Table of contents

Roles And Permissions

Please see Cloud One User Management if you’re accessing Conformity through the Cloud One console.

Roles

Trend Micro Cloud One™ – Conformity supports five user roles:

An Administrator user can assign roles to other users.

Administrator

For Conformity Standalone Only.

The Administrator role has access to all of the Conformity features including addition of new users and managing subscriptions. This role is at a system level rather than at an account level, implying that an Administrator role can see all accounts within an organization and has complete access to all API endpoints.

By default, the user who registered your organization on the Conformity platform is assigned the Administrator role. However, this can be changed once more users with Administrator privileges are added to the system.

Once a user signs in to Conformity via ADFS, they are given a role in Conformity based on their ADFS group membership. Permissions and privileges of the ADFS-granted Administrator role are the same as the Cloud Conformity local Administrator role.

Power User

Power Users have full privileges for all the existing accounts as well as for the accounts that will be added in the future. Power users do not have access to Organisation level settings.

Read Only

Users with Read only role have read only access to all the existing accounts as well as for the accounts that will be added in the future.

Custom Users

For Conformity Standalone Only

Custom users are managed by the Administrator. These users can be given three types of custom access for different accounts within Conformity:

  • Full Access - Provides users complete access to an account. Users can modify settings related to the account for which such access has been granted. However, Organisation level settings are not accessible.
  • Read Only - Users can view account details but do not have permission to modify any settings related to the account for which such access has been granted.
  • No Access - Restricts access to the user for the specified accounts. A user can be assigned the ‘No Access’ role to specific accounts but given ‘Read Only’ or ‘Full Access’ roles to other accounts in the organisation. Such an user will be able to see only those accounts they have access to on the dashboard.

Custom Role

For Trend Cloud One Users Only)

Conformity Custom Role is managed by the Conformity Administrator and can be mapped with a Cloud One role in the Trend Micro Cloud One User management section. This role can be given three types of access.

To map a Trend Micro Cloud One Role to a Conformity Custom Role:

Create a New Custom Role

  1. From the Trend Micro Cloud One go to Conformity.
  2. Click on Adminsitration >> Roles and Permissions.
  3. Click on Create New Custom Role and enter the Role name, Decription, and define the access permissions from the following list:
    • Full Access - Provides users complete access to an account. Users can modify settings related to the account for which such access has been granted. However, Organisation level settings are not accessible.
    • Read Only - Users can view account details but do not have permission to modify any settings related to the account for which such access has been granted.
    • No Access - Restricts access to the user for the specified accounts. A user can be assigned the ‘No Access’ role to specific accounts but given ‘Read Only’ or ‘Full Access’ roles to other accounts in the organisation. Such an user will be able to see only those accounts they have access to on the dashboard.
  4. Click Save to create the new Custom Role.

Example: The Custom Role may have no access to one or more production accounts and have access to only development accounts. In this case, the Custom Role should be set to ‘No Access’ role for all production accounts and either ‘Read Only’ or ‘Full Access’ for the development accounts.

Map Cloud One Role to Conformity Custom Role

  1. From the Trend Micro Cloud One console, go to User Management >> Roles. You can map an existing Cloud One role or the new custom role you've created for Conformity.
  2. Click on a cloud one Role from the list of roles.
  3. On the lower half of the page, under the Previlleges section, ensure that the Service = Conformity.
  4. Select a the custom role you've just created from the Permissions drop-down.
  5. Click Save.

Assign Custom Role to a Cloud One User

Now that you've mapped your Cloud One Role and Conformity Custom Role, you can assign the mapped Cloud One role to a user. 1. Go to Users. 2. Select the user you wish to assign the custom role to. 3. Under User Properties, select the mapped Cloud One custom role 4. Click Save.

You now have a Trend Micro Cloud One user mapped with custom role permissions for Conformity.