Skip to main content

Who is this article for?
Find your product plan in the Code42 console on the Account menu.

Incydr Professional, Enterprise, and Gov F2
Incydr Basic, Advanced, and Gov F1
Other product plans

Incydr Professional and Enterprise, yes.

Incydr Basic and Advanced, yes.

CrashPlan Cloud, yes.

Other product plans, yes.

CrashPlan for Small Business, no.

This article applies to Code42 cloud environments.

Other available versions:

On-premises

HOME
GETTING STARTED
RELEASE NOTES
FAQs
APIs
SYSTEM STATUS
Code42 Support

Roles reference

Overview

Your Code42 environment has a pre-existing set of user roles that can be applied to user accounts. These standard user roles provide administrators with the fine-grained set of permissions needed for most use cases. This article describes the available standard roles, as well as the limitations for each.

To assign roles to users, see Manage user roles. For use cases, see Role assignment use cases.

Roles training 

Code42 University offers virtual instructor-led training for all major roles within Code42. Roles courses are included with the Code42 All Access Education Team Pass. For more information, see Instructor Led Training - Learn By Role.  

View roles

Incydr Professional and Enterprise

  1. Sign in to the Code42 console.
  2. Go to Administration > Environment > Users.
  3. Click a user row to open the user details screen.
  4. Click Roles.
    The roles assigned to the user appear below.
  5. To add or remove roles on the user, click Edit Edit icon.
  6. From Edit roles, select the roles to assign to that user.
  7. Click Save to save your changes.

Incydr Basic and Advanced, CrashPlan Cloud, and other plans

  1. Sign in to the Code42 console as a user with the Customer Cloud Admin role.
  2. Navigate to Administration > Environment > Users
  3. Click a user row to open the user details page. 
  4. Select Edit from the action menu in the upper-right corner.
  5. Click the Roles tab. 
  6. Select a role from the Available Roles or Current Roles lists.
    The permissions granted by the selected role are displayed in the Role's Permissions table. 

View roles.

Available roles

Most of the standard roles are available in Incydr Basic and Advanced, CrashPlan Cloud, and other plans.

Standard roles

Admin Restore

Incydr Basic and Advanced, CrashPlan Cloud, and other plans only

Assign this role to administrators who restore data for users using the Code42 console. Assign this role in conjunction with a role that has access to the Code42 console, such as PROe User or Desktop User.

  • Limitations 
    • No access to the Code42 console or Code42 app.
  • Scope of permissions
    • All organizations.

Admin Restore Limited

Incydr Basic and Advanced, CrashPlan Cloud, and other plans only

Assign this role to administrators who restore a limited amount of data for users using the Code42 console. The amount that this role is limited to restore is defined by Web restore limit in organization settings. Assign this role in conjunction with a role that has access to the Code42 console, such as PROe User or Desktop User.

  • Limitations 
    • No access to the Code42 console or Code42 app.
  • Scope of permissions
    • All organizations.

Agent User

Incydr Professional and Enterprise only

This role is the default role for users in Incydr Professional and Enterprise. People with this role cannot sign in to the Code42 console. This role is assigned at initial user registration.

  • Limitations 
    • Cannot sign in to the Code42 console.
  • Scope of permissions
    • Assigned user.

Alert Emails

Incydr Basic and Advanced, CrashPlan Cloud, and other plans only

Assign this role to administrators who want to receive warning and critical alerts emails to monitor the frequency and success of backup operations for their users' devices.

    Limitations 
    • No "root" level access.
  • Scope of permissions
    • All organizations.

Alert Rule Builder

Assign this role to administrators who need to create and modify alert rules.

  • Limitations 
    • Cannot sign in to the Code42 console.
  • Scope of permissions
    • All organizations.

Audit Log Viewer

Assign this role to information security personnel who need to review events in the Audit Log

Incydr Basic and Advanced, CrashPlan Cloud, and other plans only: Assign this role in conjunction with a role that has access to the Code42 console, such as PROe User or Desktop User.

  • Limitations 
    • Cannot perform any functions except view the Audit Log.
  • Scope of permissions
    • All organizations.

