To provide more granular controls, we refined the existing roles for Email Security and launched a new Email Security role as well.
All Email Security roles no longer have read or write access to any of the other Zero Trust products:
- Email Configuration Admin
- Email Integration Admin
- Email Security Read Only
- Email Security Analyst
- Email Security Policy Admin
- Email Security Reporting
To configure Data Loss Prevention (DLP) or Remote Browser Isolation (RBI), you now need to be an admin for the Zero Trust dashboard with the Cloudflare Zero Trust role.
Also through customer feedback, we have created a new additive role to allow Email Security Analyst to create, edit, and delete Email Security policies, without needing to provide access via the Email Configuration Admin role. This role is called Email Security Policy Admin, which can read all settings, but has write access to allow policies, trusted domains, and blocked senders.
This feature is available across these Email Security packages:
- Advantage
- Enterprise
- Enterprise + PhishGuard
Source: Cloudflare
Latest Posts
- AWS Transfer Family web apps now support federated permissions with IAM Identity Center across AWS Regions
- Dynamics 365 Contact Center – Enable AI-assisted time-off and swap requests [MC1317126]
- GCP Release Notes: May 20, 2026
- Security Hub Extended expands to 21 curated partner solutions across 9 categories
