This reference lists the user roles and permissions associated with the Platform role. See User Roles for general information about user roles.
Platform User Roles
Your Zuora tenant has the following Platform user roles by default.
- Administrator: Users with this role can access the Zuora Platform, administer security policies, manage users, and manage user roles.
- Standard User: Users with this role can only access the Zuora Platform, create test tenants, and have API write access.
You can also create custom Platform user roles as needed by clicking Add new role.
View Roles and Permissions
To access the Platform user roles and permissions, perform the following steps:
- Click your username at the top right and navigate to Settings > Administration > Manage User Roles.
- On the Manage Roles page, select Platform from the View Role List of list.
- Click the role name or view to manage permissions assigned to the selected role.
The following table describes the Platform user permissions, and shows whether each permission is enabled for Platform Standard Users.
|Permission||Description||Granted to Standard User?|
|UI Access||The user can access the Zuora UI, including Billing and Payments.||Yes|
|API Write Access||The user can create, update, and delete data using Zuora SOAP and REST APIs.||Yes|
|Workflow Access||The user can access Workflow in the Zuora UI. Admins need to grant this access to standard users before standard users can use Workflow in the Zuora UI. For details, see Authentication for Standard Users.||No|
|Audit Trail Access||The user can access Audit Trail in the Zuora UI. To enable the Audit Trail access in the Zuora UI for a user role, administrators must select both the Audit Trail Access and the Data Query UI Access for this role.||No|
|Data Query UI Access||The user can access Data Query in the Zuora UI.||Yes|
|Delete Custom Objects||The user can delete custom object definitions with no records and can delete custom object records.||Yes|
|View Custom Objects||The user can view custom object definitions and records.||Yes|
|Edit Custom Objects||The user can create or edit custom object definitions and records.||Yes|
|Manage Users||The user can manage users.||No|
|Manage Security Policies||The user can manage security policies.||No|
|Manage User Roles||The user can manage user roles and perform all of the tasks described in this topic.||No|
Allowable Login IP Address Ranges
With the Platform Standard User role and any custom Platform user role, you can specify one or more IP address ranges to restrict user access to Zuora. Users assigned to these roles can only log in to Zuora within these specified ranges.
Note: This capability is not available on the Platform Administrator User role.
This option adds a powerful security layer to Zuora user access. Plan this implementation carefully. Work with your IT security officer to determine the setup that is appropriate for your tenant.
Specifying IP Address Ranges
When creating a custom user role, the Allowable Login IP Address Ranges section appears only after selecting Platform permissions and then saving.
The IP address ranges that you specify apply to all permissions selected for the role. If you do not specify a range, the user can log in from any IP address.
If you enter a range that does not include your current IP address, the following message appears:
Warning: The list of IP ranges does not cover your current IP address (126.96.36.199).
If the range is valid, select the check box to confirm and then click save. Otherwise, click cancel to start over.
Restricted Access Error Messages
Users will receive the following error message if they try to access the Zuora UI or make SOAP or REST API calls from an IP address outside the specified range:
Your IP address may be restricted. Please contact the administrator at your company for help.