This article has 297 words.
Roles in the organization
Within an organization, each user can have one of the following roles:
| Role name | Code designation | Function |
|---|---|---|
| Global administrator | ga | All permissions within one directory |
| User admin | user_admin | Can do everything except edit/influence global admin |
| Campaign administrator | campaign_admin | Can create campaigns, automation and manage employees |
| Data administrator | data_admin | Can add employees |
| Auditor | auditor | Access on a read-only basis |
| Employee | emp | Access to training |
| Reactions API* | reactions | It is granted after clicking on a phishing link |
What is the Reactions API role?
Regardless of the permissions you have, Koala will issue a coded “reactions” role to everyone when they click on a link for the duration of a session in the browser. For the user, this does not matter much, as it only allows you to record information like: person X tried to enter his password multiple times. If the Koala administrator gets a phishing email and clicks on the link, then this role will be issued, so that no one, after accessing the mailbox / intercepting communications outside the reach of the service, can use administrative access.
How to assign roles in the system?
Within a single directory, it is good to have one main account for the main administrator at the “ga” level, and each subsequent administrator should have as little privilege as possible. The auditor role is used when, during the handling of a RODO incident an external entity (e.g., the DPA) wants to assess how the tool is being used. This role can also be used for internal auditing.
Should the system administrator have a license?
There is no need, you can make a backup global administrator account, just in case. You can also make an additional account without logging in using M365 in auditor mode to implement external reporting using the provided API.