Roles
|
Description
|
Billing Admin
|
Full access to Billing and Subscriptions only
|
Global Admin
|
Full access to create, update, and delete any feature, including user’s permissions.
Permissions:
- Asset Monitoring - Create, View, Edit, and Delete
- Asset Onboarding - Create, and View
- Asset Overview - View only
- Asset Details - View, Edit, Create, and Delete
- Asset Visualization - View only
- Attack Surface Intelligence - View and Update
- Company Management - View and Edit
- Customer Management - Create only
- Chronicle Integration - Modifier and View
- Entities - Create, delete, edit, and view
- Import entities - Create, delete, edit, and view
- Entity SKU - Create, delete, edit, and view
- Signal analytics (Explore signals) - View
- ActOn analyzer - Analyze ActOns
- API Gateway - Create, edit, view, and delete
- Malware Uploader - Create, Delete, Edit, Publish, and View
- Configurations
- Usage and Limits - View usage and details
- User Management - View, Edit, Create, Switch, and Delete
- Tenant/Organization Management - View, List, Edit, Create and Delete
- Subscriptions - View only
- Services - Create, View, Delete, and Edit
- Integrations - View, Edit, Create, and Delete
- Outbound policy - Create, Delete, Edit, and View
- Chronicle CMS - Access only
- Processing Rules - Create, View, Delete, and Edit
- Correlation Policies - Create, View, Delete, and Edit
- ActOn Policies - Create, View, Delete, and Edit
- Scoring Templatization Rules - Create, View, Delete, and Edit
- Channels - Create, Edit, View, and Delete
- System notifications - Create, Delete, Edit, and View
- Schedules - Create, View, Delete, and Edit
- Escalation Policies - View, Edit, Create, and Delete
- Activity Logs - View only
- Escalation templates - Create, delete, edit, and view
- Resolutions
- ActOns - View, Edit, Create, and Delete
- Situations - View, Edit, Create, Delete, and Mark as Acton
- Signals - View, Edit, Create, and Delete
- Dashboards - View, Edit, Create, Share, Import, Export, and Delete
- Data Extraction - Create, View, Edit, Share, Schedule, and Delete
- Explore Signals - Create, View, Edit, and Delete
- Operational Intelligence - View only
- Ops Ramp system - View only
- Partner Management - Create only
- Reports - View, Edit, Create, Delete, Share, Run, and Schedule
- Reliability Intelligence - View only
- Threat Detection & Response - View only
- Threat Hunting - View only
- CMS - See the Roles Mapping section to view the permissions granted to users with this role in CMS.
- Behavior analytics - See the Roles Mapping section to to view the permissions granted to users with this role in behavior analytics.
|
Owner
|
Full access to create, update, and delete features, including a user’s permissions. Owners can also create, delete, edit, and view Subscriptions.
Permissions:
- Asset Monitoring - Create, View, Edit, and Delete
- Asset Onboarding - Create, and View
- Asset Overview - View only
- Asset Details - View, Edit, Create, and Delete
- Asset Visualization - View only
- Attack Surface Intelligence - View and Update
- Company Management - View and Edit
- Customer Management - Create only
- Chronicle Integration - Modifier and View
- Entities - Create, delete, edit, and view
- Import entities - Create, delete, edit, and view
- Entity SKU - View
- Signal analytics (Explore signals) - Create, Delete, Edit, and View
- Malware Uploader - Create, Delete, Edit, Publish, and View
- Configurations
- Usage and Limits - View usage and details
- Subscriptions - View only
- User Management - View, Edit, Create, Switch, and Delete
- Services - Create, View, Delete, and Edit
- Integrations - View, Edit, Create, and Delete
- Outbound policy - Create, Delete, Edit, and View
- Chronicle CMS - Access only
- Processing Rules - Create, View, Delete, and Edit
- Correlation Policies - Create, View, Delete, and Edit
- ActOn Policies - Create, View, Delete, and Edit
- Scoring Templatization Rules - Create, View, Delete, and Edit
- Channels - Create, Edit, View, and Delete
- System notifications - Create, Delete, Edit, and View
- Tenant/Organization Management - View, List, Edit, Create and Delete
- Schedules - Create, View, Delete, and Edit
- Escalation policies - View, Edit, Create, and Delete
- Activity Logs - View only
- Escalation templates - Create, delete, edit, and view
- Resolutions
- ActOns - View, Edit, Create, and Delete
- Situations - View, Edit, Create, Delete, and Mark as Acton
- Signals - View, Edit, Create, and Delete
- Data Extraction - Create, View, Edit, Share, Schedule, and Delete
- Dashboards - View, Edit, Create, Share, Import, Export, and Delete
- Explore Signals - Create, View, Edit, and Delete
- Operational Intelligence - View only
- Ops Ramp system - View only
- Partner Management - Create only
- Reports - View, Edit, Create, Delete, Share, Run, and Schedule
- Reliability Intelligence - View only
- Threat Detection & Response - View only
- Threat Hunting - View only
- CMS - See the Roles Mapping section to view the permissions granted to users with this role in CMS.
