Skip to content

[Email Security] Add note to ZT doc #19669

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Closed
wants to merge 8 commits into from
Closed

[Email Security] Add note to ZT doc #19669

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
8 commits
Select commit Hold shift + click to select a range
0485590
[Email Security] Rename CES to Email Security
Maddy-Cloudflare Jan 29, 2025
eba1b6f
[Email Security] Add note to ZT doc
Maddy-Cloudflare Feb 3, 2025
f421929
Revert "[Email Security] Add note to ZT doc"
Maddy-Cloudflare Feb 3, 2025
f4c66b3
Revert "Revert "[Email Security] Add note to ZT doc""
Maddy-Cloudflare Feb 3, 2025
cdeb43d
Revert "[Email Security] Add note to ZT doc"
Maddy-Cloudflare Feb 3, 2025
8a87b7c
Revert "Revert "[Email Security] Add note to ZT doc""
Maddy-Cloudflare Feb 3, 2025
6e3ab3b
Revert "[Email Security] Add note to ZT doc"
Maddy-Cloudflare Feb 3, 2025
722fda3
Revert "Revert "[Email Security] Add note to ZT doc""
Maddy-Cloudflare Feb 3, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
6 changes: 6 additions & 0 deletions src/content/docs/cloudflare-one/roles-permissions.mdx
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -9,6 +9,8 @@ When creating a Cloudflare Zero Trust account, you will be given the Super Admin

To check the list of members in your account, or to manage roles and permissions, refer to our [Account setup](/fundamentals/setup/manage-members/) documentation.



## Zero Trust roles

Only Super Administrators will be able to assign or remove the following roles from users in their account. Scroll to the right to see a full list of permissions for each role.
Expand All @@ -22,6 +24,10 @@ Only Super Administrators will be able to assign or remove the following roles f
| Cloudflare Zero Trust Read Only | ✅ | ❌ | ✅ | ❌ | ✅ | ✅ | ❌ |
| Cloudflare Zero Trust Reporting | ❌ | ❌ | ❌ | ❌ | ✅ | ✅ | ❌ |

:::note
The Cloudflare Zero Trust role grants administrator access to all Zero Trust products including Access, Gateway, WARP, Tunnel, Browser Isolation, CASB, DLP, DEX, and Email Security.
:::

### Cloudflare Zero Trust PII

By default, only Super Administrators can view end users' PII in the Gateway activity logs, such as Device IDs, Source IPs, or user emails. No other roles will have the ability to read PII unless Super Administrators explicitly assign the **Cloudflare Zero Trust PII** role to them.
Expand Down
10 changes: 5 additions & 5 deletions src/content/docs/fundamentals/setup/manage-members/roles.mdx
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -39,11 +39,11 @@ Account-scoped roles apply across an entire Cloudflare account, and through all
| Cloudflare Zero Trust Read Only | Can access [Cloudflare for Zero Trust](/cloudflare-one/) read only mode. |
| Cloudflare Zero Trust Reporting | Can access [Cloudflare for Zero Trust](/cloudflare-one/) reporting data. |
| DNS | Can edit [DNS records](/dns/manage-dns-records/). |
| Email Configuration Admin | Grants write access to all of CES, [CASB](/cloudflare-one/applications/casb/), [DLP](/cloudflare-one/policies/data-loss-prevention/), [Gateway](/cloudflare-one/policies/gateway/), and [Tunnels](/cloudflare-one/connections/connect-networks/), except Mail Preview, Raw Email, on-demand reports, actions on emails, and Submissions, Submission Transparency (Requires Cloudflare Zero Trust PII). |
| Email Integration Admin | Grants write access to CES account integration only, [CASB](/cloudflare-one/applications/casb/), [DLP](/cloudflare-one/policies/data-loss-prevention/), [Gateway](/cloudflare-one/policies/gateway/), and [Tunnels](/cloudflare-one/connections/connect-networks/). |
| Email Security Analyst | Grants write access to all of CES, except Settings which is read only (Requires Cloudflare Zero Trust PII). |
| Email Security Read Only | Grants read access to all of CES, but cannot see Raw Email, take action on emails, or make Submissions (Requires Cloudflare Zero Trust PII). |
| Email Security Reporting | Grants read access to CES Home, PhishGuard, and Submission Transparency. |
| Email Configuration Admin | Grants write access to all of Email Security, [CASB](/cloudflare-one/applications/casb/), [DLP](/cloudflare-one/policies/data-loss-prevention/), [Gateway](/cloudflare-one/policies/gateway/), and [Tunnels](/cloudflare-one/connections/connect-networks/), except Mail Preview, Raw Email, on-demand reports, actions on emails, and Submissions, Submission Transparency (Requires Cloudflare Zero Trust PII). |
| Email Integration Admin | Grants write access to Email Security account integration only, [CASB](/cloudflare-one/applications/casb/), [DLP](/cloudflare-one/policies/data-loss-prevention/), [Gateway](/cloudflare-one/policies/gateway/), and [Tunnels](/cloudflare-one/connections/connect-networks/). |
| Email Security Analyst | Grants write access to all of Email Security, except Settings which is read only (Requires Cloudflare Zero Trust PII). |
| Email Security Read Only | Grants read access to all of Email Security, but cannot see Raw Email, take action on emails, or make Submissions (Requires Cloudflare Zero Trust PII). |
| Email Security Reporting | Grants read access to Email Security Home, PhishGuard, and Submission Transparency. |
| Firewall | Can edit [WAF](/waf/), [IP Access rules](/waf/tools/ip-access-rules/), [Zone Lockdown](/waf/tools/zone-lockdown/) settings, and [Cache Rules](/cache/how-to/cache-rules/). |
| Load Balancer | Can edit [Load Balancers](/load-balancing/), Pools, Origins, and Health Checks. |
| Log Share | Can edit [Log Share](/logs/) configuration. |
Expand Down
Loading