Access to Carbon Black App Control endpoint management features depends upon the Login Account Role Permissions for the user who is attempting access.

Relevant permissions are:

• View computers – Ability to view endpoint pages
• Temporary assign computers – Ability to generate temporary policy override codes
• Manage computers – Ability to manually assign computer (endpoint) to policies and change Enforcement Level
• Change advanced options – Ability to change advanced options such as collection diagnostics and re-synchronizing
• Manage system configuration – Ability to upload new agent installer and rule packages

The built-in user roles have the following endpoint management permissions:

• Administrator and PowerUser accounts (including Unified Management versions) with default permissions have full access to these features.
• Read-Only users with default permissions can view the details of endpoints running agents but cannot add, delete, or change their configuration.
• The access level of users in custom login account roles depends on the role’s permissions in the Computers asset rows on the Add Edit Role page. Note that some features described here require additional permissions.

See "User Role Permissions" in the Carbon Black App Control User Guide for full details on viewing and changing login account role permissions.

In addition to standard computer management features, some or all users can be allowed to access agent management commands that can be used in special situations, usually in consultation with Carbon Black Support. See "Configuring Agent Management Privileges" in the Carbon Black App Control User Guide for more details.