Different User Roles and Role Based Access Permissions
Organization Role and Site24x7 Role
There are various roles and user privileges allocated to individual users in Site24x7. The users of the organizations can have role-based access control (RBAC) in Site24x7 based on specific requirement. The roles available are categorized under Zoho Organization account roles and Site24x7 account roles.
Get to know about
Organization Role:
Site24x7 is a service by Zoho Corporation and use Zoho Accounts as a service for single-sign-on. Hence, by default each Site24x7 Account will be associated to a Zoho Organization Account. As an Organization admin, you can assign or change the user organization roles using Zoho Directory. For further clarification you can contact Site24x7 support team.
The following are the user roles in an Organization Account:
- Org Admin: Admins are the primary account holder of the Zoho Organization account. A person having Super Admin or Admin role in their Organization account can add anyone as a Site24x7 sub-user.
- Org User: Users have no control on user management, like Org Admins. If they have Super Admin or Admin role in Site24x7 account, they can add any existing Zoho Organization user as a Site24x7 sub-user.
- Your role in the Zoho Organization account dictates your Site24x7 account privileges.
- A user email address can't be linked to multiple Zoho Organization accounts (and Site24x7 accounts. If you wish to add a user (who is already a part of another Zoho Org account) to your Zoho Org account, the user must exit the previous Organization account to be able to join your Organization.
- A few points to ponder before learning about the various Site24x7 roles:
- Site24x7 account Super Admin rights alone doesn’t gurantee you any privilege to add a user; you must have the Organization Admin role as well.
- There can be multiple Organization Admins, but only a single Organization Super Admin.
- An Organization Super Admin can't transfer their role to another user or make an existing Org Admin to be a Super Admin. If you wish to transfer the Super Admin privilege to another user, please contact Site24x7 support for any such requests.
- Zoho Corporation is the parent company of Site24x7 and Site24x7 uses Zoho Accounts for Identify and Access Management(IAM). Whenever a user signs up with Site24x7, an Org account will be created in the back-end in Zoho Accounts to provide Single Sign-On for all the Zoho applications, including Site24x7.
- Our team is currently working on providing a single interface through 'Zoho Directory' for all Org Level changes. However, till this is released, Users with a paid subscription of Zoho Mail can use https://mailadmin.zoho.com to make any org level changes in Zoho accounts. For other users, we request you to contact our support team for all the Org related changes. Please contact us at support@site24x7.com and we assure to assist with the necessary changes.
Site24x7 Role:
Site24x7 lets you have control over the access levels of the users in your Site24x7 account. Being the administrator of your Site24x7 account gives you the privilege to add, edit, or delete multiple users from your account. You can also provide RBAC on the roles that they perform with your Site24x7 account.
Following are the user roles in Site24x7, which can be entailed to a particular contact:
- Super Admin: If you’ve created your Site24x7 account, you’ll be the Super Admin for your Organization and Site24x7 accounts. You will have the complete operational and management control over these accounts.
- Admin:The Admin role will have most of the privileges similar to the Super Admin role, except for subscription billing. Admins with monitor-group-level access can not edit/ modify profiles created by other users, but will have read-only permission. They will have access to only the logs of the IT Automation templates that they created.
- Operator: An Operator role allows you to schedule, edit or delete a new maintenance window created by yourself, until a Super Admin or Admin role modifies it. However, the role will not have any privilege to modify maintenance windows created by other user roles. Operators cannot associate new IT Automations to the account. Operators can create, update, and delete Custom reports and Global Benchmark Reports created by themselves. They do not have sufficient privilege to edit/delete a report created by other users. An Operator with group-level permissions can't schedule maintenance using tags as the resource type.
- Spokesperson: Spokesperson can post Status page announcements via the Public Status Pages. Additionally, the spokesperson will also have read access to most of the modules of that particular Site24x7 account. The Spokesperson has read only permission to Custom Reports and Global Benchmark Reports generated by all users. However, the Spokesperson can only access the data of those monitors (in the monitor group) for which permission is provided.
- Billing Contact: Billing Contact will have access only to the Subscription module inside Admin tab.
- Hosting Provider: This user will not have read/write access permissions for any other function except to schedule a maintenance under Admin tab.
- Read Only: This user will have read only access to most of the modules in the Site24x7 account. For a Custom Report and a Global Benchmark Report, you can view the reports of all the monitors for which permission is allocated. However, the user can perform actions like Poll Now, Export & email Reports.
- Alert Contact: This user will not have access to Site24x7 Client/API. However, they can get alert notifications if they're part of an alert group associated with a monitor in Site24x7.
- Apart from Super Admin and Admin, no other user role will have access to the IT Automation logs.
- You will not be able to edit the role of the users if the user has not accepted the invitation to join the organization.
