In CloudManager you're able to setup and configure your own roles and permissions using the Role Configuration and Role Assignment tabs.
Why not delegate access to common tasks to 1st line support or even some business contacts using Role Assignments and Role Configuration.
There are 2 default roles - "Normal User" & "Administrators", these are used and assigned based on the user having admin rights within your native G Suite console. If they are an existing Admin user then they'll be automatically given the "Administrators" role within CloudManager. Whilst they can't be deleted you can still change the permissions and edit what users are able to do by default. It's important to note that when editing these 2 roles, anything assigned to the User has the scope of "Own Profile" meaning any editing rights can only be carried out against them, where as an Administrator has "Global" scope and can therefore perform actions against the entire domain.
Creating a New Role
- Click New
- Set Name
- Assign Scope
- Click Add
When creating your own role, you'll be asked to provide a name and scope. The scope can have the following options:
- Global => Applies to the whole organisation
- Specific OU => When assigned, actions can only be performed against the selected OU
- OU & Child OUs => When assigned, actions can be performed against the selected OU and any child OU it has.
- Parent OU => When assigned, actions can be performed against the parent OU of the person to whom it is assigned.
- Own Profile => Any actions can only be applied to the logged in user profile.
Role Naming Convention
Make your new CloudManager role meaningful to help track.
Assigning and Editing Permissions
Select the role you want to edit from the Roles column on the left.
Next, use the Unused Permissions and Assigned Permissions columns to create the role you need.
Click on the arrow icons to add or remove permissions respectively.
Always be sure to Save your changes to make sure they are committed.
Changes to permissions for groups will need to synchronise before taking effect. to remember that role changes permission or assignment or removal, the propagation is instant unless you've a group that needs to sync the userlist first.