Every user is assigned to a role that has permissions. The following tables describe the available permissions by feature or category.
Tip: For Kubernetes roles and permissions, see:
Using and Creating Roles for Containers.
Permission | Description |
---|---|
Close Alerts | Close selected alerts. |
Manage Alerts, Notes, and Tags | Add, edit, and delete alerts, notes, and tags. |
Manage Notifications | Add, edit, and delete notifications. |
View Alerts, Notes, and Tags | View and search alerts, notes, and tags. |
View Notifications | Access and view content on the Notifications page. |
Permission | Description |
---|---|
Register workload appliances and send workload assets to Carbon Black Cloud. | Register the Carbon Black Cloud workload appliance and send the workload inventory data on the Inventory > VM Workloads page. You must have appliance credentials to register the appliance with Carbon Black Cloud. |
View Appliance Details | After registration of the Carbon Black Cloud workload appliance, view the appliance details on the Settings > API Access > API Keys page. |
Permission | Description |
---|---|
Request Updated Compliance Data | Request updated compliance data. |
View and Export Compliance Data | View and export compliance data. |
Permission | Description |
---|---|
View Container Security | View and search container context in events and alerts. |
Permission | Description |
---|---|
Manage Watchlist Feeds | Enable or disable reports and IOCs from watchlists curated by Carbon Black and third parties. |
Manage Watchlists | Add, edit, and delete custom watchlists, related reports, and IOCs. Subscribe and unsubscribe from watchlists curated by Carbon Black and third parties. |
View Watchlist Feeds | View all watchlists; custom and curated by Carbon Black and third parties. |
View Watchlists | View the Watchlists page and all available watchlists. |
Permission | Description |
---|---|
Perform Deobfuscation | Perform deobfuscation. |
Permission | Description |
---|---|
Manage Enforcement | Turn on/off blocking on the Policies page. Manage Policies is required to change policy settings. |
Manage External Devices | Review external devices, create approvals for specific or multiple USB devices, and manage approvals. |
View External Devices | View USB Devices page and all the detected external devices. |
Permission | Description |
---|---|
Background Scan | Enable or disable background scan on a device. |
Bypass | Enable or disable bypass mode on a device. |
Change Backend Server | Change backend server. |
Deregister and Delete Sensors | Manage deregistration and uninstall settings for sensors. |
Export Device Data | Export device data to a CSV. |
Get and Delete a Hash from Specified Devices | Upload and delete a hash from devices. |
Manage Device Assignments | Assign policies to devices. |
Manage Devices | Add and delete device owners; send activation codes. Download and update sensors and signature versions. |
Manage Groups | Add, edit, and delete groups. |
Quarantine | Enable or disable quarantined state on a device. |
View Devices and Groups | View device and group information. |
Permission | Description |
---|---|
Delete Files | Delete uploaded reputation files. |
Manage Reputations and Auto-Banned List | Add, edit, and delete reputations. Configure auto-banned list settings. |
View Reputations | View and search reputations; view auto-banned list settings. |
Permission | Description |
---|---|
Manage Host Based Firewall Rules | Add, edit, delete, and enforce Host-based Firewall rules. |
Permission | Description |
---|---|
Conduct Investigations | Use filters and search capability on the Investigate page. |
Export Event Data | Export event data from the Investigate page to a CSV. |
Permission | Description |
---|---|
Use Live Query | Use all Live Query capabilities. Create, execute, and view query results. |
View Live Query | View query results. |
Permission | Description |
---|---|
Dump Memory and Remove Live Response | Dump kernel memory and permanently remove Live Response from the asset. |
Execute Live Response Processes | Execute processes on the remote asset. |
Use Live Response | Initiate Live Response sessions, modify files and registry, and stop processes. |
View Live Response | Initiate Live Response sessions, view files, registry, and processes. |
Permission | Description |
---|---|
Download Sensor Kits | Download and update sensor and signature version kits. User Interface requires the View Devices and Sensor Groups permission. |
Export Dashboard Data | Export dashboard data to a CSV. |
Manage Data Forwarders | Manage configuration settings for data forwarders. |
Manage Organization Information and Codes | Create organization settings; set registry key and reset company registration codes. |
View and Export Audit Logs | View and search audit logs; export audit log data to CSV. |
View Data Forwarders | View the Data Forwarder page and all data forwarders. |
View Organization Information and Codes | View organization settings, registry key, and company registration codes. |
Permission | Description |
---|---|
Manage Policies | Add, edit, and delete policies. |
View Policies | View policies. |
Permission | Description |
---|---|
Manage Public Cloud Accounts | Manage public cloud accounts. |
View Public Cloud Accounts | View public cloud accounts. |
View Public Cloud Inventory | View public cloud inventory. |
Permission | Description |
---|---|
Request Updated Vulnerability Data | Refresh the Vulnerabilities page to get the latest data. |
View and Export Vulnerability Data | View and export vulnerability data to a CSV. |
Permission | Description |
---|---|
View Workload Consumption Dashboard | View Workload Consumption Dashboard. |
Permission | Description |
---|---|
Manage Kubernetes Security | Manage Kubernetes security. |
Manage Workloads | Manage install sensor action for workload VMs. |
NSX Tags | Adminster NSX Tags. |
View Image and Manage Image Exceptions | View image and manage image exceptions. |
View Workloads | View workloads. |