User Roles and Scopes
Illumio Console implements role-based access control (RBAC): it defines user roles and grants access based on those roles.
Available user roles in the unified Illumio Console:
Owner
Admin
Viewer
Policy Object Provisioner
Policy Manager
Limited Policy Manager
Policy Provisioner
Policy Viewer
Workload Manager
Auditor
Incident Responder
Label Manager
Onboarding Admin
Note
Legacy user roles—where access and permissions were separated between Servers, Endpoints, and Cloud—have been consolidated into unified user roles. The mapping from legacy roles to unified roles:
Legacy Roles | Unified Role |
|---|---|
PCE Owner | Owner |
Cloud Admin | Admin |
Viewer | Viewer |
Ruleset Manager | Policy Manager |
Limited Ruleset Manager | Limited Policy Manager |
Ruleset Viewer | Policy Viewer |
Workload Manager | Workload Manager |
Provisioner | Policy Object Provisioner |
Ruleset Provisioner | Policy Provisioner |
Cloud Security Label Administrator | Label Manager |
Cloud Security Incident Responder | Incident Responder |
Cloud Security Auditor | Auditor |
Cloud Security Onboarding Admin | Onboarding Admin |
Scoped roles allow users to perform operations within a defined scope. You can add users (local and external) and groups to all roles.