Cross Org Admin

Assign this role to administrators who manage users and devices in all organizations, and who need to restore files for users. 

    Limitations 
    • Has only limited access to the Code42 console command line interface (CLI).
    • Cannot access system logs.
  • Scope of permissions
    • All organizations.

Cross Org Admin - No Restore

Incydr Basic and Advanced, CrashPlan Cloud, and other plans only

Assign this role to administrators who manage users and devices in all organizations, but who should not restore files for users. 

    Limitations 
    • Cannot perform push or web restores.
    • Limited access to the Code42 console command line interface (CLI).
    • Cannot access system logs.
  • Scope of permissions
    • All organizations.

Cross Org Computer Modify

Incydr Basic and Advanced, CrashPlan Cloud, and other plans only

Assign this role to individuals who modify device settings in all organizations. Assign in conjunction with Cross Org Help Desk to allow help desk personnel to add and deactivate user devices.

    Limitations 
    • Cannot add/deactivate users or organizations.
  • Scope of permissions
    • All organizations.

Cross Org Help Desk

Incydr Basic and Advanced, CrashPlan Cloud, and other plans only

Assign this role to help desk personnel who assist others in all organizations, but who cannot change any settings. The people with this role can view users and devices, restore files to the source user's devices using the Code42 console, and use reports to view data. To allow people with this role to add and deactivate user devices, assign this role in conjunction with the Cross Org Computer Modify role. 

    Limitations 
    • Cannot change settings.
    • Cannot add/deactivate users, devices, or organizations.
  • Scope of permissions
    • All organizations.

Cross Org Help Desk - No Restore

Incydr Basic and Advanced, CrashPlan Cloud, and other plans only

Assign this role to help desk personnel who assist others in all organizations, but who do not change any settings or restore files for others. People with this role can view users and devices and use reports to view data.

    Limitations 
    • Cannot perform push or web restores.
    • Cannot change settings.
    • Cannot add/deactivate users, devices, or organizations.
  • Scope of permissions
    • All organizations.

Cross Org Legal Admin

Incydr Basic and Advanced, CrashPlan Cloud, and other plans only

Assign this role to legal personnel who place custodians on legal hold and administer legal holds for all organizations. People with this role can restore files for legal hold collection purposes (push restore), view data in reports, and create, modify, and deactivate legal holds.

    Limitations 
    • No "root" level access.
    • Cannot change settings.
    • Cannot add or deactivate users, devices, or organizations.
  • Scope of permissions
    • All organizations.

Cross Org Manager

Assign this role to executive users who need statistics, but not technical details, about all organizations. People with this role can view users and devices, restore files to the source user's devices using the Code42 console, and view data in reports.

  • Limitations 
    • Cannot change settings.
    • Cannot add/deactivate users, devices, or organizations.
  • Scope of permissions
    • All organizations.

Cross Org Security Viewer

Incydr Basic and Advanced, CrashPlan Cloud, and other plans only

Assign this role to information security personnel who need to retrieve information from devices that use endpoint monitoring in all organizations. People with this role can use the Activity Profile to view user activity detected by endpoint monitoring, and view data in reports. This role only applies to customers with the retired Code42 Gold product plan. It must be assigned in conjunction with the Security Center User role. 

If this role is assigned to analysts who use Incydr, assign them the Insider Risk Read Only role instead. This role are designed specifically for users of Incydr and only contains permissions for use with Incydr product plans. For directions on assigning roles to Incydr users, see Roles for Incydr

  • Limitations 
    • Cannot view security data in features offered by other product plans than the Code42 Gold product plan (for example, Forensic Search, Alerts, Risk Exposure dashboard, and so on).
    • Cannot change settings in organizations.
    • Cannot add/deactivate users, devices, or organizations.
  • Scope of permissions
    • All organizations.

Cross Org User Modify

Incydr Basic and Advanced, CrashPlan Cloud, and other plans only

Assign this role to help desk personnel who modify user settings on all organizations, but not device or organization settings. This role must be assigned in conjunction with a role that has access to the Code42 console, such as Cross Org Help Desk.

