Roles
|
Description
|
Billing Admin
|
Full access to Billing and Subscriptions only
|
Global Admin
|
Full access to create, update, and delete any feature, including user’s permissions.
Permissions:
- ASI Risk Intelligence - High and Critical access
- Asset Monitoring - Create, Add, View, Edit, and Delete
- Asset Onboarding - Add, Create, and View
- Asset Overview - View only
- Asset Details - View, Add, Edit, Create, and Delete
- Asset Visualization - View only
- Attack Surface Intelligence - View and Update
- Company Management - View and Edit
- Customer Management - Create only
- Chronicle Integration - Modifier and View
- Configurations
- Usage and Limits - View usage and details
- User Management - View, Edit, Create, Switch, Add, and Delete
- Tenant/Organization Management - View, List, Add, Edit, Create and Delete
- Subscriptions - View only
- Services - Create, View, Delete, Add, and Edit
- Integrations - View, Add, Edit, Create, and Delete
- Chronicle CMS - Access only
- Processing Rules - Add, Create, View, Delete, and Edit
- Correlation Policies - Add, Create, View, Delete, and Edit
- ActOn Policies - Add, Create, View, Delete, and Edit
- Scoring Templatization Rules - Add, Create, View, Delete, and Edit
- Notification Channels - Add, Create, Edit, View, and Delete
- Notification Templates - Add, Create, Edit, View, and Delete
- Notification Policies - Add, Create, Edit, View, and Delete
- Schedules - Add, Create, View, Delete, and Edit
- Escalation Policies - View, Add, Edit, Create, and Delete
- Activity Logs - View only
- Resolutions
- ActOns - Add, View, Edit, Create, and Delete
- Situations - Add, View, Edit, Create, Delete, and Mark as Acton
- Signals - Add, View, Edit, Create, and Delete
- Dashboards - View, Edit, Create, Share, Add, Import, Export, and Delete
- Data Extraction - Add, Create, View, Edit, Share, Schedule, and Delete
- Explore Signals - Create, View, Edit, and Delete
- Operational Intelligence - View only
- Ops Ramp system - View only
- Partner Management - Create only
- Reports - Add, View, Edit, Create, Delete, Share, Run, and Schedule
- Reliability Intelligence - View only
- Threat Detection & Response - View only
- Threat Hunting - View only
|
Owner
|
Full access to create, update, and delete features, including a user’s permissions. Owners can also create, delete, edit, and view Subscriptions.
Permissions:
- ASI Risk Intelligence - High and Critical access
- Asset Monitoring - Create, Add, View, Edit, and Delete
- Asset Onboarding - Add, Create, and View
- Asset Overview - View only
- Asset Details - View, Add, Edit, Create, and Delete
- Asset Visualization - View only
- Attack Surface Intelligence - View and Update
- Company Management - View and Edit
- Customer Management - Create only
- Chronicle Integration - Modifier and View
- Configurations
- Usage and Limits - View usage and details
- Subscriptions - View only
- User Management - View, Edit, Create, Switch, Add, and Delete
- Services - Create, View, Delete, Add, and Edit
- Integrations - View, Add, Edit, Create, and Delete
- Chronicle CMS - Access only
- Processing Rules - Add, Create, View, Delete, and Edit
- Correlation Policies - Add, Create, View, Delete, and Edit
- ActOn Policies - Add, Create, View, Delete, and Edit
- Scoring Templatization Rules - Add, Create, View, Delete, and Edit
- Notification Channels - Add, Create, Edit, View, and Delete
- Notification Templates - Add, Create, Edit, View, and Delete
- Notification Policies - Add, Create, Edit, View, and Delete
- Tenant/Organization Management - View, List, Add, Edit, Create and Delete
- Schedules - Add, Create, View, Delete, and Edit
- Escalation policies - View, Add, Edit, Create, and Delete
- Activity Logs - View only
- Resolutions
- ActOns - Add, View, Edit, Create, and Delete
- Situations - Add, View, Edit, Create, Delete, and Mark as Acton
- Signals - Add, View, Edit, Create, and Delete
