Roles
Roles define what users can do in Snow. They are used to assign specific permissions or to give access to specific items or functionalities, for example, to give access to specific Microsoft 365 views. You can also use roles to give access to multiple parts of the system to easily assign a user to a function in your organization, for example, a Software Asset Manager role.
Roles and permissions
A role is a collection of permissions. The permissions give access to selected functionality and define what the users can do in Snow.
The permissions have different levels, for example, permission to create, read, update, and delete, or permission to read only.
Default roles
There are predefined default roles in Snow Atlas that you can use as they are. You cannot edit or delete the default roles.
To view all the permissions included in a default role, in Roles, select a role, and from Actions, select View permissions. In Permissions, you can expand the categories to view the permissions included in the selected role.
| Role | Description | Required for access to |
|---|---|---|
| System administrator | System administrators have create, read, update, and delete access to Snow Atlas settings. This role also gives you access to settings specific to the products that your organization is entitled to in Snow Atlas, with the exception of Cloud connectors and SaaS connectors. | Depending on the products that your organization is entitled to:
|
| Administrator | Administrators have create, read, update, and delete access to all products that your organization is entitled to in Snow Atlas, including Cloud connectors and SaaS connectors. Users who require access to make changes to the products that your organization is entitled to must have the permissions included in this role. | Depending on the products that your organization is entitled to:
|
| Viewer | Viewers have read access to all products that your organization is entitled to in Snow Atlas. This role does not give read access to settings specific to those products, with the exception of SAM Core settings and SaaS settings. | Depending on the products that your organization is entitled to:
|
Custom roles
There are predefined default roles in Snow that you can use as they are. You can also create custom roles to give access to selected functionality. You can base custom roles on a default role or another custom role, or create a custom role without using a base role.
Note that, a custom role and its base role are not connected. Neither changes to the base role nor changes to the custom role affect one another.
EXAMPLE
Role B is based on Role A so that the two roles include the same permissions. Role A is then updated with an additional permission. The additional permission does not automatically appear in Role B.
Limits
For information on the maximum number of custom roles and role permission assignments permitted in your Snow Atlas system, see Limits and constraints.