diff --git a/src/content/changelog/email-security-cf1/2025-09-01-updated-new-roles.mdx b/src/content/changelog/email-security-cf1/2025-09-01-updated-new-roles.mdx new file mode 100644 index 000000000000000..9d94b8c354e58f4 --- /dev/null +++ b/src/content/changelog/email-security-cf1/2025-09-01-updated-new-roles.mdx @@ -0,0 +1,31 @@ +--- +title: Updated Email Security roles +description: More granular controls for Email Security roles +date: 2025-09-01T23:25:49Z +--- + + +To provide more granular controls, we refined the [existing roles](/cloudflare-one/roles-permissions/#email-security-roles) for Email Security and launched a new Email Security role as well. + + +All Email Security roles no longer have read or write access to any of the other Zero Trust products: +- **Email Configuration Admin** +- **Email Integration Admin** +- **Email Security Read Only** +- **Email Security Analyst** +- **Email Security Policy Admin** +- **Email Security Reporting** + + +To configure [Data Loss Prevention (DLP)](/cloudflare-one/email-security/outbound-dlp/) or [Remote Browser Isolation (RBI)](/cloudflare-one/policies/browser-isolation/setup/clientless-browser-isolation/#set-up-clientless-web-isolation), you now need to be an admin for the Zero Trust dashboard with the **Cloudflare Zero Trust** role. + + +Also through customer feedback, we have created a new additive role to allow **Email Security Analyst** to create, edit, and delete Email Security policies, without needing to provide access via the **Email Configuration Admin** role. This role is called **Email Security Policy Admin**, which can read all settings, but has write access to [allow policies](/cloudflare-one/email-security/detection-settings/allow-policies/), [trusted domains](/cloudflare-one/email-security/detection-settings/trusted-domains/), and [blocked senders](/cloudflare-one/email-security/detection-settings/blocked-senders/). + + + + +This feature is available across these Email Security packages: +- **Advantage** +- **Enterprise** +- **Enterprise + PhishGuard**