  • Limitations 
    • Cannot add or deactivate users.
    • Cannot update organization settings.
  • Scope of permissions
    • All organizations.

Customer Cloud Admin

Assign this role to "super user" administrators who should have all possible permissions. People with this role have permissions to perform the tasks of any role.

Use with caution
Always assign roles so that users have the lowest level of privilege needed to perform their jobs. Do not assign the Customer Cloud Admin role if another role will provide the desired permissions. 
  • Limitations 
    • Limited access to the Code42 console command line interface (CLI).
    • Cannot access system logs.
  • Scope of permissions
    • All organizations.

Departing Employee Manager

Assign this role to people who add or remove users in the Departing Employees list. This role is intended to augment the Insider Risk Analyst role, or to be used as a standalone role for application integrations that add or remove users in the Departing Employees list.

    Limitations 
    • Cannot perform any administrator actions beyond adding and removing users in the Departing Employees list.
  • Scope of permissions
    • Assigned user.

Desktop User

Incydr Basic and Advanced, CrashPlan Cloud, and other plans only

This role is the default role for Code42 app users. People with this role can sign in to the Code42 app, select files for backup in the Code42 app, and restore files from the Code42 app.

  • Limitations 
    • Cannot interact with other users' data or change settings in the Code42 environment.
  • Scope of permissions
    • Assigned user.

Desktop User - No Web Restore

Incydr Basic and Advanced, CrashPlan Cloud, and other plans only

Assign this role to users of the Code42 app who do not need to perform restores using the Code42 console. People with this role can still restore files from the Code42 app and select files for backup in the Code42 app.

  • Limitations 
    • Cannot interact with other users' data or change settings.
    • Cannot perform web restores.
  • Scope of permissions
    • Assigned user.

High Risk Employee Manager

Assign this role to people who add or remove users in the High Risk Employees list. This role is intended to augment the Insider Risk Analyst role, or to be used as a standalone role for application integrations that add or remove users in the High Risk Employees list.

  • Limitations 
    • Cannot perform any administrator actions beyond adding and removing users in the High Risk Employees list.
  • Scope of permissions
    • Assigned user.

Insider Risk Admin

Assign this role to administrators who need read and write access to all Incydr functionality. The person with this role typically is the administrator responsible for managing the team of insider risk analysts, and assigns the Insider Risk Analyst and Insider Risk Read Only roles.

For Incydr users currently assigned the Security Center User role, assign them either this role or the Insider Risk Analyst role instead, depending on their responsibilities. These roles are designed specifically for users of Incydr and only contain permissions for use with Incydr product plans. For directions on assigning roles to Incydr users, see Roles for Incydr.

  • Limitations 
    • Cannot restore files from Forensic Search (requires the Security Center - Restore role).
    • Cannot view the Audit Log (requires the Audit Log Viewer role).
    • Cannot add/deactivate users, devices, or organizations.
  • Scope of permissions
    • All organizations.

Insider Risk Analyst

Assign this role to analysts responsible for using Incydr to investigate and respond to insider risks. The people assigned this role perform investigations with Forensic Search, create cases, create alert rules, and view alert notifications. For directions on assigning roles to Incydr users, see Roles for Incydr.

  • Limitations 
    • Cannot access the High Risk Employees list or Departing Employees list.
    • Cannot restore files from Forensic Search (requires the Security Center - Restore role).
    • Cannot view the Audit Log (requires the Audit Log Viewer role).
    • Cannot add/deactivate users, devices, or organizations.
  • Scope of permissions
    • All organizations.

Insider Risk Read Only

Assign this role to people who need to keep informed about insider risk investigations in Incydr, but who should not create alert rules, cases, or saved searches. For example, assign it to a junior analyst to allow them to perform light investigations, or assign it to the CISO or Chief Privacy Officer to allow them read-only access. People assigned this role can view information in Incydr, including the High Risk Employees list, Departing Employees list, Risk Exposure, Alerts notifications, and Cases. For directions on assigning roles to Incydr users, see Roles for Incydr.

  • Limitations 
    • View-only capabilities; cannot make any changes in Incydr.
    • Cannot view the Audit Log (requires the Audit Log Viewer role).
    • Cannot add/deactivate users, devices, or organizations.
  • Scope of permissions
    • All organizations.

