diff --git a/src/content/docs/cloudflare-one/roles-permissions.mdx b/src/content/docs/cloudflare-one/roles-permissions.mdx index 84341ff57a2563..2fd6fec05e2dfd 100644 --- a/src/content/docs/cloudflare-one/roles-permissions.mdx +++ b/src/content/docs/cloudflare-one/roles-permissions.mdx @@ -22,6 +22,10 @@ Only Super Administrators will be able to assign or remove the following roles f | Cloudflare Zero Trust Read Only | ✅ | ❌ | ✅ | ❌ | ✅ | ✅ | ❌ | | Cloudflare Zero Trust Reporting | ❌ | ❌ | ❌ | ❌ | ✅ | ✅ | ❌ | +:::note +The Cloudflare Zero Trust role grants administrator access to all Zero Trust products including Access, Gateway, WARP, Tunnel, Browser Isolation, CASB, DLP, DEX, and Email Security. +::: + ### Cloudflare Zero Trust PII By default, only Super Administrators can view end users' PII in the Gateway activity logs, such as Device IDs, Source IPs, or user emails. No other roles will have the ability to read PII unless Super Administrators explicitly assign the **Cloudflare Zero Trust PII** role to them. diff --git a/src/content/docs/fundamentals/setup/manage-members/roles.mdx b/src/content/docs/fundamentals/setup/manage-members/roles.mdx index e36f7984058d52..0fd4974a54bb9f 100644 --- a/src/content/docs/fundamentals/setup/manage-members/roles.mdx +++ b/src/content/docs/fundamentals/setup/manage-members/roles.mdx @@ -34,7 +34,7 @@ Account-scoped roles apply across an entire Cloudflare account, and through all | Cloudflare R2 Read | Can read Cloudflare [R2](/r2/) buckets, objects, and associated configurations. | | Cloudflare Stream | Can edit [Cloudflare Stream](/stream/) media. | | Cloudflare Workers Admin | Can edit Cloudflare [Workers](/workers/), [Pages](/pages/), [Durable Objects](/durable-objects/), [KV](/kv/) and [R2](/r2/). Also provides read access to Zones, [Zone Analytics](/analytics/account-and-zone-analytics/zone-analytics/) and [Page Rules](/rules/). | -| Cloudflare Zero Trust | Can edit [Cloudflare for Zero Trust](/cloudflare-one/). | +| Cloudflare Zero Trust | Can edit [Cloudflare for Zero Trust](/cloudflare-one/). Grants administrator access to all Zero Trust products including Access, Gateway, WARP, Tunnel, Browser Isolation, CASB, DLP, DEX, and Email Security. | | Cloudflare Zero Trust PII | Can access [Cloudflare for Zero Trust](/cloudflare-one/) PII. | | Cloudflare Zero Trust Read Only | Can access [Cloudflare for Zero Trust](/cloudflare-one/) read only mode. | | Cloudflare Zero Trust Reporting | Can access [Cloudflare for Zero Trust](/cloudflare-one/) reporting data. |