Using user roles and permissions

  Last updated 2024-08-28

IMPORTANT

This guide only applies to Next-Gen WAF customers with access to the Next-Gen WAF control panel. If you have access to the Next-Gen WAF product in the Fastly control panel, check out our guide to managing users of Fastly accounts.

Every user in your corp (also known as account) is assigned a role. Roles are groups of permissions that afford users the ability to view and control a variety of things in your corp (account).

  • Owners have access to all corp (account) features, can edit settings on every site (also known as workspace), and can make changes to user accounts.
  • Admins have limited access to corp (account) features, access to specific sites (workspaces) and site-level (workspace-level) settings, and can invite new users to specific sites (workspaces).
  • Users have access to specific sites (workspaces) and site-level (workspace-level) settings.
  • Observers have access to specific sites (workspaces).

Corp (account) management permission

The corp (account) management permissions for each role are as follows:

PermissionOwnerAdminUserObserver
View corp-wide (account-wide) data and reportsAccessLimited accessLimited accessLimited access
Edit corp-wide (account-wide) security policiesAccessNo accessNo accessNo access
Create or edit Corp (Account) RulesAccessNo accessNo accessNo access
View Corp (Account) RulesAccessAccessAccessAccess
Create or edit Corp (Account) ListsAccessNo accessNo accessNo access
Create or edit Corp (Account) SignalsAccessNo accessNo accessNo access
View corp (account) integrationsAccessAccessAccessAccess
Edit corp (account) integrationsAccessNo accessNo accessNo access
View corp (account) audit logsAccessAccessAccessAccess

User management permissions

The user management permissions for each role are as follows:

PermissionOwnerAdminUserObserver
View usersAll sites (workspaces)Specific sites (workspaces)Specific sites (workspaces)Specific sites (workspaces)
Invite or remove other usersAll sites (workspaces)Specific sites (workspaces)No sites (workspaces)No sites (workspaces)
Allow users to create API Access TokensAccessNo accessNo accessNo access

Site (workspace) management permissions

The site (workspace) management permissions for each role are as follows:

PermissionOwnerAdminUserObserver
Create or delete sites (workspaces)AccessNo accessNo accessNo access
View site-level (workspace-level) data and reportsAll sites (workspaces)Specific sites (workspaces)Specific sites (workspaces)Specific sites (workspaces)
Edit site (workspace) blocking modeAll sites (workspaces)Specific sites (workspaces)Specific sites (workspaces)No sites (workspaces)
Edit site (workspace) IP anonymization policyAll sites (workspaces)Specific sites (workspaces)Specific sites (workspaces)No sites (workspaces)
Edit site (workspace) default blocking response codeAll sites (workspaces)Specific sites (workspaces)Specific sites (workspaces)No sites (workspaces)
View associated usersAll sites (workspaces)Specific sites (workspaces)Specific sites (workspaces)No sites (workspaces)
Edit site (workspace) Display Name and Short NameAll sites (workspaces)Specific sites (workspaces)Specific sites (workspaces)No sites (workspaces)

Site (workspace) configuration permissions

The site (workspace) configuration permissions for each role are as follows:

PermissionOwnerAdminUserObserver
Change Blocking ModeAll sites (workspaces)Specific sites (workspaces)Specific sites (workspaces)No sites (workspaces)
Create or edit rulesAll sites (workspaces)Specific sites (workspaces)Specific sites (workspaces)No sites (workspaces)
View rulesAll sites (workspaces)Specific sites (workspaces)Specific sites (workspaces)Specific sites (workspaces)
Create or edit signalsAll sites (workspaces)Specific sites (workspaces)Specific sites (workspaces)No sites (workspaces)
View signalsAll sites (workspaces)Specific sites (workspaces)Specific sites (workspaces)Specific sites (workspaces)
Create or edit listsAll sites (workspaces)Specific sites (workspaces)Specific sites (workspaces)No sites (workspaces)
View listsAll sites (workspaces)Specific sites (workspaces)Specific sites (workspaces)Specific sites (workspaces)
Create or edit redactionsAll sites (workspaces)Specific sites (workspaces)Specific sites (workspaces)No sites (workspaces)
View redactionsAll sites (workspaces)Specific sites (workspaces)Specific sites (workspaces)Specific sites (workspaces)
Create or edit integrationsAll sites (workspaces)Specific sites (workspaces)Specific sites (workspaces)No sites (workspaces)
View integrationsAll sites (workspaces)Specific sites (workspaces)Specific sites (workspaces)Specific sites (workspaces)
Create agent keysAll sites (workspaces)Specific sites (workspaces)Specific sites (workspaces)No sites (workspaces)
View agent keysAll sites (workspaces)Specific sites (workspaces)Specific sites (workspaces)No sites (workspaces)
View site (workspace) audit logsAccessAccessAccessAccess

Personal account management permissions

The personal account management permissions for each role are as follows:

PermissionOwnerAdminUserObserver
Edit account profile informationAccessAccessAccessAccess
Create, edit, view support ticketsAccessAccessAccessAccess
Create API Access TokenLimited accessLimited accessLimited accessLimited access
Was this guide helpful?

Do not use this form to send sensitive information. If you need assistance, contact support. This form is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

Fastly
© Fastly 2024