Skip to main content
McAfee Enterprise MVISION Cloud

About User Roles and Access Levels

Roles control the areas of the MVISION Cloud user interface or Cloud Connector a user can view or access. You can set your role-based access control (RBAC) levels to restrict certain users from sensitive areas of the system or to create workflows for users with dedicated responsibilities. All users must have at least one role; users can have multiple roles at once. 

You can also give functions of roles Read Only or Manage access. Learn more in About Read Only vs Manage Access.

Once a user has been assigned a role, that user cannot change or manage users who have different roles assigned, including User Managers. This prevents users with a lower access level from making changes to users with higher access levels, and also prevents users with more broad access from improperly granting access to other users. A trusted user with all roles assigned can make changes to other users' access to all areas.

Role Name Default Functions Description


By default, Administrators are able to configure Structured App CSPs, CASB Connect Apps, IaaS deployments, and so on. Additionally, Admins can manage and create users, and have access to the Audit Log. They also have access to Activity Settings and Anomaly Settings. 

Setting Setup & Configuration allows only read access to cloud service configurations. Setting User Manager to Read Only allows an Admin to view users, but not modify any account.

Administrators cannot be assigned to or subject to Data Jurisdiction restrictions.

Compliance Manager

Users with the User Manager role can make tenant-level changes that affect the information seen by other MVISION Cloud users. User Managers can:

Given the access to make tenant-level changes, User Managers cannot be assigned to or subject to Data Jurisdiction restrictions.

Policy Management

Users with the Policy Management role interact with the rules-based portions of the product, including those listed in the previous column. 

Users with this role can also manage the settings that govern policies.

Policy Managers cannot be assigned to or subject to Data Jurisdiction restrictions.

Incident Management

Users with the Incident Manager role can access the pages listed in the previous column. 

Usage Analytics User

Users with the Usage Analytics User role can access these pages:

Cloud Security Advisor Dashboard Manager Cloud Security Advisor The Cloud Security Advisor Dashboard Manager role is required to take waivers and credits for Visibility and Control metrics in the Cloud Security Advisor. 

Custom Apps Owner

 Custom Apps

The Custom Apps Owner role can only be assigned once a user has another role configured. It's not standalone.

Detokenization Privilege View detokenized user names  Instead of random tokens, a user with this access can view user names. The Detokenization Privilege can only be assigned once a user has another role configured. It cannot be assigned as a standalone role.

Cloud Connector User

MVISION Cloud Connector

Users must have the Cloud Connector User role to configure Cloud Connector. The Cloud Connector User role can be assigned separately from the Admin dashboard. So, the User must have an Admin role to access the Cloud Connector option under Settings > Infrastructure in MVISION Cloud.

All Cloud Connector users can detokenize reports by uploading them to Cloud Connector, but if they want to view detokenized information within MVISION Cloud, they still require the Detokenization Privilege.

ePO Connector McAfee Enterprise Integrations The ePO Connector role allows the user to set up integrations between McAfee Enterprise ePolicy Orchestrator and McAfee Enterprise MVISION Cloud.


  • Was this article helpful?