.
You can achieve:- Consistent enforcement of permissions
- Immediate implementation of security or policy changes
- Simplified access management at scale
- Scalable Access Management for Growing Organizations. As organizations expand, managing access at the individual level becomes unsustainable. Custom roles can serve as standardized access templates that are reusable across teams, regions, and business units.
You can achieve:- Predictable access behavior at scale
- Lower operational complexity
- Automated management of access and actions based on user roles and identities