Administrator Roles
Navigating the administrative roles within Glean can be crucial for maintaining a secure and well-managed workspace.
Glean provides three separate roles that can be assigned to administrators of the platform: Setup Admin, Admin, and Super Admin.
Permission Matrix
| Feature | Setup Admin | Admin | Super Admin |
|---|---|---|---|
| Manage Authentication Settings (i.e. SSO) | |||
| Connect and Manage Datasources | |||
| Initiate Crawls of Datasources | |||
| View currently synchronized directory data | |||
| Manage members of the testing group | |||
| Create API Tokens | Indexing API only | 1 | 2 |
| Manage general company settings | |||
| Customize the UI | |||
| Customize the Home Page | |||
| Manage roles and permissions within Glean | 3 | ||
| Manage access to in-product support | |||
| Manage Document Visibility in Search | |||
| Manage Environment Alerts | |||
| Manage Glean Assistant Settings | |||
| Manage Emails that are sent to Users | |||
| Manage Glean Invites & Adoption | |||
| Access Sensitive Content Search | |||
| Access DLP and Sensitive Content Reporting | |||
| Assign access to Sensitive Content Search & DLP |
Setup Admin
The Setup Admin role is the most restrictive administrator role.
The Setup Admin permissions extend to only permitting the setup and management of applications that Glean connects to. This includes:
- Connect and manage Single-Sign On settings.
- Connect and configure datasource apps for Glean to connect to.
- Start crawls for each configured datasource app.
- Generate API tokens for use with the Indexing API (for the to connect to in-house datasources via custom connectors).
Setup Admin is the perfect role to assign to teh administrators of any datasources that you would like to integrate with Glean. For example, you might provide your M365 administrator with the Setup Admin role in Glean so that they can connect Glean to Entra ID SSO, and setup Glean to crawl SharePoint, Teams, and OneDrive.
Admin
Admins have a broader range of capabilities compared to Setup Admins. Their permissions extend to various aspects of Glean's functionality, including:
- Edit the roles and permissions of all other users (but not the Super Admin role).
- Manage general Glean settings such as company name, appearance, home page customizations.
- Manage theconfiguration Glean features such as Org Chat, or Glean Assistant.
- Generate API tokens for all Glean APIs, however they cannot generate tokens that have global scope.
Super Admin
The Super Admin role encompasses all the permissions of an Admin and includes additional, more sensitive capabilities:
- Assigning the Admin Search role and the DLP moderator role.
- Creating global scope API tokens.
- Assigning the Super Admin role and any other permission or role.
Info
The Super Admin role is disabled by default and can only be assigned initially by Glean support with written authorization from your company CISO or Security Manager.
It is typically provided to a select senior individual within your organiation's security team due to the sensitive nature of the content that it can access (or provide access) to.