- Behavior analytics - See the Roles Mapping section to to view the permissions granted to users with this role in behavior analytics.
|
Manager
|
Full access to create, update, and delete features and all of their configuration. Depending on an Owner or Global Admin's discretion, these roles may be given lower access levels for specific features
Permissions:
- Asset Monitoring - Create, View, Edit, and Delete
- Asset Onboarding - Create, and View
- Asset Overview - View only
- Asset Details - View, Edit, Create, and Delete
- Asset Visualization - View only
- Attack Surface Intelligence - View and Update
- Company Management - View and Edit
- Chronicle Integration - View only
- Import entities -View
- Configurations
- Usage and Limits - View only
- Subscriptions - View only
- User Management - View, Edit, Create, Switch, and Delete
- Services - Create, View, Delete, and Edit
- Integrations - View, Edit, Create, and Delete
- Processing Rules - View only
- Correlation Policies - View only
- Scoring Templatization Rules - Add, and View only
- Escalation templates - Create, delete, edit, and view
- Channels - View
- System notifications - View
- Schedules - Create, View, Delete, and Edit
- Escalation Policies - View, Edit, Create, and Delete
- Activity Logs - View only
- Resolutions
- ActOns - View, Edit, Create, and Delete
- Situations - View, Edit, Create, Delete, and Mark as Acton
- Signals - View, Edit, Create, and Delete
- Data Extraction - Add, Create, View, Edit, Share, Schedule, and Delete
- Dashboards - View, Edit, Create, Share, Add, and Delete
- Operational Intelligence - View only
- Ops Ramp system - View only
- Reliability Intelligence - View only
- Threat Detection & Response - View only
- Threat Hunting - View only
- Reports - View, Edit, Create, Delete, Share, Run, and Schedule
- CMS - See the Roles Mapping section to view the permissions granted to users with this role in CMS.
- Behavior analytics - See the Roles Mapping section to to view the permissions granted to users with this role in behavior analytics.
|
Responder
|
Can view features, take action on situations, create situations for any team, and create overrides.
Permissions:
- Asset Monitoring - View only
- Asset Overview - View only
- Asset Onboarding - View only
- Asset Details - View and Edit
- Asset Visualization - View only
- Attack Surface Intelligence - Update only
- Company Management - View only
- Chronicle Integration - View only
- Entities - View
- Configurations
- Usage and Limits - View only
- Subscriptions - View only
- User Management - View only
- Services - View only
- Integrations - View only
- Processing Rules - View only
- Correlation Policies - View only
- ActOn Policies - View only
- Scoring Templatization Rules - View only
- Schedules - View only
- Escalation Policies - View only
- Activity Logs - View only
- Resolutions
- ActOns - View, Edit, Create, Mark as ActOn, and Delete
- Situations - View only
- Signals - View, Edit, Create, and Delete
- Data Extraction - View, Share, and Edit
- Dashboards - View only
- Operational Intelligence - View only
- Ops Ramp system - View only
- Reports - Add, View, Edit, Share, Run, and Schedule
- Reliability Intelligence - View only
- Threat Detection & Response - View only
- Threat Hunting - View only
- CMS - See the Roles Mapping section to view the permissions granted to users with this role in CMS.
- Behavior analytics - See the Roles Mapping section to to view the permissions granted to users with this role in behavior analytics.
|
Stakeholder
|
Stakeholders can view features in an account but cannot make modifications. The intended use case for a Stakeholder is to be added as a Subscriber to a situation or notification - they will receive updates about the situation but cannot take any action.
