The Carbon Black EDR console is the user interface for access to Carbon Black EDR features. Each console user logs in to the system with a user name and password. Login accounts provide administrators, analysts, and others to access the features that are appropriate to their role, and allows administrators to limit unnecessary access to features or sensors.

During the Carbon Black EDR installation process, a default user account is created and assigned Global Administrator status. This user has full access to all sensors and all features. After you log in by using the default account, you can set up additional users, including other Global Administrators and users with other roles that can vary by sensor group.

The capabilities of a user are determined by the following factors:

  • Is the user a Global Administrator? – A checkbox on the User Details page determines whether a user has administrator privileges (for all sensor groups and features). If a user is a Global Administrator, the following factors are not relevant.

  • What teams does the user belong to? – The privileges of users who are not Global Administrators depend upon the teams to which they belong. Global Administrators can also be assigned to teams, although team membership does not affect them unless their administrator status is disabled.

  • What roles do team members have for each Sensor Group? – Teams specify a role , which determines the level of privileges that their members have for each sensor group . There are three roles: Analyst , Viewer , and No Access. Teams can (and usually will) have different roles for different sensor groups. See Role-based Privileges for Teams.

  • What is the highest role for any team this user belongs to? – Access to some features is not restricted by sensor group, but is still controlled by the roles that are assigned to a team. These features become available to a user if the user is on at least one team that has a high enough role for at least one sensor group .

    This helps control access to features that are not specific to sensor groups, but to which you might want to restrict access. For example, threat feeds are not specific to any sensor group, but are an important tool for Carbon Black EDR threat monitoring. If a user is an Analyst on any team, that user can take actions that are available on the Threat Intelligence Feeds page.

  • Is the user an Analyst with enhanced permissions? – For Analysts, access to especially sensitive features (such as Live Response, sensor isolation, uninstalling sensors, file banning, and tamper protection levels) is controlled by enhanced permissions. These are added on a per-user basis. See Adding Enhanced Permissions for Analysts.

A table with more specific details about team privileges is displayed in Managing User Access with Teams.


Creation and management of user accounts and teams is available only to Global Administrators in Carbon Black EDR installations, and by Administrators in Carbon Black Hosted EDR installations.