Skip to main content

Who is this article for?

CrashPlan Cloud
CrashPlan for Small Business

Find your product plan in the Code42 console on the Account menu.
Not a CrashPlan Cloud customer? Search or browse CrashPlan for Small Business or Incydr and Instructor.

Instructor, no.

Incydr Professional, Enterprise, Horizon, and Gov F2, no.

Incydr Basic, Advanced, and Gov F1, no.

CrashPlan Cloud, yes.

CrashPlan for Small Business, no.

HOME
GETTING STARTED
RELEASE NOTES
FAQs
APIs
SYSTEM STATUS
Code42 Support

Roles reference (CrashPlan)

Overview

Your Code42 environment has a pre-existing set of user roles that can be applied to user accounts. These standard user roles provide administrators with the fine-grained set of permissions needed for most use cases. This article describes the available standard roles, as well as the permissions for each.

To assign roles to users, see Manage user roles (CrashPlan). For use cases, see Role assignment use cases (CrashPlan).

Roles training 

Code42 University offers virtual instructor-led training for all major roles within Code42. Roles courses are included with the Code42 All Access Education Team Pass. For more information, see Instructor Led Training - Learn By Role.  

View roles

  1. Sign in to the Code42 console as a user with the Customer Cloud Admin role.
  2. Navigate to Administration > Environment > Users
  3. Click a user row to open the user details page. 
  4. Select Edit from the action menu in the upper-right corner.
  5. Click the Roles tab. 
  6. Select a role from the Available Roles or Current Roles lists.
    The permissions granted by the selected role are displayed in the Role's Permissions table. 

View roles.

Roles for Incydr
The following roles appear in the Roles tab, but are for use only by users with Incydr product plans:
  • Agent User
  • Alert Rule Builder
  • Departing Employee Manager
  • High Risk Employee Manager
  • Insider Risk Admin
  • Insider Risk Analyst
  • Insider Risk Read Only
  • Insider Risk Respond
  • Security Center - Restore

For information about these Incydr-only roles, see Roles reference and Roles for Incydr.

Standard roles for CrashPlan

Admin Restore

Assign this role to administrators who restore data for users using the Code42 console. Assign this role in conjunction with a role that has access to the Code42 console, such as PROe User or Desktop User.

  • Limitations 
    • No access to the Code42 console or Code42 app.
  • Scope of permissions
    • All organizations.
Permissions Description
restore.all Permission to perform a full web restore for all devices user has authority to manage.
restore.limited Permission to perform a limited size web restore for all devices user has authority to manage.
restore.personal Permission to perform a personal web restore.

Admin Restore Limited

Assign this role to administrators who restore a limited amount of data for users using the Code42 console. The amount that this role is limited to restore is defined by Web restore limit in organization settings. Assign this role in conjunction with a role that has access to the Code42 console, such as PROe User or Desktop User.

  • Limitations 
    • No access to the Code42 console or Code42 app.
  • Scope of permissions
    • All organizations.
Permissions Description
restore.limited Permission to perform a limited size web restore for all devices user has authority to manage.

Alert Emails

Assign this role to administrators who want to receive warning and critical alerts emails to monitor the frequency and success of backup operations for their users' devices.

    Limitations 
    • No "root" level access.
  • Scope of permissions
    • All organizations.
Permissions Description
ReceivesAlert.EMAIL Permission to receive alert emails.

Audit Log Viewer

Assign this role to information security personnel who need to review events in the Audit Log

Assign this role in conjunction with a role that has access to the Code42 console, such as PROe User or Desktop User.

  • Limitations 
    • Cannot perform any functions except view the Audit Log.
  • Scope of permissions
    • All organizations.
Permissions Description
auditlog.read Permission to view Audit Log events.

Cross Org Admin

Assign this role to administrators who manage users and devices in all organizations, and who need to restore files for users. 