Permissions:
- Asset Monitoring - View only
- Asset Overview - View only
- Asset Onboarding - View only
- Asset Visualization - View only
- Attack Surface Intelligence - View only
- Chronicle Integration - View only
- Entities - View
- Signal analytics (Explore signals) - View
- Configurations
- Usage and Limits - View only
- Subscriptions - View only
- Services - View only
- Integrations - View only
- Outbound policy - View only
- Processing Rules - View only
- Correlation Policies - View only
- ActOn Policies - View only
- Escalation templates - View only
- Channels - View only
- System notifications - View only
- Schedules - View only
- Escalation Policies - View only
- Activity Logs - View only
- Resolutions
- ActOns - View only
- Signals - View only
- Situations - View only
- Data Extraction - View only
- Dashboards - View only
- Operational Intelligence - View only
- Ops Ramp system - View only
- Reports - Add, View, and Schedule
- Reliability Intelligence - View only
- CMS - See the Roles Mapping section to view the permissions granted to users with this role in CMS.
- Behavior analytics - See the Roles Mapping section to to view the permissions granted to users with this role in behavior analytics.
|
Observer
|
Can view features but cannot make any modifications. If an Observer is assigned to a situation, they will temporarily have Responder access to that situation only and can respond and reassign
Permissions:
- Asset Monitoring - View only
- Asset Overview - View only
- Asset Onboarding - View only
- Asset Visualization - View only
- Attack Surface Intelligence - View only
- Company Management - View only
- Chronicle Integration - View only
- Entities - View only
- Import entities - View only
- Configurations
- Usage and Limits - View only
- User Management - View only
- Subscriptions - View only
- Services - View only
- Integrations - View only
- Outbound policy - View only
- Processing Rules - View only
- Correlation Policies - View only
- ActOn Policies - View only
- Escalation templates - View only
- Channels - View only
- System notifications - View only
- Schedules - View only
- Escalation Policies - View only
- Activity Logs - View only
- Resolutions
- ActOns - View only
- Signals - View only
- Situations - View only
- Data Extraction - View, and Share only
- Dashboards - View only
- Operational Intelligence - View only
- Ops Ramp system - View only
- Reports - View only
- Reliability Intelligence - View only
- Threat Detection & Response - View only
- Threat Hunting - View only
- CMS - See the Roles Mapping section to view the permissions granted to users with this role in CMS.
- Behavior analytics - See the Roles Mapping section to to view the permissions granted to users with this role in behavior analytics.
|
Configurations Manager
|
Full access to create, update, and delete Configurations.
Permissions:
- Asset Monitoring - Create, View, Edit, and Delete
- Asset Onboarding - Create, and View
- Asset Overview - View only
- Asset Details - View, Edit, Create, and Delete
- Asset Visualization - View only
- Attack Surface Intelligence - View and Update only
- Chronicle Integration - Modifier and View
- Entities - Create, edit, and view
- Import entities - Create, delete, edit, and view
- Signal analytics (Explore signals) - Create, Delete, Edit, and View
- Malware Uploader - Create, Delete, Edit, Publish, and View
- Configurations
- Usage and Limits - View usage only
- Subscriptions - View only
- User Management - View only
- Services - View, Edit, Create, and Delete
- Integrations - View, Edit, Create, and Delete
- Outbound policy - Create, Delete, and View
- Chronicle CMS - Access only
- Processing Rules - Create, View, Delete, and Edit
- Correlation Policies - Create, View, Delete, and Edit
- ActOn Policies - Create, View, Delete, and Edit
- Scoring Templatization Rules - Create, View, Delete, and Edit
- Escalation templates - Create, delete, edit, and view
- Channels - Create, Edit, View, and Delete
- System notifications - Create, Delete, Edit, and View
- Schedules - View only
- Escalation Policies - View only
- Activity Logs - View only
- Tenant/Organization Management - View, List, Edit, Create and Delete
- Resolutions
- ActOns - View only
- Signals - View only
- Situations - View only
- Dashboards - View, Edit, Create, and Delete
- Explore Signals - View only
- Operational Intelligence - View only
- OpsRamp system - View only
- Threat Detection & Response - View only
- Threat Hunting - View only
- CMS - See the Roles Mapping section to view the permissions granted to users with this role in CMS.
- Behavior analytics - See the Roles Mapping section to to view the permissions granted to users with this role in behavior analytics.
|
Restricted Access
|
By default, if a user is created without any assigned role, they are given a restricted access role. This role does not allow them to view or edit any features on the account.
Permissions:
- Dashboards - View only
- Configurations
- Notification Channels - View only
- Services - View only
- Operational Intelligence - View only
- Reliability Intelligence - View only
|
Comments
0 comments
Please sign in to leave a comment.