Cipher Default Roles #
Background #
A role in Cipher terminology is a collection of permissions that can be assigned to any end-employee for accessing any protected resource and performing respective actions. This article will help you understand the default roles provided by Cipher and their respective permissions
List of default roles #
cipher_tenant_admin #
The role of a tenant administrator is centered around managing the entire organization. This role is like a parent role of all the other default roles and can be used to perform any actions in Authentication Center. The list of privileges are as follows:
- Employee has full access to Identity Management Section
- Employee has full access to Access Management Section
- Employee has access to all Cipher APIs
cipher_sb_admin #
The role of a sandbox administrator is centered around managing the sandbox of an organization. The list of privileges are as follows:
- Employee has full access to Access Management Section
- Employee has access to all Cipher sandbox APIs
cipher_sb_viewer #
The role of a sandbox viewer is centered around viewing the sandbox details of an organization. The list of privileges are as follows:
- Employee has only view access to Access Management Section
cipher_domain_admin #
The role of a domain administrator is centered around managing the domain of an organization. The list of privileges are as follows:
- Employee has full access to Identity Management Section
- Employee has access to Cipher APIs which are used in Identity Management Section
cipher_domain_viewer #
The role of a domain viewer is centered around viewing the domain details of an organization. The list of privileges are as follows:
- Employee has view access to Identity Management Section
auth_profile_admin #
The role of an auth profile administrator is centered around managing the end-employee profiles in an organization. The list of privileges are as follows:
- Employee can create, update and delete end-employee profiles
- Employee can disable/enable any profile, delete security question, password and profile
bot_admin #
The role of a bot administrator is centered around managing the bot section, which is used to generate long live tokens for accessing services/APIs. The list of privileges are as follows:
- Employee can create and delete bots and tokens
Note:
For a developer who is trying to configure the domain and sandbox for a tenant, we would recommend assigning cipher_tenant_admin role.
For an administrator who wants to manage employees and access policies, we would recommend assigning auth_profile_admin and cipher_sb_admin roles