Role-based access control (RBAC) is the latest feature built into Zscaler Private Access (ZPA), our service that provides zero-trust access to internal applications. In addition to an existing set of default roles, ZPA administrators can now create custom granular roles for specific functions within the ZPA admin portal. Support for granular RBAC is key to ensuring that ZPA practitioners have tools to prevent unauthorized changes in their service tenants.
Roles are easy to set up
In the admin portal, under Role Management, related information is grouped to closely reflect numerous tasks performed by a ZPA administrator. Within such a group, permissions for individual information sets can be set to Full or Read Only. Creating a custom role involves understanding the functions an administrator is expected to take on and selecting corresponding groups. A role can consist of any combination of information groups, thus providing options to create granular roles. Once a role is created, it is available for assigning to existing and new administrators.
ZPA RBAC results in better compliance
It is common for large enterprises to have dedicated IT teams that focus on security, networking, or other functions. To accommodate such groups, some Zscaler customers have leveraged advanced RBAC to create different administrator personas in ZPA. For example, one customer has created roles to ensure that administrators responsible for user authentication are not able to update application configuration, and vice versa. Another customer has been able to achieve administrative separation between teams that manage ZPA day to day and those responsible for reviewing user access.
Partners can provide better end-customer service
Several Zscaler partners offer ZPA as a managed security service. These partners have configured advanced RBAC to simplify the management of their customers’ ZPA service. A partner administrator can be assigned a role at the time of authentication, and the same role is preserved across all customer accounts. With this ability, a partner administrator can create secondary administrators with roles for specific functions common to all the managed customer accounts. This capability ensures that secondary administrators do not have privileges beyond those required for managing a customer account.
Take ZPA and its new RBAC capabilities for a test drive with ZPA Interactive, our free 7-day hosted demo experience.