Skip to main content

Who is this article for?

Incydr
Code42 for Enterprise
CrashPlan for Enterprise

Incydr, yes.

CrashPlan for Enterprise, yes.

Code42 for Enterprise, yes.

CrashPlan for Small Business, no.

This article applies to Code42 cloud environments.

Other available versions:

On-premises

HOME
GETTING STARTED
RELEASE NOTES
FAQs
APIs
SYSTEM STATUS
Code42 Support

Roles reference

Overview

Your Code42 environment has a pre-existing set of user roles that can be applied to user accounts. These standard user roles provide administrators with the fine-grained set of permissions needed for most use cases. This article describes the available standard roles, as well as the permissions, limitations, and recommended use cases for each role.

To assign roles to users, see Manage user roles. For use cases, see Role assignment use cases.

Roles training 

Code42 University offers virtual instructor-led training for all major roles within Code42. Roles courses are included with the Code42 All Access Education Team Pass. For more information, see Instructor Led Training - Learn By Role.  

View all roles

  1. Sign in to the Code42 console as a user with the Customer Cloud Admin role.
  2. Navigate to Administration > Environment > Users
  3. Click a user row to open the user details page. 
  4. Select Edit from the action menu in the upper-right corner.
  5. Click the Roles tab. 
  6. Select a role from the Available Roles or Current Roles lists.
    The permissions granted by the selected role are displayed in the Role's Permissions table. 

View roles.

Standard roles

Admin Restore

  • Recommended use case
    • Administrators who restore data for users
    • Assign in conjunction with a role that has access to the Code42 console and Code42 app such as PROe User or Desktop User
  • Administrator functions
  • End user functions
    • None
  • Limitations 
    • No access to the Code42 console or Code42 app 
  • Scope of permissions
    • All organizations
  • Permissions
    • restore: Perform a full web restore for all devices user has authority to manage 

Admin Restore Limited

  • Recommended use case
    • Administrators who restore a limited amount of data for users 
    • Assign in conjunction with a role that has access to the Code42 console and Code42 app such as PROe User or Desktop User
  • Administrator functions
  • End user functions
    • None
  • Limitations 
    • Restore limit is configurable from organization settings (250 MB by default)
    • No access to the Code42 console or Code42 app
  • Scope of permissions
    • All organizations
  • Permissions
    • restore.limited: Perform a limited size web restore for all devices user has authority to manage 

Alert Emails

  • Recommended use case
    • Administrators who want to receive warning and critical alerts emails to monitor the frequency and success of backup operations for their users' devices
  • Administrator functions
    • Allows administrators to receive automated reports by email
  • End user functions
    • None
  • Limitations 
    • No "root" level access
  • Scope of permissions
    • All organizations
  • Permissions
    • receives.alert.email: Receive automated backup reports and alerts by email.

Audit Log Viewer

  • Recommended use case
    • Information security personnel who need to review events in the Audit Log
    • Assign in conjunction with a role that has access to the Code42 console such as PROe User or Desktop User 
  • Administrator functions
    • View data in the Audit Log
  • End user functions
    • None
  • Limitations 
    • Cannot perform any functions except view the Audit Log
  • Scope of permissions
    • All organizations
  • Permissions
    • auditlog.read: View Audit Log events.

Cross Org Admin

  • Recommended use case
    • Administrators who manage users and devices in all organizations and who need to restore files for users
  • Administrator functions
    • Add/deactivate users, devices, and organizations
    • Update settings
    • View data in the Reporting web app 
    • Perform push and web restores for other users 
    • Read and write to plans within all organizations
  • End user functions
    • Perform personal backups from the Code42 app and Code42 console
  • Limitations 
    • Limited access to the Code42 console command line interface (CLI)
    • Cannot access system logs
  • Scope of permissions
    • All organizations
  • Permissions
    • account.update: For internal use only.
    • console.login: Log in to the Code42 console.
    • cpd.login: Log in to the Code42 app.
    • cpd.restore: Restore from the Code42 app.
    • cpp.login: Log in to the Code42 console.
    • cps.login: Log in to the client desktop.
    • cpw.login: For internal use only.
    • crossorg-computer: Access, alter, or remove any computer information across the customer's organization.
    • crossorg-org.create: Create new parent organizations across the customer's organization.
    • crossorg-org.delete: Delete any org across the customer's organization.
    • crossorg-org.read: View organization information across the customer's organization.
    • crossorg-org.update_deactivate: Update organization information and deactivate organizations across the customer's organization.
    • crossorg-plan: Create, read, update and delete plans across the customer's organization.
    • crossorg-user: Access, alter, or remove any user information across the customer's organization.
    • fileforensics.settings_write: View and edit file forensics related settings.
    • pushrestore: Perform a push restore from and to any device the user has authority to manage.
    • restore: Perform a full web restore for all devices user has authority to manage.
    • search.configure: Configure search related settings.
    • securitytools.settings_write: Edit settings for Code42 Security Tools.
    • select: Remotely browse file and directory names for all devices user has authority to manage. Used for remotely selecting push-restore destination and backup sources.
    • system.command_restricted: View the CLI and run any command for which the user has permission.
    • viewlogs.device: Access agent logs for any device the user has read permissions to.