- Data Extraction - Add, Create, View, Edit, Share, Schedule, and Delete
- Dashboards - View, Edit, Create, Share, Add, Import, Export, and Delete
- Explore Signals - Create, View, Edit, and Delete
- Operational Intelligence - View only
- Ops Ramp system - View only
- Partner Management - Create only
- Reports - Add, View, Edit, Create, Delete, Share, Run, and Schedule
- Reliability Intelligence - View only
- Threat Detection & Response - View only
- Threat Hunting - View only
|
Manager
|
Full access to create, update, and delete features and all of their configuration. Depending on an Owner or Global Admin's discretion, these roles may be given lower access levels for specific features
Permissions:
- ASI Risk Intelligence - High and Critical access
- Asset Monitoring - Create, Add, View, Edit, and Delete
- Asset Onboarding - Add, Create, and View
- Asset Overview - View only
- Asset Details - View, Add, Edit, Create, and Delete
- Asset Visualization - View only
- Attack Surface Intelligence - View and Update
- Company Management - View and Edit
- Chronicle Integration - View only
- Configurations
- Usage and Limits - View only
- Subscriptions - View only
- User Management - View, Edit, Create, Switch, Add, and Delete
- Services - Create, View, Delete, Add, and Edit
- Integrations - View, Add, Edit, Create, and Delete
- Processing Rules - View only
- Correlation Policies - View only
- Scoring Templatization Rules - Add, and View only
- Notification Channels - View only
- Notification Templates - View only
- Notification Policies - View only
- Schedules - Add, Create, View, Delete, and Edit
- Escalation Policies - View, Add, Edit, Create, and Delete
- Activity Logs - View only
- Resolutions
- ActOns - Add, View, Edit, Create, and Delete
- Situations - Add, View, Edit, Create, Delete, and Mark as Acton
- Signals - Add, View, Edit, Create, and Delete
- Data Extraction - Add, Create, View, Edit, Share, Schedule, and Delete
- Dashboards - View, Edit, Create, Share, Add, and Delete
- Operational Intelligence - View only
- Ops Ramp system - View only
- Reliability Intelligence - View only
- Threat Detection & Response - View only
- Threat Hunting - View only
- Reports - Add, View, Edit, Create, Delete, Share, Run, and Schedule
|
Responder
|
Can view features, take action on situations, create situations for any team, and create overrides.
Permissions:
- ASI Risk Intelligence - High access
- Asset Monitoring - View only
- Asset Overview - View only
- Asset Onboarding - View only
- Asset Details - View and Edit
- Asset Visualization - View only
- Attack Surface Intelligence - Update only
- Company Management - View only
- Chronicle Integration - View only
- Configurations
- Usage and Limits - View only
- Subscriptions - View only
- User Management - View only
- Services - View only
- Integrations - View only
- Processing Rules - View only
- Correlation Policies - View only
- ActOn Policies - View only
- Scoring Templatization Rules - Add, and View only
- Notification Channels - View only
- Notification Templates - View only
- Notification Policies - View only
- Schedules - View only
- Escalation Policies - View only
- Activity Logs - View only
- Resolutions
- ActOns - Add, View, Edit, Create, and Delete
- Situations - View only
- Signals - Add, View, Edit, Create, and Delete
- Data Extraction - View, Share, and Edit
- Dashboards - View only
- Operational Intelligence - View only
- Ops Ramp system - View only
- Reports - Add, View, Edit, Share, Run, and Schedule
- Reliability Intelligence - View only
- Threat Detection & Response - View only
- Threat Hunting - View only
|
Stakeholder
|
Stakeholders can view features in an account but cannot make modifications. The intended use case for a Stakeholder is to be added as a Subscriber to a situation or notification - they will receive updates about the situation but cannot take any action.