Manifest Viewer

Incydr Basic and Advanced, CrashPlan Cloud, and other plans only

Assign this role to people who need to access archive metadata so they can generate reports on files and their versions. This role is used only by APIs.

  • Limitations 
    • Does not directly grant access to view or manage users and organizations.
  • Scope of permissions
    • Used solely by APIs.
    • Allows access to archives for all organizations.

Multi-Factor Auth Admin

Assign this role to administrators who manage two-factor authentication for local users within a specific organization. Assign this role in conjunction with an administrative role with organization and user access rights such as Org Admin.

  • Limitations 
    • Does not directly grant access to view or manage users and organizations.
  • Scope of permissions
    • The user's organization and its child organizations.

Org Admin

Assign this role to administrators who manage users and devices within a specific organization. The person assigned this role can perform web restores, view data in reports, and update settings for users, devices, and organizations.

  • Limitations 
    • Limited access to the Code42 console command line interface (CLI).
    • Cannot access system logs.
  • Scope of permissions
    • The user's organization and its child organizations.

Org Admin - No Web Restore

Incydr Basic and Advanced, CrashPlan Cloud, and other plans only

Assign this role to administrators who manage users and devices within a specific organization and who do not perform web restores. The person assigned this role can update settings for users, devices, and organizations.

  • Limitations 
    • The user's organization and its child organizations.
  • Scope of permissions
    • Cannot add/deactivate users or computers outside their organization.
    • Limited access to the Code42 console command line interface (CLI).
    • Cannot access system logs.
    • Cannot perform web restores.

Org Computer Modify

Incydr Basic and Advanced, CrashPlan Cloud, and other plans only

Assign this role to individuals who modify device settings in their organization. Assign in conjunction with Org Help Desk to enable help desk personnel to add and deactivate user devices.

    Limitations 
    • Cannot modify settings of devices in other organizations.
    • Cannot add/deactivate users or organizations.
  • Scope of permissions
    • All organizations.

Org Help Desk

Incydr Basic and Advanced, CrashPlan Cloud, and other plans only

Assign this role to help desk personnel who assist others in their organization, but who do not change any settings. The people with this role can view users and devices, restore files to the source user's devices using the Code42 console, and use reports to view data. To allow people with this role to add and deactivate devices, assign this role in conjunction with the Org Computer Modify role. 

  • Limitations 
    • Cannot change settings.
    • Cannot add/deactivate users, devices, or organizations.
  • Scope of permissions
    • The user's organization and its child organizations.

Org Help Desk - No Restore

Incydr Basic and Advanced, CrashPlan Cloud, and other plans only

Assign this role to help desk personnel who assist others in their organization, but who do not change any settings or restore files for others. People with this role can view users and devices.

  • Limitations 
    • Cannot perform push or web restores.
    • Cannot change settings.
    • Cannot add/deactivate users, devices, or organizations.
  • Scope of permissions
    • The user's organization and its child organizations.

Org Legal Admin

Incydr Basic and Advanced, CrashPlan Cloud, and other plans only

Assign this role to legal personnel who place custodians on legal hold and administer legal holds for all organizations, but who only need to restore files from users within their organization. People with this role can restore files for legal hold collection purposes (push restore), and create, modify, and deactivate legal holds.

  • Limitations 
    • No "root" level access.
    • Cannot change settings.
    • Cannot add/deactivate users, devices, or organizations.
  • Scope of permissions
    • The user's organization and its child organizations.

Org Manager

Assign this role to executive users who need statistics, but not technical details, about their organization. People with this role can view users and devices, restore files to the source user's devices using the Code42 console, and view data in reports.

  • Limitations 
    • Cannot change settings.
    • Cannot add/deactivate users, devices, or organizations.
  • Scope of permissions
    • The user's organization and its child organizations.

Org Security Viewer

Incydr Basic and Advanced, CrashPlan Cloud, and other plans only

Assign this role to information security personnel who need to retrieve information from devices that use endpoint monitoring in their organization. People with this role can use the Activity Profile to view user activity detected by endpoint monitoring, and can view data in reports. This role only applies to customers with the retired Code42 Gold product plan. It must be assigned in conjunction with the Security Center User role. 