Cross Org Admin - No Restore

  • Recommended use case
    • Administrators who manage users and devices in all organizations but should not restore files for users
  • Administrator functions
    • Add/deactivate users, devices, and organizations 
    • View data in the Reporting web app 
    • Read and write to plans within all organizations
  • End user functions
    • Perform personal backups from the Code42 app and Code42 console
  • Limitations 
    • Cannot perform push or web restores
    • Limited access to the Code42 console command line interface (CLI)
    • Cannot access system logs
  • Scope of permissions
    • All organizations
  • Permissions
    • account.update: For internal use only.
    • console.login: Log in to the Code42 console.
    • cpd.login: Log in to the Code42 app.
    • cpd.restore: Restore from the Code42 app.
    • cpp.login: Log in to the Code42 console.
    • cps.login: Log in to the client desktop.
    • cpw.login: For internal use only.
    • crossorg-computer: Access, alter, or remove any computer information across the customer's organization.
    • crossorg-org.create: Create new parent organizations across the customer's organization.
    • crossorg-org.delete: Delete any org across the customer's organization.
    • crossorg-org.read: View organization information across the customer's organization.
    • crossorg-org.update_deactivate: Update organization information and deactivate organizations across the customer's organization.
    • crossorg-plan: Create, read, update and delete plans across the customer's organization.
    • crossorg-user: Access, alter, or remove any user information across the customer's organization.
    • fileforensics.settings_write: View and edit file forensics related settings.
    • pushrestore: Perform a push restore from and to any device the user has authority to manage.
    • search.configure: Configure search related settings.
    • securitytools.settings_write: Edit settings for Code42 Security Tools.
    • select: Remotely browse file and directory names for all devices user has authority to manage. Used for remotely selecting push-restore destination and backup sources.
    • system.command_restricted: View the CLI and run any command for which the user has permission.
    • viewlogs.device: Access to agent logs for any device the user has read permissions to.

Cross Org Help Desk

  • Recommended use case
    • Help desk staff who assist others in all organizations, but not change any settings
  • Administrator functions
    • View (read-only) users and devices 
    • Restore files to the source user's devices using the Code42 console
    • Use the Reporting web app to view data
  • End user functions
    • Perform personal backups from the Code42 app and Code42 console
  • Limitations 
    • Cannot change settings
    • Cannot add/deactivate users, devices, or organizations
  • Scope of permissions
    • All organizations
  • Permissions
    • console.login: Log in to the Code42 console.
    • cpd.login: Log in to the Code42 app.
    • cpd.restore: Restore from the Code42 app.
    • cpp.login: Log in to the Code42 console.
    • cps.login: Log in to the client desktop.
    • cpw.login: For internal use only.
    • crossorg-computer.read: View computer information across the customer's organization.
    • crossorg-org.read: View organization information across the customer's organization.
    • crossorg-plan.read: Read information about plans across the customer's organization.
    • crossorg-user.read: View user information across the customer's organization.
    • pushrestore.limited: Perform a push restore only to the source user's devices. There is no size limit.
    • select: Remotely browse file and directory names for all devices user has authority to manage. Used for remotely selecting push-restore destination and backup sources.

Cross Org Help Desk - No Restore

  • Recommended use case
    • Help desk staff who assist others in all organizations, but who do not change any settings or restore files
  • Administrator functions
  • End user functions
    • Perform personal backups from the Code42 app and Code42 console
  • Limitations 
    • Cannot perform push or web restores
    • Cannot change settings
    • Cannot add/deactivate users, devices, or organizations
  • Scope of permissions
    • All organizations
  • Permissions
    • console.login: Log in to the Code42 console.
    • cpd.login: Log in to the Code42 app.
    • cpd.restore: Restore from the Code42 app.
    • cpp.login: Log in to the Code42 console.
    • cps.login: Log in to the client desktop.
    • cpw.login: For internal use only.
    • crossorg-computer.read: View computer information across the customer's organization.
    • crossorg-org.read: View organization information across the customer's organization.
    • crossorg-plan.read: Read information about plans across the customer's organization.
    • crossorg-user.read: View user information across the customer's organization.

