Each user of the Carbon Black App Control Console has one or more user roles. A user role is a collection of permissions, each of which allows the user to view specified information or manage specified actions in the console. Usually, these permissions map to specific pages in the console.
For a permission that involves information about or actions affecting agent-managed computers, a role can be configured to restrict permissions to specified policies.
You can create as many role- and policy-specific permission sets as you need. Once roles are created, you can assign or remove them as needed, giving each user just the permissions they need at any time. You can make these assignments manually or use AD-mapping for automatic role assignment.
For user accounts created in the console, roles are assigned on the Add Login Account page and can be changed on the Edit Login Account page. The following table summarizes the default privileges for the built-in User Roles:
User Role |
Capabilities Summary |
---|---|
Administrator (Unified Management) |
Access to all features. This is the only role that has permission to configure Unified Management. This permission cannot be added to any other role. |
Administrator |
Access to almost all features; does not enable permission to:
Can add or remove privileges from any user, including itself. |
PowerUser |
|
ReadOnly |
View-only access to information on most table, report, and details pages; does not enable permission to:
ReadOnly users can make the following modifications:
|
User (Unified Management) |
All permissions for a ReadOnly user plus can use Unified Management features. |
Built-in user roles cannot be deleted, but the privileges of the Administrator, PowerUser and ReadOnly roles can be edited to enable or disable access to features. In addition, the roles themselves can be disabled.
Administrators can create new user roles with custom privileges (including the ability to create accounts and roles). See Managing Console User Roles for instructions on creating user roles and customizing account privileges.