Skip to main content

Roles

Roles define what users can do in Snow. They are used to assign specific permissions or to give access to specific items or functionalities, for example, to give access to specific Microsoft 365 views. You can also use roles to give access to multiple parts of the system to easily assign a user to a function in your organization, for example, a Software Asset Manager role.

Roles and permissions

A role is a collection of permissions. The permissions give access to selected functionality and define what the users can do in Snow.

The permissions have different levels, for example, permission to create, read, update, and delete, or permission to read only.

Default roles

There are predefined default roles in Snow Atlas that you can use as they are. You cannot edit or delete the default roles.

tip

To view all the permissions included in a default role, in ​Roles​​, select a role​. In ​Permissions​​, you can expand the categories to view the permissions included in the selected role.

RoleDescriptionRequired for access to
System administratorSystem administrators have create, read, update, and delete access to Snow Atlas settings.
This role also gives you access to settings specific to the products that your organization is entitled to in Snow Atlas, with the exception of Cloud connectors and SaaS connectors.
Depending on the products that your organization is entitled to:
  • Snow Atlas settings
  • SAM Core settings
  • Container connectors
  • Snow Extenders
  • Token broker proxy registrations
AdministratorAdministrators have create, read, update, and delete access to all products that your organization is entitled to in Snow Atlas, including Cloud connectors and SaaS connectors.
Users who require access to make changes to the products that your organization is entitled to must have the permissions included in this role.
Depending on the products that your organization is entitled to:
  • SAM Core and SAM Core settings
  • SaaS, general SaaS settings, and SaaS connectors
  • Containers
  • Cloud and Cloud connectors
ViewerViewers have read access to all products that your organization is entitled to in Snow Atlas. This role does not give read access to settings specific to those products, with the exception of SAM Core settings and SaaS settings.Depending on the products that your organization is entitled to:
  • SAM Core and SAM Core settings
  • SaaS and SaaS settings
  • Containers
  • Cloud

Custom roles

There are predefined default roles in Snow that you can use as they are. You can also create custom roles to give access to selected functionality. You can base custom roles on a default role or another custom role, or create a custom role without using a base role.

Note that, a custom role and its base role are not connected. Neither changes to the base role nor changes to the custom role affect one another.

EXAMPLE

Role B is based on Role A so that the two roles include the same permissions. Role A is then updated with an additional permission. The additional permission does not automatically appear in Role B.

Limits

For information on the maximum number of custom roles and role permission assignments permitted in your Snow Atlas system, see Limits and constraints.