Cross Org Legal Admin

  • Recommended use case
    • Legal personnel who  place custodians on legal hold and administer legal holds for the entire Code42 environment, and who need to restore files for users 
  • Administrator functions
  • End user functions
    • Perform personal backups from the Code42 app
  • Limitations 
    • No "root" level access
    • Cannot change settings
    • Cannot add or deactivate users, devices, or organizations
  • Scope of permissions
    • All organizations
  • Permissions
    • console.login: Log in to the Code42 console.
    • cpd.login: Log in to the Code42 app.
    • cpp.login: Log in to the Code42 console.
    • cps.login: Log in to the client desktop.
    • crossorg-computer.read: View computer information across the customer's organization.
    • crossorg-org.read: View organization information across the customer's organization.
    • crossorg-plan: Create, read, update and delete plans across the customer's organization.
    • crossorg-user.read: View user information across the customer's organization.
    • legalhold: Perform any operation regarding any Legal Hold.
    • pushrestore: Perform a push restore from and to any device the user has authority to manage.
    • restore: Perform a full web restore for all devices user has authority to manage.
    • select: Remotely browse file and directory names for all devices user has authority to manage. Used for remotely selecting push-restore destination and backup sources.

Cross Org Manager

  • Recommended use case
    • Executive users who need statistics, but not technical details, about all organizations 
  • Administrator functions
    • View (read-only) users and devices 
    • Restore files to the source user's devices using the Code42 console
    • View data in the Reporting web app 
  • End user functions
    • Perform personal backups from the Code42 app and Code42 console
  • Limitations 
    • Cannot change settings
    • Cannot add/deactivate users, devices, or organizations
  • Scope of permissions
    • All organizations
  • Permissions
    • console.login: Log in to the Code42 console.
    • cpd.login: Log in to the Code42 app.
    • cpd.restore: Restore from the Code42 app.
    • cpp.login: Log in to the Code42 console.
    • cps.login: Log in to the client desktop.
    • cpw.login: For internal use only.
    • crossorg-computer.read: View computer information across the customer's organization.
    • crossorg-org.read: View organization information across the customer's organization.
    • crossorg-plan.read: Read information about plans across the customer's organization.
    • crossorg-user.read: View user information across the customer's organization.
    • pushrestore.personal: Perform a personal push restore.
    • restore.limited: Perform a limited size web restore for all devices user has authority to manage.
    • restore.personal: Perform a personal web restore.
    • select.personal: Remotely browse file and directory names for personal devices. Used for remotely selecting push-restore destination and backup sources.

Cross Org Security Viewer

  • Recommended use case
    • Information security personnel who need to retrieve information from devices that use endpoint monitoring in all organizations
    • Only applies to customers with the retired Code42 Gold product plan
    • Requires the Security Center User role
  • Administrator functions
  • End user functions
    • None
    Limitations 
    • Cannot view security data in features offered by other product plans than the Code42 Gold product plan (for example, Forensic Search, Alerts, Risk Exposure dashboard, and so on)
    • Cannot change settings in organizations
    • Cannot add/deactivate users, devices, or organizations
  • Scope of permissions
    • All organizations
  • Permissions
    • console.login: Log in to the Code42 console.
    • cpp.login: Log in to the Code42 console.
    • cpw.login: For internal use only.
    • crossorg-computer.read: View computer information across the customer's organization.
    • crossorg-org.read: View organization information across the customer's organization.
    • crossorg-plan.read: Read information about plans across the customer's organization.
    • crossorg-user.read: View user information across the customer's organization.
    • securitytools.data_read: View data collected by Code42 Security Tools.

Cross Org User Modify

  • Recommended use case
    • Help desk staff who manage users, but not devices or organization settings
    • Assign in conjunction with a role that has access to the Code42 console such as Cross Org Help Desk
  • Administrator functions
    • View users
    • Update user information
  • End user functions
    • None
  • Limitations 
    • Cannot add or deactivate users 
    • Cannot update organization settings
  • Scope of permissions
    • All organizations
  • Permissions
    • crossorg-user.read: View user information across the customer's organization 
    • crossorg-user.update: Update user information across the customer's organization