Permissions:
- Add to Notifications
- Asset Monitoring - View only
- Asset Overview - View only
- Asset Onboarding - View only
- Asset Visualization - View only
- Chronicle Integration - View only
- Configurations
- Usage and Limits - View only
- Subscriptions - View only
- Services - View only
- Integrations - View only
- Processing Rules - View only
- Correlation Policies - View only
- ActOn Policies - View only
- Notification Channels - View only
- Notification Templates - View only
- Notification Policies - View only
- Schedules - View only
- Escalation Policies - View only
- Activity Logs - View only
- Resolutions
- ActOns - View only
- Signals - View only
- Situations - View only
- Data Extraction - View only
- Dashboards - View only
- Operational Intelligence - View only
- Ops Ramp system - View only
- Reports - Add, View, and Schedule
- Reliability Intelligence - View only
|
Observer
|
Can view features but cannot make any modifications. If an Observer is assigned to a situation, they will temporarily have Responder access to that situation only and can respond and reassign
Permissions:
- Asset Monitoring - View only
- Asset Overview - View only
- Asset Onboarding - View only
- Asset Visualization - View only
- Attack Surface Intelligence - View only
- Company Management - View only
- Chronicle Integration - View only
- Configurations
- Usage and Limits - View only
- User Management - View only
- Subscriptions - View only
- Services - View only
- Integrations - View only
- Processing Rules - View only
- Correlation Policies - View only
- ActOn Policies - View only
- Notification Channels - View only
- Notification Templates - View only
- Notification Policies - View only
- Schedules - View only
- Escalation Policies - View only
- Activity Logs - View only
- Resolutions
- ActOns - View only
- Signals - View only
- Situations - View only
- Data Extraction - View, and Share only
- Dashboards - View only
- Operational Intelligence - View only
- Ops Ramp system - View only
- Reports - View only
- Reliability Intelligence - View only
- Threat Detection & Response - View only
- Threat Hunting - View only
|
Configurations Manager
|
Full access to create, update, and delete Configurations.
Permissions:
- ASI Risk Intelligence - High and Critical access
- Asset Monitoring - Create, Add, View, Edit, and Delete
- Asset Onboarding - Add, Create, and View
- Asset Overview - View only
- Asset Details - View, Add, Edit, Create, and Delete
- Asset Visualization - View only
- Attack Surface Intelligence - View, and Update only
- Chronicle Integration - Modifier and View
- Configurations
- Usage and Limits - View usage only
- Subscriptions - View only
- User Management - View only
- Services - View, Add, Edit, Create, and Delete
- Integrations - View, Add, Edit, Create, and Delete
- Chronicle CMS - Access only
- Processing Rules - Add, Create, View, Delete, and Edit
- Correlation Policies - Add, Create, View, Delete, and Edit
- ActOn Policies - Add, Create, View, Delete, and Edit
- Scoring Templatization Rules - Add, Create, View, Delete, and Edit
- Notification Channels - Add, Create, Edit, View, and Delete
- Notification Templates - Add, Create, Edit, View, and Delete
- Notification Policies - Add, Create, Edit, View, and Delete
- Schedules - View only
- Escalation Policies - View only
- Activity Logs - View only
- Tenant/Organization Management - View, List, Add, Edit, Create and Delete
- Resolutions
- ActOns - View only
- Signals - View only
- Situations - View only
- Dashboards - View, Edit, Create, Add, and Delete
- Explore Signals - View only
- Operational Intelligence - View only
- OpsRamp system - View only
- Threat Detection & Response - View only
- Threat Hunting - View only
|
Restricted Access
|
By default, if the user is created without a role, he will be given a restricted access role, they cannot view or edit any features on the account.
Permissions:
- Dashboards - View only
- Configurations
- Notification Channels - View only
- Services - View only
- Operational Intelligence - View only
- Reliability Intelligence - View only
|
Comments
0 comments
Please sign in to leave a comment.