Oleria includes five built-in roles you can assign to users. Each role defines a specific set of permissions that controls what the user can see and do in the workspace. These default roles cannot be edited.
Full access to all features and settings, including user management and integrations.
Operator
Access to all Adaptive Security features and can manage connected integrations. Cannot manage workspace users.
Analyst
View-only access to Adaptive Security and connected integrations. Suitable for read-only reporting and investigation.
Governance Operator
Access to all Governance features, including access reviews, identity lifecycle, access bundles, and access requests. Can view connected integrations but not modify them. Cannot manage workspace users.
Identity Lifecycle Operator
Access to identity lifecycle, access bundles, and access requests. Can view connected integrations but not modify them. Cannot run access reviews or manage workspace users.
Administrator - assign to security leads and workspace owners who need to add users, configure integrations, and manage workspace settings. Keep the number of administrators small.Operator - assign to team members who need to connect integrations and use Adaptive Security features (Access Graph, Risk Monitoring, Activity Analysis, Account Utilization) but should not manage who has access to Oleria itself.Analyst - assign to stakeholders who need to view findings and run investigations but should not make configuration changes. This is the right role for auditors, compliance reviewers, or team members who consume reports.Governance Operator - assign to identity governance and compliance owners who run access reviews and manage identity lifecycle, access bundles, and access requests, but should not change integrations or manage who has access to Oleria. This role can view connected integrations for context without modifying them.Identity Lifecycle Operator - assign to identity lifecycle owners who manage identity lifecycle, access bundles, and access requests, but should not run access reviews, change integrations, or manage who has access to Oleria. This role can view connected integrations for context without modifying them.