Every user is assigned to a role that has permissions. The following tables describe the available permissions by feature or category.
Tip: For Kubernetes roles and permissions, see:
Using and Creating Roles for Containers.
| Permission | Description |
|---|---|
| Close Alerts | Close selected alerts. |
| Manage Alerts, Notes, and Tags | Add, edit, and delete alerts, notes, and tags. |
| Manage Notifications | Add, edit, and delete notifications. |
| View Alerts, Notes, and Tags | View and search alerts, notes, and tags. |
| View Notifications | Access and view content on the Notifications page. |
| Permission | Description |
|---|---|
| Manage Access Levels | Add, edit, and delete access levels. |
| Manage API Keys | Add, edit, and delete API keys. |
| View API Keys | Access and view content on the Settings > API Access page. |
| Permission | Description |
|---|---|
| Register workload appliances and send workload assets to Carbon Black Cloud. | Register the Carbon Black Cloud workload appliance and send the workload inventory data on the Inventory > VM Workloads page. You must have appliance credentials to register the appliance with Carbon Black Cloud. |
| View Appliance Details | After registration of the Carbon Black Cloud workload appliance, view the appliance details on the Settings > API Access > API Keys page. |
| Permission | Description |
|---|---|
| Request Updated Compliance Data | Request updated compliance data. |
| View and Export Compliance Data | View and export compliance data. |
| Permission | Description |
|---|---|
| View Container Security | View and search container context in events and alerts. |
| Permission | Description |
|---|---|
| Manage Watchlist Feeds | Enable or disable reports and IOCs from watchlists curated by Carbon Black and third parties. |
| Manage Watchlists | Add, edit, and delete custom watchlists, related reports, and IOCs. Subscribe and unsubscribe from watchlists curated by Carbon Black and third parties. |
| View Watchlist Feeds | View all watchlists; custom and curated by Carbon Black and third parties. |
| View Watchlists | View the Watchlists page and all available watchlists. |
| Permission | Description |
|---|---|
| Perform Deobfuscation | Perform deobfuscation. |
| Permission | Description |
|---|---|
| Manage Enforcement | Turn on/off blocking on the Policies page. Manage Policies is required to change policy settings. |
| Manage External Devices | Review external devices, create approvals for specific or multiple USB devices, and manage approvals. |
| View External Devices | View USB Devices page and all the detected external devices. |
| Permission | Description |
|---|---|
| Background Scan | Enable or disable background scan on a device. |
| Bypass | Enable or disable bypass mode on a device. |
| Change Backend Server | Change backend server. |
| Deregister and Delete Sensors | Manage deregistration and uninstall settings for sensors. |
| Export Device Data | Export device data to a CSV. |
| Get and Delete a Hash from Specified Devices | Upload and delete a hash from devices. |
| Manage Device Assignments | Assign policies to devices. |
| Manage Devices | Add and delete device owners; send activation codes. Download and update sensors and signature versions. |
| Manage Groups | Add, edit, and delete groups. |
| Quarantine | Enable or disable quarantined state on a device. |
| View Devices and Groups | View device and group information. |
| Permission | Description |
|---|---|
| Delete Files | Delete uploaded reputation files. |
| Manage Reputations and Auto-Banned List | Add, edit, and delete reputations. Configure auto-banned list settings. |
| View Reputations | View and search reputations; view auto-banned list settings. |
| Permission | Description |
|---|---|
| Manage Host Based Firewall Rules | Add, edit, delete, and enforce Host-based Firewall rules. |
| Permission | Description |
|---|---|
| Conduct Investigations | Use filters and search capability on the Investigate page. |
| Export Event Data | Export event data from the Investigate page to a CSV. |
| Permission | Description |
|---|---|
| Use Live Query | Use all Live Query capabilities. Create, execute, and view query results. |
| View Live Query | View query results. |
| Permission | Description |
|---|---|
| Dump Memory and Remove Live Response | Dump kernel memory and permanently remove Live Response from the asset. |
| Execute Live Response Processes | Execute processes on the remote asset. |
| Use Live Response | Initiate Live Response sessions, modify files and registry, and stop processes. |
| View Live Response | Initiate Live Response sessions, view files, registry, and processes. |
| Permission | Description |
|---|---|
| Configure 2FA and SAML | Add, edit, and delete two-factor authentication and SAML settings. |
| Download Sensor Kits | Download and update sensor and signature version kits. User Interface requires the View Devices and Sensor Groups permission. |
| Export Dashboard Data | Export dashboard data to a CSV. |
| Manage Data Forwarders | Manage configuration settings for data forwarders. |
| Manage Organization Information and Codes | Create organization settings; set registry key and reset company registration codes. |
| Manage Roles | Add, edit, and delete user roles. |
| Manage Users | Add, edit, and delete console users; assign roles to users. |
| View 2FA and SAML | View two-factor authentication and SAML settings. |
| View and Export Audit Logs | View and search audit logs; export audit log data to CSV. |
| View Data Forwarders | View the Data Forwarder page and all data forwarders. |
| View Organization Information and Codes | View organization settings, registry key, and company registration codes. |
| View Users | View console user information. |
| Permission | Description |
|---|---|
| Manage Policies | Add, edit, and delete policies. |
| View Policies | View policies. |
| Permission | Description |
|---|---|
| Manage Public Cloud Accounts | Manage public cloud accounts. |
| View Public Cloud Accounts | View public cloud accounts. |
| View Public Cloud Inventory | View public cloud inventory. |
| Permission | Description |
|---|---|
| Manage Sensor Gateway | Manage sensor gateway. |
| Permission | Description |
|---|---|
| Manage Threat Tracer | View and edit the Threat Tracer list and graph. Add entities, relationships, and create new graphs. |
| View Threat Tracer | View the Threat Tracer list and individual graphs. |
| Permission | Description |
|---|---|
| Request Updated Vulnerability Data | Refresh the Vulnerabilities page to get the latest data. |
| View and Export Vulnerability Data | View and export vulnerability data to a CSV. |
| Permission | Description |
|---|---|
| View Workload Consumption Dashboard | View Workload Consumption Dashboard. |
| Permission | Description |
|---|---|
| Manage Kubernetes Security | Manage Kubernetes security. |
| Manage Workloads | Manage install sensor action for workload VMs. |
| NSX Tags | Adminster NSX Tags. |
| View Image and Manage Image Exceptions | View image and manage image exceptions. |
| View Workloads | View workloads. |