Customer Cloud Admin

  • Recommended use case
    • Administrators who need administrative privileges for the Code42 environment
  • Administrator functions
    • Add/deactivate users, devices, and organizations 
    • Update settings for users, devices, and organizations
    • View data in the Reporting web app  for the user's Code42 environment
    • View the Subscriptions screen for the user's organization or organizations.  
    • Read and write to plans within the user's Code42 environment
  • End user functions
    • Perform personal backups from the Code42 app and Code42 console
    Limitations 
    • Limited access to the Code42 console command line interface (CLI)
    • Cannot access system logs
  • Scope of permissions
    • All organizations
  • Permissions
    • accesslock: Perform all accessLock related functions.
    • account.update: For internal use only.
    • alerting.alerts.read: View alerts generated.
    • alerting.alerts.write: Manage generated alerts, including ability to edit notes and status.
    • alerting.rules.read: View rules configured for alerts.
    • alerting.rules.write: Create and modify alert rules.
    • auditlog.read: View Audit Log events.
    • cases.content.read: View all case information, including events and findings.
    • cases.content.write: Edit all aspects of a case, including add/remove file events, assign subjects, statuses, and add/edit findings.
    • console.login: Log in to the Code42 console.
    • cpd.login: Log in to the Code42 app.
    • cpd.restore: Restore from the Code42 app.
    • cpp.login: Log in to the Code42 console.
    • cps.login: Log in to the client desktop.
    • cpw.login: For internal use only.
    • crossorg-computer: Access, alter, or remove any computer information across the customer's organization.
    • crossorg-org.create: Create new parent organizations across the customer's organization.
    • crossorg-org.delete: Delete any org across the customer's organization.
    • crossorg-org.read: View organization information across the customer's organization.
    • crossorg-org.update_deactivate: Update organization information and deactivate organizations across the customer's organization.
    • crossorg-org.update_restricted: Update restricted organization information across the customer's organization.
    • crossorg-plan: Create, read, update and delete plans across the customer's organization.
    • crossorg-user: Access, alter, or remove any user information across the customer's organization.
    • customer_admin: Configure settings for your entire environment, such as subscription information and single sign-on (SSO).
    • dataconnections.settings.read: Add, edit, and remove settings configured for Data Connections.
    • dataconnections.settings.write: View all settings configured for Data Connections.
    • datapreferences.settings.read: View all settings configured for Data Preferences.
    • datapreferences.settings.write: Add, edit, and remove settings configured for Data Preferences.
    • detectionlists.departingemployee.read: View users on the departing employee list, including notes, departure date, attributes, and event counts.
    • detectionlists.departingemployee.write: Add and remove users from the departing employee list, including details for departure date.
    • detectionlists.departingemployeealerts.read: View departing employee alert settings.
    • detectionlists.departingemployeealerts.write: Modify departing employee alert settings.
    • detectionlists.highriskemployee.read: View users on the high risk employee list, including notes, attributes, and risk factors.
    • detectionlists.highriskemployee.write: Add and remove users from high risk employee list.
    • detectionlists.highriskemployeealerts.read: View high risk employee alert settings.
    • detectionlists.highriskemployeealerts.write: Modify high risk employee alert settings.
    • detectionlists.userprofile.read: Ability to search for user profiles and get basic user information such as their name, department, and cloud aliases.
    • detectionlists.userprofile.write: Ability to add and remove cloud alias names from a user profile.
    • detectionlists.userprofilenotes.read: Ability to view user notes.
    • detectionlists.userprofilenotes.write: Ability to update user notes.
    • email.update: Change customer-specific email settings and content.
    • fileforensics.settings_write: View and edit file forensics related settings.
    • legalhold: Perform any operation regarding any Legal Hold.
    • notify-new-location: View and update whether the user is notified on login from a new location.
    • pushrestore: Perform a push restore from and to any device the user has authority to manage.
    • restore: Perform a full web restore for all devices user has authority to manage.
    • search.configure: Configure search related settings.
    • search.fileevents.read: View, search, and export event-level metadata about file and data movement. Includes access to Forensic Search and related APIs.
    • search.saved.read: View saved searches that have been created in Forensic Search.
    • search.saved.write: Create, modify, and delete saved searches in Forensic Search.
    • securitytools.data_read: View data collected by Code42 Security Tools.
    • securitytools.settings_write: Edit settings for Code42 Security Tools.
    • select: Remotely browse file and directory names for all devices user has authority to manage. Used for remotely selecting push-restore destination and backup sources.
    • system.command_restricted: View the CLI and run any command for which the user has permission.
    • twofactorauth.configure: View and edit two-factor auth settings for local users.
    • viewlogs.device: Access agent logs for any device the user has read permissions to.
    • visualizations.endpointhealth.read: View device health information for collection of file events.
    • visualizations.risksummaries.read: View the risk exposure visualizations.