If this role is assigned to analysts who use Incydr, assign them the Insider Risk Read Only role instead. This role is designed specifically for users of Incydr and only contains permissions for use with Incydr product plans. For directions on assigning roles to Incydr users, see Roles for Incydr

  • Limitations 
    • Cannot view security data in features offered by other product plans than the Code42 Gold product plan (for example, Forensic Search, Alerts, Risk Exposure dashboard, and so on).
    • Does not restrict access by organization for security data features in non-Code42 Gold product plans.
    • Cannot change settings in the organization.
    • Cannot add/deactivate users, devices, or organizations.
  • Scope of permissions
    • The user's organization and its child organizations.

PROe User

Incydr Basic and Advanced, CrashPlan Cloud, and other plans only

This role is the default role for Code42 console users. People with this role can sign in to the Code42 console and restore files from the Code42 console.

  • Limitations 
    • Cannot access other information or functions of Code42 for Enterprise.
  • Scope of permissions
    • Assigned user.

Push Restore

Incydr Basic and Advanced, CrashPlan Cloud, and other plans only

Assign this role to help desk personnel who assist others with restoring data. People with this role can restore files from the Code42 console and view files within backup archives. Assign this role in conjunction with a role that has access to the Code42 console, such as Org Help Desk

  • Limitations 
    • Cannot add/deactivate users, organizations, or devices.
  • Scope of permissions
    • All organizations.

Remote File Selection

Incydr Basic and Advanced, CrashPlan Cloud, and other plans only

Assign this role to help desk personnel who monitor backups by viewing files within backup archives. Assign this role in conjunction with a role that has access to the Code42 console, such as Org Help Desk - No Restore.

  • Limitations 
    • Cannot add/deactivate users, organizations, or devices.
  • Scope of permissions
    • All organizations.

Security Administrator

Assign this role to an administrator whose work is limited to setup and maintenance of the Incydr installation. People assigned this role can configure data connections and perform client management jobs that include app downloadsdeployment policies, customizations, and Code42 app upgrades.

Assign this role instead of the Customer Cloud Admin role if the administrator's job is limited to setup and maintenance of the Incydr installation. For more information on assigning roles for Incydr, see Roles for Incydr.

  • Limitations 
    • Cannot use Incydr features.
  • Scope of permissions
    • All organizations.

Security Center User

Incydr Basic and Advanced, CrashPlan Cloud, and other plans only

Assign this role to information security personnel who need to view user activity detected by endpoint monitoring and who manage activity profilesThis role only applies to customers with the retired Code42 Gold product plan.

If this role is assigned to administrators or analysts who use Incydr, assign them either the Insider Risk Admin or Insider Risk Analyst role instead, depending on their responsibilities. These roles are designed specifically for users of Incydr and only contain permissions for use with Incydr product plans. For directions on assigning roles to Incydr users, see Roles for Incydr

  • Limitations 
    • Cannot change settings.
    • Cannot add/deactivate users, devices, or organizations.
    • Cannot restore files from Forensic Search (requires the Security Center - Restore role).
  • Scope of permissions
    • All organizations.

Security Center - Restore

Assign this role to information security personnel who need to restore files from Forensic Search. Assign in conjunction with an administrative role such as Insider Risk Admin or Insider Risk Analyst. For directions on assigning roles to Incydr users, see Roles for Incydr

  • Limitations 
    • Does not directly grant access to view or manage other users.
  • Scope of permissions
    • The user's organization and its child organizations.

User Modify

Incydr Basic and Advanced, CrashPlan Cloud, and other plans only

Assign this role to help desk personnel who modify user settings in their organization, but who do not modify device or organization settings. This role must be assigned in conjunction with a role that has access to the Code42 console, such as Cross Org Help Desk.

  • Limitations Scope of permissions
    • Cannot add or deactivate users.
    • Cannot update organization settings.
    • The user's organization and its child organizations.
  • Was this article helpful?