Protect roles and permissions

Global roles

The following table describes the global roles specific to Protect.

Global role	Description
Protect Reader	View data protection standards and data access rules with read-only access.
Protect Author	Create standards and rules. Edit or delete only the standards and rules the user created. View imported policies and groups. Generate audit logs as an individual contributor.
Protect Admin	Create standards and rules. Edit or delete all standards and rules. View imported policies and groups. Generate audit logs as an individual contributor. Access Protect APIs.

Note The Protect Manager global role is intended only for the Protect system user.

Global permissions

Global roles are effective only when appropriate permissions are assigned to them. The following table describes the global permissions specific to Protect.

Global permission	Description
Product Rights > Protect	Access Protect. Tip All Protect global roles and the Edge Site global role have this permission.
Protect > Edit	Create standards and rules. Edit only the standards and rules the user created. Delete only the standards and rules the user created. Start a full synchronization.
Protect > Administration	Create standards and rules. Edit all standards and rules. Delete all standards and rules. Start a full synchronization.