Departing Employee Manager

  • Recommended use case
  • Administrator functions
    • View users in the current organization and child organizations
    • Add or remove users in the Departing Employees list that reside in the current organization and child organizations
    • View and modify user alert settings in the Departing Employees list 
  • End user functions
    • None
    Limitations 
    • Cannot perform any administrator actions beyond adding and removing users in the Departing Employees list
  • Scope of permissions
    • Assigned user
  • Permissions
    • cpp.login: Log in to the Code42 console.
    • crossorg-org.read: View organization information across the customer's organization.
    • crossorg-user.read: View user information across the customer's organization.
    • detectionlists.departingemployee.read: View users on the departing employee list, including notes, departure date, attributes, and event counts.
    • detectionlists.departingemployee.write: Add and remove users from the departing employee list, including details for departure date.
    • detectionlists.departingemployeealerts.read: View departing employee alert settings.
    • detectionlists.departingemployeealerts.write: Modify departing employee alert settings.
    • detectionlists.userprofile.read: Ability to search for user profiles and get basic user information such as their name, department, and cloud aliases.
    • detectionlists.userprofile.write: Ability to add and remove cloud alias names from a user profile.
    • detectionlists.userprofilenotes.read: Ability to view user notes.
    • detectionlists.userprofilenotes.write: Ability to update user notes.

Desktop User

  • Recommended use case
    • End users in your organization
  • Administrator functions
    • N/A
  • End user functions
    • Perform personal backups from the Code42 app 
    • Perform web restores
    Limitations 
    • Cannot interact with other users' data or change settings in your Code42 environment
  • Scope of permissions
    • Assigned user
  • Permissions
    • cpd.login: Log in to the Code42 app.
    • cpd.restore: Restore from the Code42 app.
    • cps.login: Log in to the client desktop.
    • plan.create: Create plans within a user's organization hierarchy.
    • restore.personal: Perform a personal web restore.
    • select.personal: Remotely browse file and directory names for personal devices. Used for remotely selecting push-restore destination and backup sources.

Desktop User - No Web Restore

  • Recommended use case
    • End users in your organization who do not need to perform web restores
  • Administrator functions
    • N/A 
  • End user functions
    • Perform personal backups from the Code42 app
    Limitations 
    • Cannot interact with other users' data or change settings
    • Cannot perform web restores
  • Scope of permissions
    • Assigned user
  • Permissions
    • cpd.login: Log in to the Code42 app.
    • cpd.restore: Restore from the Code42 app.
    • cps.login: Log in to the client desktop.
    • select.personal: Remotely browse file and directory names for personal devices. Used for remotely selecting push-restore destination and backup sources.

High Risk Employee Manager

  • Recommended use case
  • Administrator functions
    • View users in the current organization and child organizations
    • Add or remove users in the High Risk Employees list that reside in the current organization and child organizations
    • View and modify user alert settings in the High Risk Employees list 
  • End user functions
    • None
    Limitations 
    • Cannot perform any administrator actions beyond adding and removing users in the High Risk Employees list
  • Scope of permissions
    • Assigned user
  • Permissions
    • cpp.login: Log in to the Code42 console.
    • crossorg-org.read: View organization information across the customer's organization.
    • crossorg-user.read: View user information across the customer's organization.
    • detectionlists.highriskemployee.read: View users on the high risk employee list, including notes, attributes, and risk factors.
    • detectionlists.highriskemployee.write: Add and remove users from high risk employee list.
    • detectionlists.highriskemployeealerts.read: View high risk employee alert settings.
    • detectionlists.highriskemployeealerts.write: Modify high risk employee alert settings.
    • detectionlists.userprofile.read: Ability to search for user profiles and get basic user information such as their name, department, and cloud aliases.
    • detectionlists.userprofile.write: Ability to add and remove cloud alias names from a user profile.
    • detectionlists.userprofilenotes.read: Ability to view user notes.
    • detectionlists.userprofilenotes.write: Ability to update user notes.

Manifest Viewer

  • Recommended use case
    • Permission for APIs to access archive metadata in order to generate reports on files and their versions
  • Administrator functions
    • N/A
  • End user functions
    • N/A
  • Limitations 
    • Does not directly grant access to view or manage users and organizations
  • Scope of permissions
    • Used solely by APIs
    • Allows access to archives for all organizations
  • Permissions
    • preservation.metadata.read: View the preservation manifest for any archive in the organization

Multi-Factor Auth Admin

  • Recommended use case
    • Administrators who manage user authentication within a specific organization
    • Assign in conjunction with an administrative role such as Org Admin
  • Administrator functions
  • End user functions
    • N/A
  • Limitations 
    • Does not directly grant access to view or manage users and organizations
  • Scope of permissions
    • The user's organization and its child organizations
  • Permissions
    • twofactorauth.configure: View and edit two-factor auth settings for local users

