Skip to content

Custom Roles

Custom roles allow Org Admins to overlay a specific set of ZTKA or ABAC policies to a base role (RBAC Role.


Limited Access - ABAC (Attribute-based access) capability is enabled selectively for Orgs and is not available to all Prod Orgs.

Create New Role

Perform the below steps to create a new custom role:

  • Login to the console and navigate to System → Custom Roles. Custom Roles page appears
  • Click New Custom Role

New Custom Role

  • Provide a Name

  • Click Add Policy to select the required ABAC/ZTKA policies and their versions. Multiple policy selection is allowed

  • Select the Base Role


For ABAC (Attribute-based access, only Namespace Admin and Namespace Read Only base roles are supported.

  • Click Save Changes

Custom Role

Once the details are saved, the policy is applied to the selected roles and listed as shown below. You can edit the details or delete the custom role if required using the respective icons


On successful custom role creation, now admins can assign the roles to the required users or groups