Cloudflare CASB (Cloud Access Security Broker) now supports two new granular roles to provide more precise access control for your security teams:
- Cloudflare CASB Read: Provides read-only access to view CASB findings and dashboards. This role is ideal for security analysts, compliance auditors, or team members who need visibility without modification rights.
- Cloudflare CASB: Provides full administrative access to configure and manage all aspects of the CASB product.
These new roles help you better enforce the principle of least privilege. You can now grant specific members access to CASB security findings without assigning them broader permissions, such as the Super Administrator or Administrator roles.
To enable Data Loss Prevention (DLP), scans in CASB, account members will need the Cloudflare Zero Trust role.
You can find these new roles when inviting members or creating API tokens in the Cloudflare dashboard under Manage Account > Members.
To learn more about managing roles and permissions, refer to the Manage account members and roles documentation.
Source: Cloudflare
Latest Posts
- GCP Release Notes: October 30, 2025
- Updates available for Microsoft 365 Apps for Current Channel [MC1181780]
- Microsoft Teams: File attachment control now enabled by default in external 1:1 and group chats [MC1181772]
- Microsoft Purview: eDiscovery admin content access restrictions when not in compliance with Entra policies [MC1181768]