Org Admin

  • Recommended use case
    • Administrators who only manage users and devices within a specific organization
  • Administrator functions
    • Add/deactivate users, devices, and organizations
    • Update settings for users, devices, and organizations 
    • View data in the  Reporting web app
    • Perform web restores  
    • Read and write to plans
  • End user functions
    • Perform personal backups from the Code42 app and Code42 console
    Limitations 
    • Limited access to the Code42 console command line interface (CLI)
    • Cannot access system logs
  • Scope of permissions
    • The user's organization and its child organizations
  • Permissions
    • account.update: For internal use only.
    • computer: Access, alter, or remove any computer information.
    • console.login: Log in to the Code42 console.
    • cpd.login: Log in to the Code42 app.
    • cpd.restore: Restore from the Code42 app.
    • cpp.login: Log in to the Code42 console.
    • cps.login: Log in to the client desktop.
    • cpw.login: For internal use only.
    • fileforensics.settings_write: View and edit file forensics related settings.
    • org.create: Create child organizations within user's organization.
    • org.delete: Delete information within user's organization.
    • org.read: View org information within user's organization.
    • org.update_deactivate: Update information within a user's organization and deactivate organizations.
    • plan: Create, read, update and delete plans within a user's organization hierarchy.
    • pushrestore: Perform a push restore from and to any device the user has authority to manage.
    • restore: Perform a full web restore for all devices user has authority to manage.
    • search.configure: Configure search related settings.
    • securitytools.settings_write: Edit settings for Code42 Security Tools.
    • select: Remotely browse file and directory names for all devices user has authority to manage. Used for remotely selecting push-restore destination and backup sources.
    • system.command_restricted: View the CLI and run any command for which the user has permission.
    • user: Access, alter or remove any user information.
    • viewlogs.device: Access agent logs for any device the user has read permissions to.

Org Admin - No Web Restore

  • Recommended use case
    • Administrators who only manage users and devices within a specific organization and who should not perform web restores
  • Administrator functions
    • Add/deactivate users, computers, and organizations 
    • Update settings for users, devices, and organizations
    • View data in the Reporting web app  
    • Read and write to plans
  • End user functions
    • Perform personal backups from the Code42 app and Code42 console
    Limitations 
    • The user's organization and its child organizations
  • Scope of permissions
    • Cannot add/deactivate users or computers outside their organization
    • Limited access to the Code42 console command line interface (CLI)
    • Cannot access system logs
    • Cannot perform web restores
  • Permissions
    • account.update: For internal use only.
    • computer: Access, alter, or remove any computer information.
    • console.login: Log in to the Code42 console.
    • cpd.login: Log in to the Code42 app.
    • cpd.restore: Restore from the Code42 app.
    • cpp.login: Log in to the Code42 console.
    • cps.login: Log in to the client desktop.
    • cpw.login: For internal use only.
    • fileforensics.settings_write: View and edit file forensics related settings.
    • org.create: Create child organizations within user's organization.
    • org.delete: Delete information within user's organization.
    • org.read: View org information within user's organization.
    • org.update_deactivate: Update information within a user's organization and deactivate organizations.
    • plan: Create, read, update and delete plans within a user's organization hierarchy.
    • pushrestore: Perform a push restore from and to any device the user has authority to manage.
    • search.configure: Configure search related settings.
    • securitytools.settings_write: Edit settings for Code42 Security Tools.
    • select: Remotely browse file and directory names for all devices user has authority to manage. Used for remotely selecting push-restore destination and backup sources.
    • system.command_restricted: View the CLI and run any command for which the user has permission.
    • user: Access, alter or remove any user information.
    • viewlogs.device:  Access agent logs for any device the user has read permissions to.

Org Help Desk

  • Recommended use case
    • Help desk staff who assist others within their organization, but not change any settings
  • Administrator functions
    • View (read-only) users and devices 
    • Restore files to the source user's devices using the Code42 console
    • View data in the Reporting web app 
  • End user functions
    • Perform personal backups from the Code42 app and Code42 console
    Limitations 
    • Cannot change settings
    • Cannot add/deactivate users, devices, or organizations
  • Scope of permissions
    • The user's organization and its child organizations
  • Permissions
    • computer.read: View computer information.
    • console.login: Log in to the Code42 console.
    • cpd.login: Log in to the Code42 app.
    • cpd.restore: Restore from the Code42 app.
    • cpp.login: Log in to the Code42 console.
    • cps.login: Log in to the client desktop.
    • cpw.login: For internal use only.
    • org.read: View org information within user's organization.
    • plan.read: Read information about plans within a user's organization hierarchy.
    • pushrestore.limited: Perform a push restore only to the source user's devices. There is no size limit.
    • select: Remotely browse file and directory names for all devices user has authority to manage. Used for remotely selecting push-restore destination and backup sources.
    • user.read: View user information.

