RBAC allows you to control what kind of data your GSX 365 Usage users can view within the tool. For example, you might choose to limit your department managers to only be able to view statistics relevant to their particular teams.
Creating a New Policy
Before you can apply filters to individual users, you must first create the policy that you can then add the user to. First, navigate to the User Management page in the left navigation menu, then click the Add New Policy button in the Policies section.
Enter the policy’s name and a description into the window that pops up, and then select Add Policy.
Modifying a Policy
Now that you have created a policy, you can click the Modify icon next to its name to begin adding users and applying filters. The Modify Policy section is split into four different parts, navigable by the tabs at the top of the page.
Policy Details and Preview Mode
This section allows you to edit the Name and Description of the policy, and to also preview it by showing you how the reports would look as a member of this policy.
To preview the policy, click the button in this section. The reports will reload to the main page, and a message will appear at the top of the page informing you that you are in preview mode.
You can then navigate around the reports as a member of this policy, with all of the same filters and reports access applied to this policy. It is important that you preview a policy before assigning users to it, so as to be sure that all filters and access rights have been applied correctly.
Use this section to add and remove users from a policy. Please note that only users can be applied to a policy (admins continue to have full access of the reports), and that a user can only be a member of one policy at a time.
Use this section to disable any reports that you would not like to be available to the users of this policy. Please note that not all reports can be filtered – this includes some tenant-level reports, as well as (for the time being) Security & Audit and SharePoint Online reports. As a result, you may wish to disable these reports – you can do so by selecting the link in the description at the top of the page, however it is still important that you fully test a policy via the Preview mode mentioned above to ensure that you are satisfied with the level of access.
This section allows you to modify the filters applied to the policy. These filters are based on the Azure Active Directory attributes within your Office 365 environment.
Using the Reports as a Member of a Policy
Users who are members of a policy will see a padlock icon at the top of their screen to inform them that their reports are being limited.
Behavior of Scheduled Reports
A report scheduled by a member of a policy will be emailed to its recipients with the policy’s filters in place.