    Limitations 
    • Has only limited access to the Code42 console command line interface (CLI).
    • Cannot access system logs.
  • Scope of permissions
    • All organizations.
Permissions Description
account.update For internal use only.
console.login Permission to log in to the Code42 console.
cpd.restore Permission to restore from the Code42 app.
crossorg_computer.all Permission to access, alter, or remove any computer information across the customer's organization.
crossorg_computer.delete Permission to delete any computer across the customer's organization.
crossorg_computer.read Permission to view computer information across the customer's organization.
crossorg_computer.update Permission to update computer information across the customer's organization.
crossorg_org.create Permission to create new parent organizations across the customer's organization.
crossorg_org.delete Permission to delete any org across the customer's organization.
crossorg_org.read Permission to view organization information across the customer's organization.
crossorg_org.update_deactivate Permission to update organization information and deactivate organizations across the customer's organization.
crossorg_plan.all Permission to create, read, update and delete plans across the customer's organization.
crossorg_plan.create Permission to create plans across the customer's organization.
crossorg_plan.delete Permission to delete plans across the customer's organization.
crossorg_plan.read Permission to read information about plans across the customer's organization.
crossorg_plan.update Permission to update information on plans across the customer's organization.
crossorg_user.all Permission to access, alter, or remove any user information across the customer's organization.
crossorg_user.create Permission to create users across the customer's organization.
crossorg_user.delete Permission to delete users across the customer's organization.
crossorg_user.read Permission to view user information across the customer's organization.
crossorg_user.update Permission to update user information across the customer's organization.
fileforensics.settings_write Permission to view and edit file forensics related settings.
preservation.archive.purgepath Permission to remove specified paths and associated file versions from archives.
pushrestore.all Permission to perform a push restore from and to any device the user has authority to manage.
pushrestore.limited Permission to perform a push restore only to the source user's devices. There is no size limit.
pushrestore.personal Permission to perform a personal push restore.
restore.all Permission to perform a full web restore for all devices user has authority to manage.
restore.limited Permission to perform a limited size web restore for all devices user has authority to manage.
restore.personal Permission to perform a personal web restore.
search.configure Permission to configure search related settings.
securitytools.settings_write Permission to edit settings for Code42 Security Tools.
select.all Permission to remotely browse file and directory names for all devices user has authority to manage. Used for remotely selecting push-restore destination and backup sources.
select.personal Permission to remotely browse file and directory names for personal devices. Used for remotely selecting push-restore destination and backup sources.
system.command_restricted View the CLI and run any command for which the user has permission.
viewlogs.device Allows access to agent logs for any device the user has read permissions to

Cross Org Admin - No Restore

Assign this role to administrators who manage users and devices in all organizations, but who should not restore files for users. 

    Limitations 
    • Cannot perform push or web restores.
    • Limited access to the Code42 console command line interface (CLI).
    • Cannot access system logs.
  • Scope of permissions
    • All organizations.
Permissions Description
account.update For internal use only.
console.login Permission to log in to the Code42 console.
cpd.restore Permission to restore from the Code42 app.
crossorg_computer.all Permission to access, alter, or remove any computer information across the customer's organization.
crossorg_computer.delete Permission to delete any computer across the customer's organization.
crossorg_computer.read Permission to view computer information across the customer's organization.
crossorg_computer.update Permission to update computer information across the customer's organization.
crossorg_org.create Permission to create new parent organizations across the customer's organization.
crossorg_org.delete Permission to delete any org across the customer's organization.
crossorg_org.read Permission to view organization information across the customer's organization.
crossorg_org.update_deactivate Permission to update organization information and deactivate organizations across the customer's organization.
crossorg_plan.all Permission to create, read, update and delete plans across the customer's organization.
crossorg_plan.create Permission to create plans across the customer's organization.
crossorg_plan.delete Permission to delete plans across the customer's organization.
crossorg_plan.read Permission to read information about plans across the customer's organization.
crossorg_plan.update Permission to update information on plans across the customer's organization.
crossorg_user.all Permission to access, alter, or remove any user information across the customer's organization.
crossorg_user.create Permission to create users across the customer's organization.
crossorg_user.delete Permission to delete users across the customer's organization.
crossorg_user.read Permission to view user information across the customer's organization.
crossorg_user.update Permission to update user information across the customer's organization.
fileforensics.settings_write Permission to view and edit file forensics related settings.
pushrestore.personal Permission to perform a personal push restore.
   
