Roles grant users access to features and functionality in Red Canary. A user can have one or more roles on a subdomain/account.

Assign and remove roles for users

You can assign a role to a user to grant them the abilities of that role.

To assign a role to a user...

1. In Red Canary, click your profile icon, and then click Users & Roles.
2. Assign one or more roles to the user by checking the boxes next to each role.

To remove a role from a user...

1. In Red Canary, click your profile icon, and then click Users & Roles.
2. Remove a role from the user by unchecking the boxes next to each role.

Why can’t I remove the technical or business contact roles from a user?

Each account must have an assigned technical contact and business contact. To remove those roles from a user, assign those roles to another user and the role will be transferred.

What permissions does each role grant?

All users have the ability to:

• Log in to Red Canary
• Edit their own user profile
• Download sensor installers
• Securely share files with their Red Canary team

EDR User

For organizations with an EDR/EPP platform for which Red Canary can manage user accounts and SSO, the EDR user role grants users unprivileged access to that EDR/EPP platform.

Responder

The Responder role grants users the ability to respond to threats by isolating endpoints and executing response actions on those systems. 

This role allows users to:

• View threat details
• Use endpoint isolation 
• Manage pre-configured and on-demand automation triggers and playbooks
• Have privileged access to the EDR platform

Workflow User

The Workflow User role is designed for users who will receive, review, and update the remediate state of threats. 

This role allows users to:

• View threat details
• Mark threats as Acknowledged, Remediated, or Not Remediated

Analyst

The Analyst role is designed for security operations users who will be reviewing Red Canary events, threats, and reports.

This role allows users to:

• View threats details
• View Reports, Insights, and Activity Monitors
• View endpoints (but not decommission them)
• Mark threats as Acknowledged, Remediated, or Not Remediated

Analyst Viewer

The Analyst Viewer role is a read-only version of the Analyst role.

This role allows users to:

• View threat details (but not mark them)
• View Reports, Insights, and Activity Monitors
• View endpoints (but not decommission them)

Applications Manager

The Applications Manager role grants users, without Admin permissions, the ability to view and edit the Applications page.

This role allows users to:

• Manage applications

Admin

The Admin role is an administrative role designed for system or IT administrators who set up and configure the platform and integrations. This role is not the type of administrator role that grants the ability to perform all actions.

This role allows users to:

• Manage security settings, including users, roles, single sign-on, etc.
• Can enable and disable multi-factor authentication for users
• Manage system settings
• Manage endpoints (view, decommission, reinstate, etc.) 
• Manage pre-configured and on-demand automation triggers and playbooks
• View audit logs
• View the Status Checks page

Technical Contact

Each account’s single Technical Contact is the technical point of contact for Red Canary. 

This role allows users to:

• Manage system settings
• Manage pre-configured and on-demand automation triggers and playbooks
• Have privileged access to any EDR/EPP platforms
• Administer external alert sources

Business Contact

Each account’s single Business Contact is the business point of contact for Red Canary.

This role allows users to:

• Request changes to license coverage
• View external alert sources
• Accept terms and conditions

Supporting Partner

This composite role is equivalent to the Admin, Analyst, and Responder roles and is intended for users who are not part of your organization but work with Red Canary to achieve your security outcomes.