Org Help Desk - No Restore

  • Recommended use case
    • Help desk staff who assist others within their organization, but who do not change any settings or restore files
  • Administrator functions End user functions
    • Perform personal backups from the Code42 app and Code42 console
    Limitations 
    • Cannot perform push or web restores
    • Cannot change settings
    • Cannot add/deactivate users, devices, or organizations 
  • Scope of permissions
    • The user's organization and its child organizations
  • Permissions
    • computer.read: View computer information.
    • console.login: Log in to the Code42 console.
    • cpd.login: Log in to the Code42 app.
    • cpd.restore: Restore from the Code42 app.
    • cpp.login: Log in to the Code42 console.
    • cps.login: Log in to the client desktop.
    • cpw.login: For internal use only.
    • org.read: View org information within user's organization.
    • plan.read: read information about plans within a user's organization hierarchy.
    • user.read: View user information.

Org Legal Admin

  • Recommended use case
    • Legal personnel who need to place custodians on legal hold and administer legal holds for the entire Code42 environment, but who only need to restore files from users within their organization
  • Administrator functions
  • End user functions
    • Perform personal backups from the Code42 app
    Limitations 
    • No "root" level access
    • Cannot change settings
    • Cannot add/deactivate users, devices, or organizations
  • Scope of permissions
    • The user's organization and its child organizations
  • Permissions
    • computer.read: View computer information.
    • console.login: Log in to the Code42 console.
    • cpd.login: Log in to the Code42 app.
    • cpp.login: Log in to the Code42 console.
    • cps.login: Log in to the client desktop.
    • legalhold: Perform any operation regarding any Legal Hold.
    • org.read: View org information within user's organization.
    • plan: Create, read, update and delete plans within a user's organization hierarchy.
    • pushrestore: Perform a push restore from and to any device the user has authority to manage.
    • restore: Perform a full web restore for all devices user has authority to manage.
    • select: Remotely browse file and directory names for all devices user has authority to manage. Used for remotely selecting push-restore destination and backup sources.
    • user.read: View user information.

Org Manager

  • Recommended use case
    • Executive users who need statistics, but not technical details, about their organization (not the entire Code42 environment)
  • Administrator functions
    • View (read-only) users and devices 
    • Restore files to the source user's devices using the Code42 console
    • View data in the Reporting web app 
  • End user functions
    • Perform personal backups from the Code42 app and Code42 console
    Limitations 
    • Cannot change settings
    • Cannot add/deactivate users, devices, or organizations
  • Scope of permissions
    • The user's organization and its child organizations
  • Permissions
    • computer.read: View computer information.
    • console.login: Log in to the Code42 console.
    • cpd.login: Log in to the Code42 app.
    • cpd.restore: Restore from the Code42 app.
    • cpp.login: Log in to the Code42 console.
    • cps.login: Log in to the client desktop.
    • cpw.login: For internal use only.
    • org.read: View org information within user's organization.
    • plan.read: Read information about plans within a user's organization hierarchy.
    • pushrestore.personal: Perform a personal push restore.
    • restore.limited: Perform a limited size web restore for all devices user has authority to manage.
    • restore.personal: Perform a personal web restore.
    • select.personal: Remotely browse file and directory names for personal devices. Used for remotely selecting push-restore destination and backup sources.
    • user.read: View user information.
    • viewlogs.device:  Access agent logs for any device the user has read permissions to.

Org Security Viewer

  • Recommended use case
    • Information security personnel who need to retrieve information from devices that use endpoint monitoring within their organization
    • Only applies to customers with the retired Code42 Gold product plan
    • Requires the Security Center User role
  • Administrator functions
  • End user functions
    • None
    Limitations 
    • Cannot view security data in features offered by other product plans than the Code42 Gold product plan (for example, Forensic Search, Alerts, Risk Exposure dashboard, and so on)
    • Does not restrict access by organization for security data features in non-Code42 Gold product plans
    • Cannot change settings in the organization
    • Cannot add/deactivate users, devices, or organizations
  • Scope of permissions
    • The user's organization and its child organizations
  • Permissions
    • computer.read: View computer information.
    • console.login: Log in to the Code42 console.
    • cpp.login: Log in to the Code42 console.
    • cpw.login: For internal use only.
    • org.read: View org information within user's organization.
    • plan.read: Read information about plans within a user's organization hierarchy.
    • securitytools.data_read: View data collected by Code42 Security Tools.
    • user.read: View user information.

PROe User

  • Recommended use case
    • End users in your organization
  • Administrator functions
    • Sign in to the Code42 console
  • End user functions
    • None
    Limitations 
    • Cannot access other information or functions of Code42 for Enterprise
  • Scope of permissions
    • Assigned user
  • Permissions
    • console.login: Log in to the Code42 console.
    • cpd.restore: Restore from the Code42 app.
    • cpp.login: Log in to the Code42 console.

PRO-Online Admin - No Web Restore

For CrashPlan for Small Business only. Do not use.