search.configure Permission to configure search related settings.
securitytools.settings_write Permission to edit settings for Code42 Security Tools.
select.all Permission to remotely browse file and directory names for all devices user has authority to manage. Used for remotely selecting push-restore destination and backup sources.
select.personal Permission to remotely browse file and directory names for personal devices. Used for remotely selecting push-restore destination and backup sources.
system.command_restricted View the CLI and run any command for which the user has permission.
viewlogs.device Allows access to agent logs for any device the user has read permissions to

Cross Org Computer Modify

Assign this role to individuals who modify device settings in all organizations. Assign in conjunction with Cross Org Help Desk to allow help desk personnel to add and deactivate user devices.

    Limitations 
    • Cannot add/deactivate users or organizations.
  • Scope of permissions
    • All organizations.
Permissions Description
crossorg_computer.update Permission to update computer information across the customer's organization.
crossorg_user.read Permission to view user information across the customer's organization.

Cross Org Help Desk

Assign this role to help desk personnel who assist others in all organizations, but who cannot change any settings. The people with this role can view users and devices, restore files to the source user's devices using the Code42 console, and use reports to view data. To allow people with this role to add and deactivate user devices, assign this role in conjunction with the Cross Org Computer Modify role. 

    Limitations 
    • Cannot change settings.
    • Cannot add/deactivate users, devices, or organizations.
  • Scope of permissions
    • All organizations.
Permissions Description
console.login Permission to log in to the Code42 console.
cpd.restore Permission to restore from the Code42 app.
crossorg_computer.read Permission to view computer information across the customer's organization.
crossorg_org.read Permission to view organization information across the customer's organization.
crossorg_plan.read Permission to read information about plans across the customer's organization.
crossorg_user.read Permission to view user information across the customer's organization.
pushrestore.limited Permission to perform a push restore only to the source user's devices. There is no size limit.
select.all Permission to remotely browse file and directory names for all devices user has authority to manage. Used for remotely selecting push-restore destination and backup sources.
select.personal Permission to remotely browse file and directory names for personal devices. Used for remotely selecting push-restore destination and backup sources.

Cross Org Help Desk - No Restore

Assign this role to help desk personnel who assist others in all organizations, but who do not change any settings or restore files for others. People with this role can view users and devices and use reports to view data.

    Limitations 
    • Cannot perform push or web restores.
    • Cannot change settings.
    • Cannot add/deactivate users, devices, or organizations.
  • Scope of permissions
    • All organizations.
Permissions Description
console.login Permission to log in to the Code42 console.
cpd.restore Permission to restore from the Code42 app.
crossorg_computer.read Permission to view computer information across the customer's organization.
crossorg_org.read Permission to view organization information across the customer's organization.
crossorg_plan.read Permission to read information about plans across the customer's organization.
crossorg_user.read Permission to view user information across the customer's organization.

Cross Org Legal Admin

Assign this role to legal personnel who place custodians on legal hold and administer legal holds for all organizations. People with this role can restore files for legal hold collection purposes (push restore), view data in reports, and create, modify, and deactivate legal holds.

