Skip to main content

Who is this article for?

Code42 for Enterprise
CrashPlan for Small Business

Code42 for Enterprise, yes.

CrashPlan for Small Business, no.

This article applies to on-premises authority servers.

Other available versions:

CloudLink: What version am I on?

HOME
GETTING STARTED
RELEASE NOTES
FAQS
SYSTEM STATUS
Code42 Support

Role assignment use cases

Overview

Roles give users the authorization they need to do their work in Code42. This article describes common use cases for role assignments.

For directions on how to assign roles, see Manage user roles. For a listing of available roles, see Roles reference.

Considerations

  • Assign roles so that users have the lowest level of privilege needed to perform their jobs.
  • After assigning roles, test to confirm that individuals can perform their required tasks and can access the data they need.
  • If you need to manage an application that integrates with Code42 (see use case 2), we recommend you create a user in your Code42 environment who is exclusively used to configure and use the integration because users set up this way do not consume a license.
  • Assign the SYSADMIN role only to those users who you want to have all possible rights.
    Assign the SYSADMIN role with care
    We don't recommend assigning this role to anyone except for the individuals you want to have complete control of your Code42 environment. When possible, rather than assigning the SYSADMIN role, assign roles with the lowest level of privilege necessary for users to do their jobs.

Use cases

Use case 1: Investigate suspicious file activity

Scenario

You need to assign roles to an individual who will investigate suspicious file activity across all organizations.

You want this individual to be able to view User Activity in the Code42 console and receive activity notifications so they can identify users to investigate. However, you do not want this individual to be able to perform any other actions on users. Their privileges will be restricted solely to investigation.

Use case 2: Manage a security application integrated with Code42

Scenario

You have a security incident response application integrated with Code42 (such as Splunk Phantom or another such application integrated with Code42 using the Code42 API). You need to assign roles to a Code42 user account used by this application so that it has the permissions needed to automatically respond to security incidents. 

You want the integration to be able to view file activity events, and you also want the integration to have the ability to block and deactivate users or devices as needed as part of a security incident response.

Recommended roles

For an application such as Code42 app for Splunk for which you only require the ability to view security data without taking actions on users or devices, you need only assign the All Org Security Viewer role. 

Use case 3: Administer a Code42 organization

Scenario

You need to assign roles to a user who will manage an individual organization in the Code42 environment.

You want the individual to be able to perform all needed administrative tasks in the organization, such as add users, deactivate users and devices, move users to different organizations, and create child organizations This individual will not perform any security investigations. Their duties will be solely to manage Code42 users, devices, and settings in their organization.

Recommended roles

Use case 4: Perform end user help desk support

Scenario

You need to assign roles to an individual who will perform support-related tasks (such as restore files and change settings) for users of the Code42 app in a single organization.

You do not want this individual to be able to perform any administrative actions such as add users, deactivate users and devices, move users to different organizations, or create organizations. Their privileges are limited to helping end users.

Recommended roles

Use case 5: Create legal holds

Scenario

You need to assign roles to an individual who will configure legal holds for multiple organizations in the Code42 environment.

You want the individual to be able to perform all the administrative tasks needed for legal holds, such as create matters, create preservation policies, add custodians to legal holds, and perform restores of files under legal hold. But you do not want this individual to be able to perform any administrative actions such as add users, deactivate users and devices, move users to different organizations, or create organizations. Their privileges are limited to legal hold tasks.

Recommended roles

  • Was this article helpful?