Every Carbon Black Cloud user is assigned a role. User roles contain varying sets of permissions that specify available views and actions.
There are two kinds of user roles: pre-defined, built-in roles that Carbon Black Cloud supplies, and custom roles that you create. This section describes these roles and how to manage them.
Pre-defined Built-in Roles
The Carbon Black Cloud console comes with the following pre-defined, built-in roles to assign to your users.For a list and description of Kubernetes roles, see Using and Creating Roles for Containers.
Role | Description |
---|---|
View All | Views pages, exports data, and adds notes and tags. This role is suitable for new users or users in an oversight capacity. Permissions include:
|
Level 1 Analyst | Triages alerts and places assets in or out of quarantine. Permissions include:
Note: Providing determination feedback is available for
Carbon Black XDR and
Carbon Black Cloud Enterprise EDR customers only.
|
Level 2 Analyst | Initiates Live Response sessions to effect change on files and registry entries. Users can also effect change on endpoints or workloads through Live Response, file deletion, and quarantine. Permissions include all Analyst 1 permissions in addition to:
|
Level 3 Analyst | Manages applications and certificates and uses all Live Response features, including process execution, memory dump, and removal from endpoints. Permissions include all Analyst 2 permissions in addition to:
|
System Admin | Users are responsible for daily admin activities including adding users, managing sensors, and enabling bypass. Users in this role cannot change global settings, delete files, or use Live Response. |
Super Admin | Users have all permissions, including console setup and configuration, Live Response, and policy management, API keys, and group rules. |
Role | Description |
---|---|
View Only - Legacy | View only; cannot take actions. |
Live Response Admin - Legacy | Live Response Admin. Full administrator rights; can view and take action on alerts, and use Live Response to remediate issues on endpoints or workloads. |
Admin - Legacy | Full administrator rights; can view and take action on alerts and use Live Response to remediate issues on endpoints or workloads. |
Custom Roles
If the pre-defined, built-in roles do not satisfy your requirements, you can create custom roles and define specific permissions for those roles. See Add a Custom Role