    Limitations 
    • No "root" level access.
    • Cannot change settings.
    • Cannot add or deactivate users, devices, or organizations.
  • Scope of permissions
    • All organizations.
Permissions Description
console.login Permission to log in to the Code42 console.
crossorg_computer.read Permission to view computer information across the customer's organization.
crossorg_org.read Permission to view organization information across the customer's organization.
crossorg_plan.all Permission to create, read, update and delete plans across the customer's organization.
crossorg_plan.create Permission to create plans across the customer's organization.
crossorg_plan.delete Permission to delete plans across the customer's organization.
crossorg_plan.read Permission to read information about plans across the customer's organization.
crossorg_plan.update Permission to update information on plans across the customer's organization.
crossorg_user.read Permission to view user information across the customer's organization.
legalhold.all Permission to perform any operation regarding any Legal Hold
legalhold.create Permission to create a Legal Hold
legalhold.modify_membership Permission to add/remove users to/from any Legal Hold
legalhold.read Permission to view any Legal Hold
legalhold.update Permission to update any Legal Hold
pushrestore.all Permission to perform a push restore from and to any device the user has authority to manage.
pushrestore.limited Permission to perform a push restore only to the source user's devices. There is no size limit.
pushrestore.personal Permission to perform a personal push restore.
restore.all Permission to perform a full web restore for all devices user has authority to manage.
restore.limited Permission to perform a limited size web restore for all devices user has authority to manage.
restore.personal Permission to perform a personal web restore.
select.all Permission to remotely browse file and directory names for all devices user has authority to manage. Used for remotely selecting push-restore destination and backup sources.
select.personal Permission to remotely browse file and directory names for personal devices. Used for remotely selecting push-restore destination and backup sources.

Cross Org Manager

Assign this role to executive users who need statistics, but not technical details, about all organizations. People with this role can view users and devices, restore files to the source user's devices using the Code42 console, and view data in reports.

  • Limitations 
    • Cannot change settings.
    • Cannot add/deactivate users, devices, or organizations.
  • Scope of permissions
    • All organizations.
Permissions Description
console.login Permission to log in to the Code42 console.
cpd.restore Permission to restore from the Code42 app.
crossorg_computer.read Permission to view computer information across the customer's organization.
crossorg_org.read Permission to view organization information across the customer's organization.
crossorg_plan.read Permission to read information about plans across the customer's organization.
crossorg_user.read Permission to view user information across the customer's organization.
pushrestore.personal Permission to perform a personal push restore.
restore.limited Permission to perform a limited size web restore for all devices user has authority to manage.
restore.personal Permission to perform a personal web restore.
select.personal Permission to remotely browse file and directory names for personal devices. Used for remotely selecting push-restore destination and backup sources.

Cross Org Security Viewer

Assign this role to information security personnel who need to retrieve information from devices that use endpoint monitoring in all organizations. People with this role can use the Activity Profile to view user activity detected by endpoint monitoring, and view data in reports. This role only applies to customers with the retired Code42 Gold product plan. It must be assigned in conjunction with the Security Center User role. 

  • Limitations 
    • Cannot view security data in features offered by other product plans than the Code42 Gold product plan (for example, Forensic Search, Alerts, Risk Exposure dashboard, and so on).
    • Cannot change settings in organizations.
    • Cannot add/deactivate users, devices, or organizations.
  • Scope of permissions
    • All organizations.
Permissions Description
console.login Permission to log in to the Code42 console.
crossorg_computer.read Permission to view computer information across the customer's organization.
crossorg_org.read Permission to view organization information across the customer's organization.
crossorg_plan.read Permission to read information about plans across the customer's organization.
crossorg_user.read Permission to view user information across the customer's organization.
securitytools.data_read Permission to view data collected by Code42 Security Tools.

Cross Org User Modify

Assign this role to help desk personnel who modify user settings on all organizations, but not device or organization settings. This role must be assigned in conjunction with a role that has access to the Code42 console, such as Cross Org Help Desk.

  • Limitations 
    • Cannot add or deactivate users.
    • Cannot update organization settings.
  • Scope of permissions
    • All organizations.
Permissions Description
crossorg_user.read Permission to view user information across the customer's organization.
crossorg_user.update Permission to update user information across the customer's organization.

Customer Cloud Admin

Assign this role to "super user" administrators who should have all possible permissions. People with this role have permissions to perform the tasks of any role.

