User account role object structure and available roles

The API represents user account roles as a JSON object.

User account role object structure

Name	Value type	Description
`id`	UUID string	An internal value
`issuer_id`	UUID string	An internal value
`tenant_id`	UUID string	The UUID of the tenant.
`trustee_id`	UUID string	The UUID of the user account.
`trustee_type`	string	The type of the user account. The only available value is `user`.
`role_id`	string	The role of the user account. See the table describing available roles.
`version`	number	Revision number.

Example user access policy

{
    "id": "fb261178-06bc-4268-9337-9639e049e1c8",
    "issuer_id": "48ef84eb-b0dc-4ade-83d1-0662c8b54f6d",
    "trustee_id": "de092d74-a977-4c4b-bf15-751fcba6f1a7",
    "trustee_type": "user",
    "tenant_id": "72acaf6a-b15a-11e6-80f5-76304dec7eb7",
    "role_id": "unit_admin",
    "version": 1
}

Available user account roles

Role	Tenant level	Service	Description
`partner_admin`	Partner, Folder	No	Provides full access to the management portal in Partner or Folder tenant.
`hci_admin`	Partner, Folder	No	This role enables the user account to monitor the usage history for all Cyber Infrastructure clusters registered within the same tenant.
`company_admin`	Customer	All services	Provides full access to the management portal in Customer tenant. This role also enables access to the disaster recovery functionality.
`unit_admin`	Unit	All services	Provides full access to the management portal in Unit tenant.

Available server-specific user account roles

Role	Tenant level	Service	Description
`accounts_admin`	Partner, Customer, Unit	Management Portal	Enables access to the management portal where the administrator can manage users within the tenant and its sub-tenants.
`accounts_ro_admin`	Partner, Customer, Unit	Management Portal	Provides read-only access to the Management Portal within the tenant and its sub-tenants.

`cyber_admin`	Partner, Customer, Unit	Cyber Protection	Enables configuring and managing the Protection service, approving actions in Cyber Scripting, and adding custom software packages.
`protection_admin`	Partner, Customer, Unit	Cyber Protection	Enables configuring and managing the Protection service.
`restore_operator`	Partner, Customer, Unit	Cyber Protection	Provides access to backups of Microsoft 365 and Google Workspace organizations and allows their recovery. The access of Restore operators to sensitive content is restricted.
`protection_ro_admin`	Partner, Customer, Unit	Cyber Protection	Provides read-only access to all objects of the Protection service in the organization. Read-only administrators have read-only access to data of other users in the organization.
`security_analyst`	Customer, Unit	Cyber Protection	Grants all permissions required for performing Endpoint Detection and Response (EDR) investigations and remediation actions.
`protection_user`	Customer, Unit	Cyber Protection	Enables the use of the Protection service but does not grant administrative rights. Users do not have access to data of other users in the organization.

`sync_share_admin`	Partner, Customer	File Sync & Share	Enables storing files in the cloud storage, syncing folders between local folders and the cloud storage, sharing files with other people, and configuring the File Sync & Share service.
`sync_share_user`	Customer, Unit	File Sync & Share	Enables storing files in the cloud storage, syncing folders between local folders and the cloud storage, sharing files with other people in the File Sync & Share service.