Every Carbon Black Cloud console user is assigned to a role that defines permissions. The role is assigned when you create the new user account; this assignment can be modified at any time.
Carbon Black Cloud includes four Kubernetes-related pre-defined roles that you can assign to users (or you can create custom roles: see Add a Container Role.
- Kubernetes SecOps View Only
- Kubernetes SecOps
- Kubernetes DevOps
- Kubernetes Security Developer
Kubernetes Security DevOps are responsible for the Kubernetes workload posture. Responsibilities include setting up clusters, scopes, and security policies for Kubernetes workloads. Security DevOps can monitor the health of the Kubernetes environment, investigate workloads and violations, and take appropriate actions.
Role Definitions and Recommendations
The following table describes Carbon Black Cloud permissions and recommendations for user roles for Containers.
Role | Description | Permissions | Workflow |
---|---|---|---|
Kubernetes SecOps View Only | Monitors environment. Cannot take any actions. |
|
N/A |
Kubernetes SecOps | Assess and control the workload’s attack surface from build to runtime. Focus on detecting, responding to, and preventing container runtime threads —can quickly detect runtime threads. This role is appropriate for SOC Analysts. |
|
|
Kubernetes DevOps | Assess and control the workload’s attack surface from build to runtime. Troubleshooting and remediation of security issues. Responsible for determining the Kubernetes workload posture. Responsibilities include setting up Kubernetes policies, scopes, and clusters in the Carbon Black Cloud console. Security DevOps can monitor the health of the Kubernetes environment, investigate workloads and violations, and take appropriate actions. |
|
|
Kubernetes Security Developer | Inspects a single container for security posture and compliance. |
|
|