Use with caution
Always assign roles so that users have the lowest level of privilege needed to perform their jobs. Do not assign the Customer Cloud Admin role if another role will provide the desired permissions. 
  • Limitations 
    • Limited access to the Code42 console command line interface (CLI).
    • Cannot access system logs.
  • Scope of permissions
    • All organizations.
Permissions Description
accesslock.all Permission to perform all accessLock related functions.
account.update For internal use only.
alerting.alerts.read View alerts generated.
alerting.alerts.write Manage generated alerts, including ability to edit notes and status.
alerting.rules.read View rules configured for alerts.
alerting.rules.write Create and modify alert rules.
api_client.read Permission to view API client information.
api_client.write Permission to create, modify and remove API client information.
auditlog.read Permission to view Audit Log events.
cases.content.read View all case information, including events and findings.
cases.content.write Edit all aspects of a case, including add/remove file events, assign subjects, statuses, and add/edit findings.
client_management.agent_channel_upgrade.read Permission to read AgentUpgradeChannel information.
client_management.agent_channel_upgrade.subscribe Permission to subscribe to an AgentUpgradeChannel.
client_management.deployment_policy.read Permission to read DeploymentPolicy information.
client_management.deployment_policy.write Permission to write DeploymentPolicy information.
client_management.device_upgrade.read Permission to read DeviceUpgrade (DCU) settings.
client_management.device_upgrade.write Permission to write DeviceUpgrade (DCU) settings.
console.login Permission to log in to the Code42 console.
cpd.restore Permission to restore from the Code42 app.
crossorg_computer.all Permission to access, alter, or remove any computer information across the customer's organization.
crossorg_computer.delete Permission to delete any computer across the customer's organization.
crossorg_computer.read Permission to view computer information across the customer's organization.
crossorg_computer.update Permission to update computer information across the customer's organization.
crossorg_org.create Permission to create new parent organizations across the customer's organization.
crossorg_org.delete Permission to delete any org across the customer's organization.
crossorg_org.read Permission to view organization information across the customer's organization.
crossorg_org.update_deactivate Permission to update organization information and deactivate organizations across the customer's organization.
crossorg_org.update_restricted Permission to update restricted organization information across the customer's organization.
crossorg_plan.all Permission to create, read, update and delete plans across the customer's organization.
crossorg_plan.create Permission to create plans across the customer's organization.
crossorg_plan.delete Permission to delete plans across the customer's organization.
crossorg_plan.read Permission to read information about plans across the customer's organization.
crossorg_plan.update Permission to update information on plans across the customer's organization.
crossorg_user.all Permission to access, alter, or remove any user information across the customer's organization.
crossorg_user.create Permission to create users across the customer's organization.
crossorg_user.delete Permission to delete users across the customer's organization.
crossorg_user.read Permission to view user information across the customer's organization.
crossorg_user.update Permission to update user information across the customer's organization.
customer_admin.all Permission to configure settings for your entire environment, such as subscription information and single sign-on (SSO).
dataconnections.settings.read View all settings configured for Data Connections.
dataconnections.settings.write Add, edit, and remove settings configured for Data Connections.
datapreferences.settings.read View all settings configured for Data Preferences.
datapreferences.settings.write Add, edit, and remove settings configured for Data Preferences.
detectionlists.departingemployee.read View users on the departing employee list, including notes, departure date, attributes, and event counts.
detectionlists.departingemployee.write Add and remove users from the departing employee list, including details for departure date.
detectionlists.departingemployeealerts.read View departing employee alert settings.
detectionlists.departingemployeealerts.write Modify departing employee alert settings.
detectionlists.highriskemployee.read View users on the high risk employee list, including notes, attributes, and risk factors.
detectionlists.highriskemployee.write Add and remove users from high risk employee list.
detectionlists.highriskemployeealerts.read View high risk employee alert settings.
detectionlists.highriskemployeealerts.write Modify high risk employee alert settings.
detectionlists.userprofile.read Ability to search for user profiles and get basic user information such as their name, department, and cloud aliases.
detectionlists.userprofile.write Ability to add and remove cloud alias names from a user profile.
detectionlists.userprofilenotes.read Ability to view user notes.
detectionlists.userprofilenotes.write Ability to update user notes.
directory.identity_management.read View identity management integrations.
directory.identity_management.write Create and modify identity management integrations.
directory.keystore.read View keystore configuration and status.
directory.keystore.write Modify keystore configuration, start migrations.
directory.uac.elevated_role_manage Authorize principal to manage role assignments for any customer role.
email.update Permission to change customer-specific email settings and content.
fileforensics.restore Permission to download (restore) files from within Security Center.
fileforensics.settings_write Permission to view and edit file forensics related settings.
legalhold.all Permission to perform any operation regarding any Legal Hold
legalhold.create Permission to create a Legal Hold
legalhold.modify_membership Permission to add/remove users to/from any Legal Hold
legalhold.read Permission to view any Legal Hold
legalhold.update Permission to update any Legal Hold
notify_new_location.all Permission to view and update whether the user is notified on login from a new location.
notify_new_location.read Permission to read whether the user is notified on login from a new location.
notify_new_location.update Permission to update whether the user is notified on login from a new location.
preservation.archive.purgepath Permission to remove specified paths and associated file versions from archives.
preservation.metadata.read Permission to view the preservation manifest for any archive in the organization.
prioritization.settings.read View all available risk settings, including the risk indicators and corresponding weights.
prioritization.settings.write Edit all aspects of risk settings, including the weight assigned to individual risk indicators.
pushrestore.all Permission to perform a push restore from and to any device the user has authority to manage.
pushrestore.limited Permission to perform a push restore only to the source user's devices. There is no size limit.
pushrestore.personal Permission to perform a personal push restore.
restore.all Permission to perform a full web restore for all devices user has authority to manage.
restore.limited Permission to perform a limited size web restore for all devices user has authority to manage.
restore.personal Permission to perform a personal web restore.
search.configure Permission to configure search related settings.
search.fileevents.read View, search, and export event-level metadata about file and data movement. Includes access to Forensic Search web app and related APIs.
search.saved.read View saved searches that have been created in Forensic Search.
search.saved.write Create, modify, and delete saved searches in Forensic Search.
securitytools.data_read Permission to view data collected by Code42 Security Tools.
securitytools.settings_write Permission to edit settings for Code42 Security Tools.
select.all Permission to remotely browse file and directory names for all devices user has authority to manage. Used for remotely selecting push-restore destination and backup sources.
select.personal Permission to remotely browse file and directory names for personal devices. Used for remotely selecting push-restore destination and backup sources.
support_user.toggle_creation Permission to enable/disable support user creation.
system.command_restricted View the CLI and run any command for which the user has permission.
twofactorauth.configure Permission to view and edit two-factor auth settings for local users.
viewlogs.device Allows access to agent logs for any device the user has read permissions to
visualizations.endpointhealth.read View device health information for collection of file events.
visualizations.risksummaries.read View the risk exposure visualizations.

