Platform roles
This reference lists the user roles and permissions associated with the Platform role. See User roles for general information about user roles.
Platform user roles
Your Zuora tenant has the following Platform user roles by default.
- Administrator: Users with this role can access the Zuora Platform, administer security policies, view users, manage users, and manage user roles.
- Standard User: Users with this role can only access the Zuora Platform, create test tenants, and have API write access.
You can also create custom Platform user roles as needed by clicking Add new role.
View roles and permissions
To access the Platform user roles and permissions, perform the following steps:
- Click your username at the top right and navigate to Settings > Administration > Manage User Roles.
- On the Manage Roles page, select Platform from the View Role List of list.
- Click the role name or view to manage permissions assigned to the selected role.
Platform permissions
The following table describes the Platform user permissions, and shows whether each permission is enabled for Platform Standard Users.
Permission | Description | Granted to Standard User? |
---|---|---|
UI Access | The user can access the Zuora UI, including Billing and Payments. | Yes |
API Write Access | The user can create, update, and delete data using Zuora SOAP and REST APIs. | Yes |
Audit Trail Access | The user can access Audit Trail in the Zuora UI. To enable the Audit Trail access in the Zuora UI for a user role, administrators must select both the Audit Trail Access and the Data Query UI Access for this role. | No |
Data Query UI Access | The user can access Data Query in the Zuora UI. | Yes |
Run Data Queries (In UI Or API) | The user can run or save data queries through the Zuora UI, and manage data queries through the API. | Yes |
Delete Custom Objects | The user can delete custom object definitions with no records and can delete custom object records. | Yes |
View Custom Objects | The user can view custom object definitions and records. | Yes |
Edit Custom Objects | The user can create or edit custom object definitions and records. | Yes |
Workflow View Access |
Read-only access to Workflow. The user can view details of the workflow definitions, workflow versions, tasks, the Run History tab, and the Metrics tab. However, the user cannot run or manage the workflows. | Yes |
Workflow Run Access | The user with this permission can run the workflow definitions. | Yes |
Workflow Manage Access | The user with this permission can create, update, delete and manage workflows definitions and versions. | Yes |
Workflow Manage Global Settings Access | Administrator of Workflow. The user with this permission can manage Zuora Login, External SMTP, Workflow Global Settings, etc. | Yes |
View Users | The user can view users in the Zuora tenant. | No |
Manage Users | The user can manage users. | No |
Manage Security Policies | The user can manage security policies. | No |
Manage User Roles | The user can manage user roles and perform all of the tasks described in this topic. | No |
Deployment Manager | The user can perform migration of metadata objects (Settings, Custom Fields, Notifications, etc) from a source tenant to a target tenant. | Yes |
Data Loader | The user can perform migration of transactional data on Billing objects | Yes |
System Health Dashboard | The user can view the system health dashboards. | No |
View Meters |
Read-only access to Mediation. The user can view details of the meters, events, and Audit Trail. However, the user cannot run or manage the meters and event definitions. | Yes |
Run Meters | The user with this permission can run the meters and ingest usage with Streaming API. | Yes |
Configure Meters and Events | The user with this permission can create, update, delete and manage meters and event definitions. | Yes |
Allowable login IP address ranges
With the Platform Standard User role and any custom Platform user role, you can specify one or more IP address ranges to restrict user access to Zuora. Users assigned to these roles can only log in to Zuora within these specified ranges.
This capability is not available on the Platform Administrator User role.
This option adds a powerful security layer to Zuora user access. Plan this implementation carefully. Work with your IT security officer to determine the setup that is appropriate for your tenant.
Specifying IP address ranges
When creating a custom user role, the Allowable Login IP Address Ranges section appears only after selecting Platform permissions and then saving.
The IP address ranges that you specify apply to all permissions selected for the role. If you do not specify a range, the user can log in from any IP address.
If you enter a range that does not include your current IP address, the following message appears:
Warning: The list of IP ranges does not cover your current IP address (101.111.111.111).
If the range is valid, select the check box to confirm and then click save. Otherwise, click cancel to start over.
Restricted access error messages
Users will receive the following error message if they try to access the Zuora UI or make SOAP or REST API calls from an IP address outside the specified range:
Your IP address may be restricted. Please contact the administrator at your company for help.