Push Restore

  • Recommended use case
    • Help desk staff who assist others with restoring data
    • Assign in conjunction with a role that has access to the Code42 console such as Org Help Desk
  • Administrator functions
    • Restore files from the Code42 console
    • View files within backup archives
  • End user functions
    • None
    Limitations 
    • Cannot add/deactivate users, organizations, or devices
  • Scope of permissions
    • All organizations
  • Permissions
    • pushrestore: Perform a push restore from and to any device the user has authority to manage.
    • select: Remotely browse file and directory names for all devices user has authority to manage. Used for remotely selecting push-restore destination and backup sources. 

Remote File Selection

  • Recommended use case
    • Help desk staff who monitor backups
    • Assign in conjunction with a role that has access to the Code42 console such as Org Help Desk - No Restore.
  • Administrator functions
    • View files within backup archives
  • End user functions
    • None
    Limitations 
    • Cannot add/deactivate users, organizations, or devices
  • Scope of permissions
    • All organizations
  • Permissions
    • select: Remotely browse file and directory names for all devices user has authority to manage. Used for remotely selecting push-restore destination and backup sources. 

Security Center User

  • Recommended use case
    • Information security personnel who review information about devices that use endpoint monitoring
  • Administrator functions End user functions
    • None
    Limitations 
    • Cannot change settings
    • Cannot add/deactivate users, devices, or organizations
    • Cannot restore files from Forensic Search (requires the Security Center - Restore role)
  • Scope of permissions
    • All organizations
  • Permissions
    • alerting.alerts.read: View alerts generated.
    • alerting.alerts.write: Manage generated alerts, including ability to edit notes and status.
    • alerting.rules.read: View rules configured for alerts.
    • alerting.rules.write: Create and modify alert rules.
    • cases.content.read: View all case information, including events and findings.
    • cases.content.write: Edit all aspects of a case, including add/remove file events, assign subjects, statuses, and add/edit findings.
    • crossorg-org.read: View organization information across the organization.
    • crossorg-user.read: View user information across the organization.
    • datapreferences.settings.read: View all settings configured for Data Preferences.
    • datapreferences.settings.write: Add, edit, and remove settings configured for Data Preferences.
    • detectionlists.departingemployee.read: View users on the departing employee list, including notes, departure date, attributes, and event counts.
    • detectionlists.departingemployee.write: Add and remove users from the departing employee list, including details for departure date.
    • detectionlists.departingemployeealerts.read: View departing employee alert settings.
    • detectionlists.departingemployeealerts.write: Modify departing employee alert settings.
    • detectionlists.highriskemployee.read: View users on the high risk employee list, including notes, attributes, and risk factors.
    • detectionlists.highriskemployee.write: Add and remove users from high risk employee list.
    • detectionlists.highriskemployeealerts.read: View high risk employee alert settings.
    • detectionlists.highriskemployeealerts.write: Modify high risk employee alert settings.
    • detectionlists.userprofile.read: Ability to search for user profiles and get basic user information such as their name, department, and cloud aliases.
    • detectionlists.userprofile.write: Ability to add and remove cloud alias names from a user profile.
    • detectionlists.userprofilenotes.read: Ability to view user notes.
    • detectionlists.userprofilenotes.write: Ability to update user notes.
    • fileforensics.settings_write: View and edit file forensics related settings.
    • search.fileevents.read: View, search, and export event-level metadata about file and data movement. Includes access to Forensic Search and related APIs.
    • search.saved.read: View saved searches that have been created in Forensic Search.
    • search.saved.write: Create, modify, and delete saved searches in Forensic Search.
    • securitytools.data_read: View data collected by Code42 Security Tools.
    • securitytools.settings_write: Edit settings for Code42 Security Tools.
    • visualizations.endpointhealth.read: View device health information for collection of file events.
    • visualizations.risksummaries.read: View the risk exposure visualizations.

Security Center - Restore

  • Recommended use case
    • Information security personnel who need to restore files from Forensic Search
    • Assign in conjunction with an administrative role such as Security Center User 
  • Administrator functions
    • Restore files from Forensic Search
    End user functions
    • None
    Limitations 
    • Does not directly grant access to view or manage other users
  • Scope of permissions
    • The user's organization and its child organizations
  • Permissions
    • fileforensics.restore: Restore files from Forensic Search

User Modify

  • Recommended use case
    • Help desk staff who manage users, but not devices or organization settings
    • Assign in conjunction with a role that has access to the Code42 console such as Org Help Desk
  • Administrator functions
    • View users
    • Update user information
  • End user functions
    • None
  • Limitations Scope of permissions
    • Cannot add or deactivate users 
    • Cannot update organization settings
    • The user's organization and its child organizations
  • Permissions
    • user.read: View user information.
    • user.update: Update user information.
  • Was this article helpful?