Desktop User

This role is the default role for Code42 app users. People with this role can sign in to the Code42 app, select files for backup in the Code42 app, and restore files from the Code42 app.

  • Limitations 
    • Cannot interact with other users' data or change settings in the Code42 environment.
  • Scope of permissions
    • Assigned user.
Permissions Description
cpd.restore Permission to restore from the Code42 app.
plan.create Permission to create plans within a user's organization hierarchy.
restore.personal Permission to perform a personal web restore.
select.personal Permission to remotely browse file and directory names for personal devices. Used for remotely selecting push-restore destination and backup sources.

Desktop User - No Web Restore

Assign this role to users of the Code42 app who do not need to perform restores using the Code42 console. People with this role can still restore files from the Code42 app and select files for backup in the Code42 app.

  • Limitations 
    • Cannot interact with other users' data or change settings.
    • Cannot perform web restores.
  • Scope of permissions
    • Assigned user.
Permissions Description
cpd.restore Permission to restore from the Code42 app.
select.personal Permission to remotely browse file and directory names for personal devices. Used for remotely selecting push-restore destination and backup sources.

Identity Management Administrator

Assign this role to an administrator whose work is limited to setup and maintenance of Identity Management. People assigned this role can configure single sign-on and provisioning

Use with caution
The directory.uac.elevated_role_manage permission allows a user with this role to assign any user to any role. Always assign roles so that users have the lowest level of privilege needed to perform their jobs.
  • Scope of permissions
    • All organizations.
Permissions Description
console.login Permission to log in to the Code42 console.
directory.identity_management.read View identity management integrations.
directory.identity_management.write Create and modify identity management integrations.
directory.uac.elevated_role_manage Authorize principal to manage role assignments for any customer role.

