Customers and partners in multi-tenant Carbon Black Cloud environments can enforce a least privileged access model by assigning various levels of access to users for each org.

When creating a user in a parent organization, you are prompted to specify roles for the parent organization and any child organizations you want to grant access to.

The Add User panel

Before creating or modifying users, you should familarize yourself with how Carbon Black Cloud handles roles and permissions in a multi-tenancy environment. See: Multi-tenancy Role Assignments

Tip: You can also use the Access Profiles and Grants API to manage (create/read/update/delete) roles for a principal in your organization.