Every user is assigned to a role that has permissions. The following tables describe the available permissions by feature or category.

Tip: For Kubernetes roles and permissions, see: Using and Creating Roles for Containers.
Table 1. Alerts
Permission Description
Close Alerts Close selected alerts.
Manage Alerts, Notes, and Tags Add, edit, and delete alerts, notes, and tags.
Manage Notifications Add, edit, and delete notifications.
View Alerts, Notes, and Tags View and search alerts, notes, and tags.
View Notifications Access and view content on the Notifications page.
Table 2. Appliances
Permission Description
Register workload appliances and send workload assets to Carbon Black Cloud. Register the Carbon Black Cloud workload appliance and send the workload inventory data on the Inventory > VM Workloads page. You must have appliance credentials to register the appliance with Carbon Black Cloud.
View Appliance Details After registration of the Carbon Black Cloud workload appliance, view the appliance details on the Settings > API Access > API Keys page.
Table 3. Compliance Assessment
Permission Description
Request Updated Compliance Data Request updated compliance data.
View and Export Compliance Data View and export compliance data.
Table 4. Container Security Management
Permission Description
View Container Security View and search container context in events and alerts.
Table 5. Custom Detections
Permission Description
Manage Watchlist Feeds Enable or disable reports and IOCs from watchlists curated by Carbon Black and third parties.
Manage Watchlists Add, edit, and delete custom watchlists, related reports, and IOCs. Subscribe and unsubscribe from watchlists curated by Carbon Black and third parties.
View Watchlist Feeds View all watchlists; custom and curated by Carbon Black and third parties.
View Watchlists View the Watchlists page and all available watchlists.
Table 6. Deobfuscation
Permission Description
Perform Deobfuscation Perform deobfuscation.
Table 7. Device Control
Permission Description
Manage Enforcement Turn on/off blocking on the Policies page. Manage Policies is required to change policy settings.
Manage External Devices Review external devices, create approvals for specific or multiple USB devices, and manage approvals.
View External Devices View USB Devices page and all the detected external devices.
Table 8. Endpoint Management
Permission Description
Background Scan Enable or disable background scan on a device.
Bypass Enable or disable bypass mode on a device.
Change Backend Server Change backend server.
Deregister and Delete Sensors Manage deregistration and uninstall settings for sensors.
Export Device Data Export device data to a CSV.
Get and Delete a Hash from Specified Devices Upload and delete a hash from devices.
Manage Device Assignments Assign policies to devices.
Manage Devices Add and delete device owners; send activation codes. Download and update sensors and signature versions.
Manage Groups Add, edit, and delete groups.
Quarantine Enable or disable quarantined state on a device.
View Devices and Groups View device and group information.
Table 9. Files and Reputations
Permission Description
Delete Files Delete uploaded reputation files.
Manage Reputations and Auto-Banned List Add, edit, and delete reputations. Configure auto-banned list settings.
View Reputations View and search reputations; view auto-banned list settings.
Table 10. Host Based Firewall
Permission Description
Manage Host Based Firewall Rules Add, edit, delete, and enforce Host-based Firewall rules.
Table 11. Investigate
Permission Description
Conduct Investigations Use filters and search capability on the Investigate page.
Export Event Data Export event data from the Investigate page to a CSV.
Table 12. Live Query
Permission Description
Use Live Query Use all Live Query capabilities. Create, execute, and view query results.
View Live Query View query results.
Table 13. Live Response
Permission Description
Dump Memory and Remove Live Response Dump kernel memory and permanently remove Live Response from the asset.
Execute Live Response Processes Execute processes on the remote asset.
Use Live Response Initiate Live Response sessions, modify files and registry, and stop processes.
View Live Response Initiate Live Response sessions, view files, registry, and processes.
Table 14. Organization Settings
Permission Description
Download Sensor Kits Download and update sensor and signature version kits. User Interface requires the View Devices and Sensor Groups permission.
Export Dashboard Data Export dashboard data to a CSV.
Manage Data Forwarders Manage configuration settings for data forwarders.
Manage Organization Information and Codes Create organization settings; set registry key and reset company registration codes.
View and Export Audit Logs View and search audit logs; export audit log data to CSV.
View Data Forwarders View the Data Forwarder page and all data forwarders.
View Organization Information and Codes View organization settings, registry key, and company registration codes.
Table 15. Policy Management
Permission Description
Manage Policies Add, edit, and delete policies.
View Policies View policies.
Table 16. Public Cloud
Permission Description
Manage Public Cloud Accounts Manage public cloud accounts.
View Public Cloud Accounts View public cloud accounts.
View Public Cloud Inventory View public cloud inventory.
Table 17. Vulnerability Assessment
Permission Description
Request Updated Vulnerability Data Refresh the Vulnerabilities page to get the latest data.
View and Export Vulnerability Data View and export vulnerability data to a CSV.
Table 18. Workload Consumption
Permission Description
View Workload Consumption Dashboard View Workload Consumption Dashboard.
Table 19. Workload Management
Permission Description
Manage Kubernetes Security Manage Kubernetes security.
Manage Workloads Manage install sensor action for workload VMs.
NSX Tags Adminster NSX Tags.
View Image and Manage Image Exceptions View image and manage image exceptions.
View Workloads View workloads.