This section describes how to manage Carbon Black EDR Unified View users.

Carbon Black EDR Unified View users are the administrators and security personnel who are responsible for the following activities in Carbon Black EDR Unified View:

  • Configuring and monitoring Carbon Black EDR clusters.
  • Creating and managing user accounts.
  • Performing process and binary searches on clusters.
  • Analyzing search results and drilling down to individual clusters to investigate the returned data.

Permissions for User Management Tasks

You must create separate user accounts specifically for Carbon Black EDR Unified View. User accounts created on the Carbon Black EDR clusters cannot be used to log in to the Carbon Black EDR Unified View console.

Two elements determine what a user can do in Carbon Black EDR Unified View:

  • Access to Carbon Black EDR Unified View user and cluster management features is determined by whether a user is configured as an Administrator. Non-administrator users can use binary and process search features, and browse to clusters to which they have been authenticated.
  • Access to each connected cluster and its information is determined on a per-user basis by the API token that is used to authenticate the connection to each cluster.

The privileges required to perform different user management tasks varies by task type and location in Carbon Black EDR Unified View or the clusters being viewed.

  • User Management Page in Carbon Black EDR Unified View – Only a Carbon Black EDR Unified View administrator can perform the following user management tasks:
    • View all user accounts
    • Modify user accounts
    • Add users
    • Delete users
    • Grant or remove administrator permissions
  • Cluster Management Page in Carbon Black EDR Unified View – Only a Carbon Black EDR Unified View administrator can require that users provide an individual API token to authenticate to a cluster.
  • My Profile in Carbon Black EDR Unified View – All Unified View users can view and modify their own Carbon Black EDR Unified View user profile on the My Profiles page. This includes providing API tokens to authenticate connections to clusters.
  • User Management Page on a cluster – A Carbon Black EDR Unified View user who is authenticated with a global administrator account on a cluster can manage individual cluster accounts from within Carbon Black EDR Unified View.
  • My Profile on a cluster – The My Profile on a cluster cannot be modified through Carbon Black EDR Unified View. A Carbon Black EDR Unified View user with a user account on a managed cluster must log into the cluster directly to view or modify their profile. See Single-Cluster Context.