Protect permissions

This topic describes all the global roles and global permissions that are specific to Protect.

Global roles

The following table describes the global roles that are specific to Protect.

Global role	Description
Protect Reader	View data protection standards and data access rules with read-only access.
Protect Author	Create standards and rules. Edit or delete only the standards and rules the user created. View imported policies and groups. Generate audit logs as an individual contributor.
Protect Admin	Create standards and rules. Edit or delete all standards and rules. View imported policies and groups. Generate audit logs as an individual contributor. Access Protect APIs.

Note The Protect Manager global role is intended only for the Protect system user.

Global permissions

Global roles are effective only when appropriate global permissions are assigned to them. The following table describes the global permissions that are specific to Protect.

Global permission	Description
Product Rights > Protect	Access Protect. All Protect global roles and the Edge site global role have this permission.
Protect > Edit	Create standards and rules. Edit only the standards and rules the user created. Delete only the standards and rules the user created. Start a full synchronization.
Protect > Administration	Create standards and rules. Edit all standards and rules. Delete all standards and rules. Start a full synchronization.

Global permission

Description

Product Rights > Protect

Access Protect.

All Protect global roles and the Edge site global role have this permission.

Protect > Edit

Create standards and rules.
Edit only the standards and rules the user created.
Delete only the standards and rules the user created.
Start a full synchronization.

Protect > Administration

Create standards and rules.
Edit all standards and rules.
Delete all standards and rules.
Start a full synchronization.