Carbon Black Hosted EDR users access their server console using a Carbon Black Hosted EDR account. User accounts allow system management professionals, threat responders, and other console users to access and manage Carbon Black Hosted EDR features.
User accounts are initiated when an administrator sends an email invitation to a new user, who can then respond to the invitation and create the account. Users can access one or more servers for which they have been authorized. In Carbon Black Hosted EDR, separate accounts are not created for each authorized server.
The capabilities of a user are determined by the following factors:
For which servers is the user authorized? – The administrator who sends out an account invitation is inviting the user to create an account (if they don’t already have one) and authorize that account for a particular server.
Is the user an Administrator? – The administrator who sends out an account invitation determines whether the new user will have administrator privileges. This can be changed later. If a user is an Administrator, the next three factors are not relevant.
What teams does the user belong to? – The privileges of users who are not administrators depend upon the teams to which they belong. Administrators can also be assigned to teams, although team membership does not affect them unless their administrator status is disabled.
What roles do team members have for each sensor group? – Teams specify a role , which determines the level of privileges their members have for each sensor group . There are three roles: Analyst , Viewer, and No Access. Teams can (and usually will) have different roles for different sensor groups.
What is the highest role for any team this user belongs to? – Access to some features is not restricted by sensor group, but is controlled by the roles that are assigned to a team. These features become available to a user if the user is on at least one team that has a high enough role for at least one sensor group .
This mechanism helps control access to features that are not specific to sensor groups, but to which you can restrict access. For example, threat feeds are not specific to any sensor group, but are an important tool for threat monitoring. If a user is an Analyst on any team, that user can take any of the actions available on the Threat Intelligence Feeds page.
Is the user an Analyst with enhanced permissions? – For Analysts, access to sensitive features (Live Response, sensor isolation, uninstalling sensors, file banning, etc.) is controlled by supplemental enhanced permissions.
Creation and management of user accounts and teams is available to Administrators only.