System generated roles and entitlements

Lists system generated roles and entitlements.

Forcepoint ONE Platform has following system generated roles:

Note: When a new application is enabled on your tenant, the entitlements associated with the system generated roles get updated with respective application entitlements.
Role Description
Admin Allows the viewing and editing of all administrative pages within the organization. The Admin role allows you can create, edit, and delete users; manage the policy; and configure and create reports. For example, Admins can access the Forcepoint RBI Admin Portal, but cannot browse. If you want to allow an Administrator to use the isolated browser, then assign both an Admin role (either Admin or Admin-Read Only) and a User role.
Admin Read Only Allows the viewing of the Dashboard and Reports pages only. With the Admin - Read Only role, you can interact with the Dashboard widgets and generate, print, and download reports.
User Allows isolated browsing only. With the User role, you cannot sign into or access the Forcepoint RBI Admin Portal.

Forcepoint ONE Platform provides following entitlements:

Entitlements Description
Identity Administrator
  • IDM UI Access.
  • Read, Add, update, delete: user, group, role, IDP.
  • Read and dismiss alerts.
  • Read and update authentication and notification settings.
  • Accept EULA.
Identity Administrator Read Only
  • IDM UI Access.
  • Read: user, group, role, IDP.
  • Read alerts.
  • Read authentication and notification settings.
Insights Administrator
  • Insights UI Access
  • Create and read Widgets, ROI, Dashboards.
  • Read and Search collections.
  • Read and Dismiss alerts.
  • Read EULA
  • Configure SIEM profiles.
Insights Administrator Read Only
  • Insights UI Access
  • Read ROI, Dashboard, Widgets.
  • Read and search collections.
  • Read SIEM Profiles
Insights Transaction Administrator  
RBI Administrator
  • Entire access for configuration, sandboxes, CA certificates rendering, pixel rendering pattern, download, upload, policy engine, session, device, tenant settings, policy profiles, override user agent, site visits, RBC, policy, DLP settings, User Scopes, cookie data.
  • Read applications, user, downloads, partner settings.
  • Write downloads.
  • Complete file transactions.
  • Alerts read dismiss
  • SMTP all access
  • Accept and read EULA
RBI Administrator Read Only
  • Complete access of control center, Analytics, FTIS.
  • Read site visits, audit trails, downloads, uploads, messages, sessions, user, user group, policy profiles, category override, ID Provider, log aggregate, tenant settings menu, DLP settings menu, override user agent, sandboxes, applications.
  • Change user Password.
  • Recycle Nodes
  • Read my organization details.
  • Alert read
  • Search EULA
RBI User
  • Complete access for browsing, pixel rendering pattern.
  • Read and write cookie data, downloads, uploads, sessions, site visits
  • Read, write, and delete devices.
  • Read policy profile, user policy, user group policy, tenant policy, node, tenant, tenant settings, DLP Settings, Isolation modes, override user agent. (for internal use).
  • Write node allocations, DLP Incidents, AD Incidents, Switched isolation modes.
  • Identify session bandwidth usage.
  • IDP Logout
  • Search EULA
RBI Policy reader
  • Read applications, policy profiles, user policy, tenant policy, user group policy.
  • User read, group read, EULA search.
RBI Policy writer
  • Read applications.
  • Read and write policy profiles, user policy, tenant policy, user group policy, EULA search.
fw.flexedge.admin  
fw.flexedge.readonly