Manage admin access

%3CLINGO-SUB%20id%3D%22lingo-sub-1768036%22%20slang%3D%22en-US%22%3EManage%20admin%20access%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1768036%22%20slang%3D%22en-US%22%3E%3CP%3EHi%2C%26nbsp%3B%3C%2FP%3E%3CP%3Eif%20I%20try%20to%20assign%202%20Admin%20roles%20(User%20group%20admin%2C%20Cloud%20Discovery%20report%20admin)%20I%20receive%20the%20following%3A%3C%2FP%3E%3CP%3E%22Error%20-%20User%20was%20already%20added%20to%20list%22.%3C%2FP%3E%3CP%3E%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%20lia-image-align-left%22%20image-alt%3D%2201.jpg%22%20style%3D%22width%3A%20400px%3B%22%3E%3CIMG%20src%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fimage%2Fserverpage%2Fimage-id%2F225763i2A293A39E0842DF2%2Fimage-size%2Fmedium%3Fv%3D1.0%26amp%3Bpx%3D400%22%20role%3D%22button%22%20title%3D%2201.jpg%22%20alt%3D%2201.jpg%22%20%2F%3E%3C%2FSPAN%3E%3C%2FP%3E%3CP%3E%3CBR%20%2F%3EDoes%20this%20mean%20that%20a%20user%20can%20only%20have%201%20admin%20role%20assigned%3F%20If%20this%20is%20so%2C%20it%20is%20very%20limiting.%20Especially%20if%20you%20have%20multiple%20teams%20in%20the%20organization%2C%20e.g.%20a%20team%20managing%20users%20from%20country%20A%20and%20another%20managing%20users%20from%20country%20B.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EKind%20regards%2C%3C%2FP%3E%3CP%3EJan%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-LABS%20id%3D%22lingo-labs-1768036%22%20slang%3D%22en-US%22%3E%3CLINGO-LABEL%3ECloud%20App%20Security%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3ECloud%20Discovery%3C%2FLINGO-LABEL%3E%3C%2FLINGO-LABS%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1768341%22%20slang%3D%22en-US%22%3ERe%3A%20Manage%20admin%20access%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1768341%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F717318%22%20target%3D%22_blank%22%3E%40jcescut%3C%2FA%3E%26nbsp%3BHi%20Jan%2C%20currently%20users%20are%20restricted%20to%20a%20single%20role%20within%20MCAS.%26nbsp%3B%20We%20are%20planning%20on%20allowing%20users%20to%20create%20custom%20roles%20and%20assign%20multiple%20roles%20per%20user%20within%20the%20product%20in%20the%20near%20future.%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1768634%22%20slang%3D%22en-US%22%3ERe%3A%20Manage%20admin%20access%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1768634%22%20slang%3D%22en-US%22%3EGreat!%20Thanks%20for%20the%20quick%20reply!%20Custom%20roles%20and%20multiple%20roles%20is%20really%20a%20must%20for%20some%20of%20our%20customers.%3CBR%20%2F%3EOne%20additional%20question%3A%20Does%20the%20integration%20with%20the%20on-prem%20SIEM%20system%20follow%20the%20configured%20roles%3F%3CBR%20%2F%3ETo%20rephrase%20the%20question%3A%20Is%20it%20possible%20for%20the%20on-prem%20SIEM%20to%20receive%20only%20the%20notifications%20pertaining%20to%20a%20specific%20role%3F%20e.g.%20on-prem%20SIEM%20dedicated%20to%20collect%20events%20produced%20by%20devices%20and%20users%20located%20in%20country%20A%2C%20should%20receive%20only%20notifications%20from%20MCAS%20which%20pertain%20to%20users%20from%20country%20A.%3CBR%20%2F%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1768959%22%20slang%3D%22en-US%22%3ERe%3A%20Manage%20admin%20access%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1768959%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F717318%22%20target%3D%22_blank%22%3E%40jcescut%3C%2FA%3E%26nbsp%3BSIEM%20token%20or%20any%20API%20token%20is%20bound%20to%20the%20permissions%20of%20the%20role%20of%20the%20user%20that%20generated%20it.%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E
Occasional Contributor

Hi, 

if I try to assign 2 Admin roles (User group admin, Cloud Discovery report admin) I receive the following:

"Error - User was already added to list".

01.jpg


Does this mean that a user can only have 1 admin role assigned? If this is so, it is very limiting. Especially if you have multiple teams in the organization, e.g. a team managing users from country A and another managing users from country B.

 

Kind regards,

Jan

4 Replies

@jcescut Hi Jan, currently users are restricted to a single role within MCAS.  We are planning on allowing users to create custom roles and assign multiple roles per user within the product in the near future. 

Great! Thanks for the quick reply! Custom roles and multiple roles is really a must for some of our customers.
One additional question: Does the integration with the on-prem SIEM system follow the configured roles?
To rephrase the question: Is it possible for the on-prem SIEM to receive only the notifications pertaining to a specific role? e.g. on-prem SIEM dedicated to collect events produced by devices and users located in country A, should receive only notifications from MCAS which pertain to users from country A.

@jcescut SIEM token or any API token is bound to the permissions of the role of the user that generated it. 

@danbenj Thanks!