User Roles and Permissions

Overview

Managing and governing access to various SaaS applications requires visibility into all the roles and permissions present within that application, what they mean, and who has this access.

For each application, Zluri now provides dedicated Roles and Permissions tabs. These tabs display enriched role and permission data, including descriptions, privilege indicators, instance context, and assignment sources.

Navigate to Roles and Permissions

Steps

1. Open Applications.
2. Select an application.
3. Open the Roles or Permissions tab.

Roles Tab

The Roles tab lists all roles discovered from integrations or created manually for an application.

Each role includes:

• A human-readable description
• A privilege indicator
• A role type (for example: Application Role, Permission Set, Profile, Project Role)
• An associated application instance (for example: Production or Sandbox)
• Permissions mapped to the role
• Role source information

Roles are instance-specific. The same role name can exist across multiple instances of the same application. For example, if your organization has an Okta Sandbox and Okta Production instance, both with a “Super Admin” role, Zluri will display the instance against each role to differentiate where this role is present and used.

Create or Edit Roles

Steps

1. Open the Roles tab.
2. Select Add Role or edit an existing role.
3. Provide or update role details and associate relevant permissions.
4. Select one or more permissions to associate with the role.
5. Save the changes.

Enrich Role Details

Steps

1. Open the Roles tab.

2. Select a role.

3. Update role details such as description, privilege indicator, role type, and mapped permissions.

   

Permissions Tab

The Permissions tab lists permissions defined for an application.

Each permission includes:

• A description of the action allowed
• A permission type (Create, Read, Update, Delete, Admin)
• Whether the permission is privileged or not

Permissions are defined at the application level and remain consistent across all instances of the application.

Zluri allows creation of custom permissions when integrations do not provide permission data.

Enrich Permission Details

Steps

1. Open the Permissions tab.

2. Select a permission.

3. Update Permission name, Description, Privilege indicator, Permission type

Create or Edit Permissions

Steps

1. Open the Permissions tab.
2. Select Add Permission or edit an existing permission.
3. Update the permission description and permission type.
4. Save the changes.

Application User Role Visibility

Zluri displays assigned roles directly in the application users list.

For each user, the platform shows:

• Assigned roles
• Role descriptions
• Privilege indicators
• Application instance for each role

This view differentiates identical roles across different instances.

Role Assignment Sources

Zluri tracks how roles are assigned to users.

Assignment source indicators show whether a role is:

• Assigned directly to the application user
• Inherited from an account

Zluri displays assignment source information alongside each role.

Assign or Remove Roles from Users

Steps

1. Open the Users tab for an application.
2. Select one or more users.
3. Navigate to Roles tab
4. Choose Assign Roles to app user or Remove Roles.
5. Review indicators showing whether changes will apply.
6. Confirm the action.

Zluri indicates when no changes will occur due to inherited or existing assignments.

Account-Level Role Management

Zluri supports viewing and managing role assignments at both the user level and the account level.

This capability supports scenarios where roles originate from accounts rather than direct user assignment.

Access Reviews Integration

Zluri displays enriched role information during access reviews.

During a review, the platform shows:

• Role descriptions
• Privilege indicators

Privileged accounts are identified based on roles marked as privileged, rather than static role lists.

Steps

1. Open Access Reviews.
2. Open a review.
3. Select a user to view assigned roles.