Knowledge Center

Knowledge Center > Admin > Administrator Settings > User Roles > Platform Roles

Platform Roles

This reference lists the user roles and permissions associated with the Platform role. See User Roles for general information about user roles.

Platform User Roles

Your Zuora tenant has the following Platform user roles by default. 

  • Administrator: Users with this role can access the Zuora Platform, administer security policies, manage users, and manage user roles. 
  • Standard User: Users with this role can only access the Zuora Platform, create test tenants, and have API write access. 

You can also create custom Platform user roles as needed by clicking Add new role.

View Roles and Permissions

To access the Platform user roles and permissions, perform the following steps:

  1. Click your username at the top right and navigate to Settings > Administration > Manage User Roles.
  2. On the Manage Roles page, select Platform from the View Role List of list. 
  3. Click the role name or view to manage permissions assigned to the selected role.

Platform Permissions

The following table describes the Platform user permissions, and shows whether each permission is enabled for Platform Standard Users. 

Permission Description Granted to Standard User?
UI Access The user can access the Zuora UI,including Billing and Payments.  Yes
API Write Access The user can create, update, and delete data in the Zuora SOAP and REST APIs. Yes
Manage Users The user can manage users No
Manage Security Policies The user can manage security policies No
Manage User Roles The user can manage user roles and perform all of the tasks described in this topic. No

Allowable Login IP Address Ranges

With the Platform Standard User role and any custom Platform user role, you can specify one or more IP address ranges to restrict user access to Zuora. Users assigned to these roles can only log in to Zuora within these specified ranges.

Note: This capability is not available on the Platform Administrator User role.

This option adds a powerful security layer to Zuora user access. Plan this implementation carefully. Work with your IT security officer to determine the setup that is appropriate for your tenant. 

Specifying IP Address Ranges

When creating a custom user role, the Allowable Login IP Address Ranges section appears only after selecting Platform permissions and then saving. 

The IP address ranges that you specify apply to all permissions selected for the role. If you do not specify a range, the user can log in from any IP address. 

If you enter a range that does not include your current IP address, the following message appears:

Warning: The list of IP ranges does not cover your current IP address (101.111.111.111).

If the range is valid, select the check box to confirm and then click save. Otherwise, click cancel to start over.

Restricted Access Error Messages

Users will receive the following error message if they try to access the Zuora UI or make SOAP or REST API calls from an IP address outside the specified range:

Your IP address may be restricted. Please contact the administrator at your company for help.

Last modified
23:57, 18 Jan 2017

Tags

Classifications

(not set)