The following table explains each Site24x7 roles and their related functions in detail:
| Function/Roles | Super Admin | Admin | Operator | Billing Contact | Spokesperson | Hosting Provider | Read Only |
| Add/Edit/Suspend/ Activate /Delete Monitor |
Yes | Yes | Activate/ Suspend |
No Access |
No | No | No |
| Monitor Details/ Monitor Summary | Yes | Yes | Yes |
No Access |
Yes | Can view Monitor Summary Page | No |
| Add/Edit a New Contact or Contact Groups |
Read and Write | Read and Write | No Access | No Access | No Access | No Access | No Access |
| Generate Unique Device Key |
Yes | Yes | No Access | No Access | No Access | No Access | No Access |
| Reports, Schedule Reports, Report Settings |
Read and Write | Read and Write | Read | No Access | Read | No Access | Read |
| Custom Dashboard | Read and Write | Read and Write | Read | No Access | Read | No Access | Read |
| Schedule Maintenance | Read and Write | Read and Write | Read and Write (add/ edit/delete own maintenance) |
No Access | Read | Read and Write (Add/Edit/ Delete own maintenance) |
Read |
| Add, Edit, Execute, Delete IT Automations | Yes | Yes | No | No | No | No | No |
| Custom Report and Global Benchmark Report |
Read and Write | Read and Write | Read and Write (1. Can only edit/delete own report. 2. Can access data of only those monitors (in the selected monitor group) for which permission is provided.) |
No Access | Read (Can access data of only those monitors (in the selected monitor group) for which permission is provided.) |
No Access | Read (Can access data of only those monitors (in the selected monitor group) for which permission is provided.) |
| Publish/Export/Email Reports |
Read and Write | Read and Write | Read | No Access | Read | No Access | Yes (Export & email reports only) |
| Dashboard and Portal Integration |
Read and Write | Read | Read | No Access | Read | No Access | Read |
| Status page announcements |
Read and Write | Read and Write | Read | No Access | Read and Write |
No Access | Read |
| Subscription: Upgrade/Downgrade Account, Add Credits, Purchase Alert Packs, Raise Purchase Orders |
Read and Write | No Access | No Access | Read and Write | No Access | No Access | No Access |
| Server Settings | Yes | No | No | No | No | No | No |
| Server Management Action | Yes | Yes | No | No | No | No | No |
Admin with group-level permissions
An admin with monitor-group-level permissions can edit or delete monitors they can access. They can't add, edit, or delete monitor groups, but can add them from the Add Monitor page. Admin with group-level permissions:
Allowed to:
- Edit milestones created for monitors they've added as well as for monitor groups created by other users. Can't add/edit/delete milestones for all monitors and for monitors or groups that they don't have access to but will have read-only permission.
- Add Subgroups.
Not allowed to:
- Access alert logs
- Access audit logs
- To create integrations that have a limitation of one per account, like SDP, SDP On-Demand and SDP CMDB.
- To modify report settings
- Schedule maintenance by choosing tags as the resource type
Limited permissions:
Will not have All Monitors option available in:
- Schedule report
- Public reports
- Third-party integrations
- Mute alerts.
An admin with group-level access will not be able to choose the All Monitor option while creating/updating a report. However, when a Super Admin modifies the report settings, an admin with group-level permission will be able to access all monitors. So, Super Admins need to be cautious while editing Scheduled/Public reports created by admins with group-level permission.
Assigning and Editing User Roles
A role can be assigned to a user while adding them in the Site24x7 web console. For details on how to add a user to Site24x7, refer here. Please note that when you add a user to Site24x7, an invite will be sent to them, upon the acceptance of which they can access the web console. You can also modify the user role by after they have accepted the invitation, by editing the user details.
StatusIQ Role:
You can provide users with various access permissions based on the roles that they perform with your StatusIQ account. Following are the user roles in StatusIQ, which can be assigned to a particular user:
- StatusIQ Super Admin: Super Administrators will have complete access to the StatusIQ account.
- StatusIQ Admin: Administrators will have read/write access to the most of the modules except the Billing section.
- StatusIQ Spokesperson: Spokesperson will have read only access to most parts of the module. The only write permission the Spokesperson has is to post updates.
- StatusIQ Billing contact: User will have access only to Billing modules for Upgrade and Renewals.
- StatusIQ Read person: User will have read only access to the account.
- StatusIQ MSP Admin: MSP Admins will have unrestricted access to the MSP Portal.
- StatusIQ MSP Operator: MSP Operators will have read only access to the MSP Portal.
CloudSpend Role:
Provide users with various access permissions based on the roles that they perform with the CloudSpend account. Following are the user roles that can be assigned to a particular user:
Cost Administrator: Cost Administrator will have full access including the persmissions to add, modify or delete AWS accounts, business units, budgets, and users. But when an existing user is promoted to a Cost Administrator role, he will have all the privileges of an administrator except the one to add new users.
Cost User: A Cost User has read-only access.
Learn more about CloudSpend.