• For Administrators

Switch to dark theme

Switch to light theme

Cipher Default Roles #

Background #

A role in Cipher terminology is a collection of permissions that can be assigned to any end-employee for accessing any protected resource and performing respective actions. This article will help you understand the default roles provided by Cipher and their respective permissions

List of default roles #

cipher_tenant_admin #

The role of a tenant administrator is centered around managing the entire organization. This role is like a parent role of all the other default roles and can be used to perform any actions in Authentication Center. The list of privileges are as follows:

  • Employee has full access to Identity Management Section
  • Employee has full access to Access Management Section
  • Employee has access to all Cipher APIs

cipher_sb_admin #

The role of a sandbox administrator is centered around managing the sandbox of an organization. The list of privileges are as follows:

  • Employee has full access to Access Management Section
  • Employee has access to all Cipher sandbox APIs

cipher_sb_viewer #

The role of a sandbox viewer is centered around viewing the sandbox details of an organization. The list of privileges are as follows:

  • Employee has only view access to Access Management Section

cipher_domain_admin #

The role of a domain administrator is centered around managing the domain of an organization. The list of privileges are as follows:

  • Employee has full access to Identity Management Section
  • Employee has access to Cipher APIs which are used in Identity Management Section

cipher_domain_viewer #

The role of a domain viewer is centered around viewing the domain details of an organization. The list of privileges are as follows:

  • Employee has view access to Identity Management Section

auth_profile_admin #

The role of an auth profile administrator is centered around managing the end-employee profiles in an organization. The list of privileges are as follows:

  • Employee can create, update and delete end-employee profiles
  • Employee can disable/enable any profile, delete security question, password and profile

bot_admin #

The role of a bot administrator is centered around managing the bot section, which is used to generate long live tokens for accessing services/APIs. The list of privileges are as follows:

  • Employee can create and delete bots and tokens

Note:
For a developer who is trying to configure the domain and sandbox for a tenant, we would recommend assigning cipher_tenant_admin role.
For an administrator who wants to manage employees and access policies, we would recommend assigning auth_profile_admin and cipher_sb_admin roles