Customers and partners in multi-tenant Carbon Black Cloud environments can enforce a least privileged access model by assigning various levels of access to users for each org.
When creating a user in a parent organization, you are prompted to specify roles for the parent organization and any child organizations you want to grant access to.
![The Add User panel](images/GUID-46F6E19B-9667-4131-8799-558CD3AF09A4-low.png)
Before creating or modifying users, you should familarize yourself with how Carbon Black Cloud handles roles and permissions in a multi-tenancy environment. See: Multi-tenancy Role Assignments
Tip: You can also use the
Access Profiles and Grants API to manage (create/read/update/delete) roles for a principal in your organization.