General

This article outlines details and important aspects of the seven account roles available to you within your Red Canary portal. 

Overview

  1. Roles are additive. You can select multiple roles for a user and the relevant permissions of those roles will add together. 
  2. A common combination of roles for a user who should have full functionality within both the Red Canary portal and the underlying EDR platform is Admin, Responder and Analyst
  3. Technical Contact and Business Contact roles are limited to one use per portal. A portal user can have both roles, or the roles can be split between two users. Technical Contact will be the go-to for after-hours detection escalations (unless other arrangements have been made with your CSM or via Automate). Business Contact will be used for contract-based questions.
  4. Analyst Viewer provides read-only access with similar visibility to the Analyst role.
  5. Users that only have the role of Admin cannot view detections. 
  6. Carbon Black (Cb) Response permissions are only reconciled if user accounts are created and controlled with the Red Canary portal. Customers leveraging Cb Cloud, on-premise Cb Response instances or Single Sign-On are responsible for managing authorization within those platforms.
  7. Features that a user can access via the Red Canary portal are also accessible via our API. 

What can each role do?

Below are two ways to review roles, a chart and a text list.

All Users

  • Log in to the Red Canary portal
  • Edit their own user profile
  • Download sensor installers
  • Use the Share a File feature

Endpoint Detection and Response User

  • Unprivileged access to the Endpoint Detection and Response platform

Responder

  • View Detection details
  • Use endpoint isolation 
  • View, create, edit and execute Response Plans
  • Privileged access to the Endpoint Detection and Response platform

Workflow User

  • View Detection details
  • Mark Detections as Acknowledged, Remediated, or Not Remediated

Analyst

  • View Detection details
  • View Reports, Insights and Activity Monitors
  • View Endpoints (but not decommission them)
  • Mark Detections as Acknowledged, Remediated, or Not Remediated

Analys Viewer

  • View Detection details
  • View Reports, Insights and Activity Monitors
  • View Endpoints (but not decommission them)
  • View Detections (but not mark them)

Admin

  • Manage Security, including Users & Roles, Single Sign-On
  • Manage System settings
  • Manage Integrations
  • Manage Endpoints (view, decommission, reinstate) 
  • Manage Automate Triggers & Playbooks
  • View Audit Logs

Technical Contact

  • Manage System settings
  • Manage Integrations
  • Manage Automate Triggers & Playbooks
  • Privileged access to the Endpoint Detection and Response platform

Business Contact

  • Accept Terms and Conditions

Did this answer your question?