Gateway, Cloudflare One, Cloudflare Fundamentals - New permissions and roles for Gateway policies and lists
5d ago
Source
CloudflareGateway, Cloudflare One, Cloudflare Fundamentals - New permissions and roles for Gateway policies and listscloudflare.comYou can now assign granular, resource-scoped roles for Cloudflare Gateway firewall policies and Zero Trust lists . Administrators can delegate access to specific policy types or list management without granting account-wide or product-wide control. What is new When you add a member or create a permission policy , the following resource-scoped roles are now available: Role Description Zero Trust Gateway Firewall Policies Admin Can view and edit all Gateway firewall policies, including DNS, HTTP, and Network policies. Zero Trust Gateway DNS Policies Admin Can view and edit Gateway DNS policies. Zero Trust Gateway HTTP Policies Admin Can view and edit Gateway HTTP policies. Zero Trust Gateway Network Policies Admin Can view and edit Gateway Network policies. Zero Trust Gateway Egress Policies Admin Can view and edit Gateway Egress policies. Zero Trust Gateway Resolver Policies Admin Can view and edit Gateway Resolver policies. Zero Trust Gateway Policies Admin Can view and edit all Gateway policies. Zero Trust Gateway Policies Read Can view all Gateway policies. Zero Trust Gateway Read Only Can view all Gateway resources. Zero Trust DNS Locations Admin Can view and edit DNS locations. Zero Trust Proxy Endpoints Admin Can view and edit Gateway Proxy Endpoints. Zero Trust Account Lists Admin Can view and edit all Gateway and Access lists. Zero Trust Account Lists Read Can view all Gateway and Access lists. These roles allow you to: Grant a network engineer write access to Network policies only, without exposing DNS or HTTP policy configuration. Allow a security analyst to view all Gateway policies in read-only mode for auditing purposes. Delegate list management to a team that maintains block and allow lists without giving them access to policy configuration. You can also now assign Resource-scoped roles . These roles are complementary to existing account-level roles, and allow you to grant access to a specific resource, like an individual Gateway policy or Cloudflare One list. Existing account-level roles continue to work. A member with the Cloudflare Gateway or Cloudflare Zero Trust role retains full access to all Gateway resources. This ensures backward compatibility for existing automation and API tokens. Get started Review the resource-scoped roles on the Cloudflare role reference. Learn how to create permission policies that use these roles.
You might also wanna read
Cloudflare expands AI bot management tools with granular traffic controls for all customers
Cloudflare is celebrating the second "Content Independence Day" by expanding AI traffic management options for all website owners. Building
Workers - Simpler runtime types with @cloudflare/workers-types v5
Cloudflare·2d ago
AI Search - Manage AI Search sync jobs with Wrangler CLI
Cloudflare·3d ago
Workers - Work across multiple accounts with Wrangler auth profiles
Cloudflare·3d ago
Cache - Cache multiple versions of a URL with Vary
Cloudflare·3d ago
Cloudflare One - Hostname routing for Cloudflare Mesh
Cloudflare·3d ago

Comments
Sign in to join the conversation.
No comments yet. Be the first.