All Topics
All Topics
Technology
Technology
AI
AI
Business
Business
Entertainment
Entertainment
News
News
Programming
Programming
Security
Security
Science
Science
Design
Design
Environment
Environment
Finance
Finance
Crypto
Crypto
Politics
Politics
Sports
Sports
Education
Education
Gaming
Gaming
Art
Art
Music
Music
Health
Health
Books
Books
Food
Food
Travel
Travel
Personal
Personal
Bluesky
Twitter

Gateway, Cloudflare One, Cloudflare Fundamentals - New permissions and roles for Gateway policies and lists

5d ago

Source

CloudflareGateway, Cloudflare One, Cloudflare Fundamentals - New permissions and roles for Gateway policies and listscloudflare.com
Snippet from the RSS feed
You can now assign granular, resource-scoped roles for Cloudflare Gateway firewall policies and Zero Trust lists . Administrators can delegate access to specific policy types or list management without granting account-wide or product-wide control. What is new When you add a member or create a permission policy , the following resource-scoped roles are now available: Role Description Zero Trust Gateway Firewall Policies Admin Can view and edit all Gateway firewall policies, including DNS, HTTP, and Network policies. Zero Trust Gateway DNS Policies Admin Can view and edit Gateway DNS policies. Zero Trust Gateway HTTP Policies Admin Can view and edit Gateway HTTP policies. Zero Trust Gateway Network Policies Admin Can view and edit Gateway Network policies. Zero Trust Gateway Egress Policies Admin Can view and edit Gateway Egress policies. Zero Trust Gateway Resolver Policies Admin Can view and edit Gateway Resolver policies. Zero Trust Gateway Policies Admin Can view and edit all Gateway policies. Zero Trust Gateway Policies Read Can view all Gateway policies. Zero Trust Gateway Read Only Can view all Gateway resources. Zero Trust DNS Locations Admin Can view and edit DNS locations. Zero Trust Proxy Endpoints Admin Can view and edit Gateway Proxy Endpoints. Zero Trust Account Lists Admin Can view and edit all Gateway and Access lists. Zero Trust Account Lists Read Can view all Gateway and Access lists. These roles allow you to: Grant a network engineer write access to Network policies only, without exposing DNS or HTTP policy configuration. Allow a security analyst to view all Gateway policies in read-only mode for auditing purposes. Delegate list management to a team that maintains block and allow lists without giving them access to policy configuration. You can also now assign Resource-scoped roles . These roles are complementary to existing account-level roles, and allow you to grant access to a specific resource, like an individual Gateway policy or Cloudflare One list. Existing account-level roles continue to work. A member with the Cloudflare Gateway or Cloudflare Zero Trust role retains full access to all Gateway resources. This ensures backward compatibility for existing automation and API tokens. Get started Review the resource-scoped roles on the Cloudflare role reference. Learn how to create permission policies that use these roles.

You might also wanna read

Comments

Sign in to join the conversation.

No comments yet. Be the first.