How to customize access control
| Situation | How do I restrict access to different parts of the system? How do I control access? |
|---|---|
| Solution | Below are instructions on what access you can restrict. |
Access Control
The Access Control page is used to limit the permissions of a system role that is assigned to a user who has rights to access Proofpoint Essentials. There are 5 roles available to Proofpoint Essentials users and they operate with the following permission mode. The access control will apply to parent company down to any customer.
Available Roles
- OEM Partner Admin
- Strategic Partner Admin
- Channel Admin
- Organization Admin
- End User
It is possible that you will not see all the admin types depending on what your company type is set to.
Silent-Users do not have an access control, since they have no access into the interface.
An OEM partner administrator can manage strategic partner, channel, organization administrators and users. A strategic partner administrator can manage channel administrators, organization administrators and users whereas a channel administrator can manage organization admins and users but not other channel admins. In addition, all administrator types can create and manage a user access controls.
If you want an admin to see, but not change/modify anything, we do offer a Read Only setting for users. Please see this KB: Read Only Admin User
Creating/modifying access control for a role:
Once inside the portal, you can go to the Access Control which will update for all users of that same role-type.
- Navigate to Administration > Account Management > Access Control.
- Click the Access Control or press the Add New Access Control button.
- Select the role you wish to create/edit.
- Click the Show/Hide slider that is next to each module you wish to alter the permission setting for that role.
- Click Save.
Access controls only apply to the entity where they were created. Therefore Partners will need to customize the access of a role on each organization they manage.
Once created, upon log-in, each user of this role type will have the permissions you set.
Reseller control for accessing across different stacks
Some resellers have acquired different customers on different URLs (stacks).
- For example, you are on our US1 platform, and you acquired a customer on our US3 platform.
After some processes have been allowed, you now a reseller account on a different platform. Please contact support to enable an access control to ensure you can set-up access to tandem get to your other account.
We deem this service multi-stack. In order for this to work properly, you have to have the same email address on both stacks as well as the same password.
delete an access Control
Per the previous process, on the main Access Control screen you can delete an access control. Once removed, all access controls are reverted to the standard UI.
Modifying Access control for a specific User
The role of specific user's will dictated what specific Access Controls they can get still, just like the standard global controls. However, you can modify this at a per-user level instead, in case you need an option for them to have less control over something.
- Go to the User list
- Click on the user or edit button.
- At the top, select Access Control.
- Click the Show/Hide slider that is next to each module you wish to alter the permission setting for that user.
- Click Save.
A user-level access control takes priority over the global level access control.
Reset standard controls for user
Go back to the User > Access Control. Press the Delete button at the bottom to restore the standard access control for this role.
Specific Use case
- At a global level, you can create a Channel Admin account that does not have access to a customer's licensing, branding, and disclaimer options.
- You can set a specific Organization Admin user to moderate items differently than another Organization admin user.