I’m trying to add additional users to my Cloudflare account, but it seems I can only add them with the Administrator role.
To maintain a sensible and effective security policy, I do not want these users to be administrators. I’d prefer they had read-only access so they can view analytics and traffic logs etc. but not make any potential breaking changes.
I read on the support article that If you have a Free, Pro, or Business plan, your Members default to the Administrator role. which isn’t very clear. Sure, they default to that role, but can that be changed?
If not, why not? This does not seem like an enterprise-only feature at all.
This seems like an essential security feature that anyone using Cloudflare in even a small organisation would want to have, at the very least to ensure that a hapless, non-technical manager doesn’t accidentally take the entire website down by playing with a setting they shouldn’t have.
I’m afraid that unless you are on an Enterprise plan, you can only have one Super Administrator and then all other users as Administrators. The other roles are documented here, but only available to Enterprise customers. You can create scoped API tokens to allow the editing of specific settings, but I doubt that helps given your situation with non-technical users.
Is there a way I can suggest this to Cloudflare’s product managers as a change?
I really do think it’s essential, even for small businesses. It is a major limitation for us; there are several non-technical people in my organisation who would like access to Cloudflare analytics but who I would not want to burden with the additional risk of being able to change critical site-related settings.
For any business using Cloudflare, it is most likely considered a critical piece of infrastructure. Access to that should be limited in the same way that you wouldn’t give non-technical managers root access to a web server.
I’d like to suggest this really shouldn’t be an Enterprise feature.
I’d like to reply to the existing topic you linked, but it looks like it was closed earlier this month without explanation. Was that maybe a mistake? Could you please re-open the topic?
Yes, I have the same request here.
My colleagues on the other department is non technical users and I don’t want them to change my existing configuration.
Need it now.