Manifest Viewer

Assign this role to people who need to access archive metadata so they can generate reports on files and their versions. This role is used only by APIs.

  • Limitations 
    • Does not directly grant access to view or manage users and organizations.
  • Scope of permissions
    • Used solely by APIs.
    • Allows access to archives for all organizations.
Permissions Description
preservation.metadata.read Permission to view the preservation manifest for any archive in the organization.

Multi-Factor Auth Admin

Assign this role to administrators who manage two-factor authentication for local users within a specific organization. Assign this role in conjunction with an administrative role with organization and user access rights such as Org Admin.

  • Limitations 
    • Does not directly grant access to view or manage users and organizations.
  • Scope of permissions
    • The user's organization and its child organizations.
Permissions Description
twofactorauth.configure Permission to view and edit two-factor auth settings for local users.

Org Admin

Assign this role to administrators who manage users and devices within a specific organization. The person assigned this role can perform web restores, view data in reports, and update settings for users, devices, and organizations.

  • Limitations 
    • Limited access to the Code42 console command line interface (CLI).
    • Cannot access system logs.
  • Scope of permissions
    • The user's organization and its child organizations.
Permissions Description
account.update For internal use only.
computer.all Permission to access, alter, or remove any computer information.
computer.delete Permission to delete computer.
computer.read Permission to view computer information.
computer.update Permission to update computer information.
console.login Permission to log in to the Code42 console.
cpd.restore Permission to restore from the Code42 app.
fileforensics.settings_write Permission to view and edit file forensics related settings.
org.create Permission to create child organizations within user's organization.
org.delete Permission to delete information within user's organization.
org.read Permission to view org information within user's organization.
org.update_deactivate Permission to update information within a user's organization and deactivate organizations.
plan.all Permission to create, read, update and delete plans within a user's organization hierarchy.
plan.create Permission to create plans within a user's organization hierarchy.
plan.delete Permission to delete plans from a user's organization hierarchy.
plan.read Permission to read information about plans within a user's organization hierarchy.
plan.update Permission to update information on plans within a user's organization hierarchy.
preservation.archive.purgepath Permission to remove specified paths and associated file versions from archives.
pushrestore.all Permission to perform a push restore from and to any device the user has authority to manage.
pushrestore.limited Permission to perform a push restore only to the source user's devices. There is no size limit.
pushrestore.personal Permission to perform a personal push restore.
restore.all Permission to perform a full web restore for all devices user has authority to manage.
restore.limited Permission to perform a limited size web restore for all devices user has authority to manage.
restore.personal Permission to perform a personal web restore.
search.configure Permission to configure search related settings.
securitytools.settings_write Permission to edit settings for Code42 Security Tools.
select.all Permission to remotely browse file and directory names for all devices user has authority to manage. Used for remotely selecting push-restore destination and backup sources.
select.personal Permission to remotely browse file and directory names for personal devices. Used for remotely selecting push-restore destination and backup sources.
system.command_restricted View the CLI and run any command for which the user has permission.
user.all Permission to access, alter or remove any user information.
user.create Permission to create users.
user.delete Permission to delete users.
user.read Permission to view user information.
user.update Permission to update user information.
viewlogs.device Allows access to agent logs for any device the user has read permissions to

Org Admin - No Web Restore

Assign this role to administrators who manage users and devices within a specific organization and who do not perform web restores. The person assigned this role can update settings for users, devices, and organizations.

  • Limitations 
    • The user's organization and its child organizations.
  • Scope of permissions
    • Cannot add/deactivate users or computers outside their organization.
    • Limited access to the Code42 console command line interface (CLI).
    • Cannot access system logs.
    • Cannot perform web restores.
Permissions Description
account.update For internal use only.
computer.all Permission to access, alter, or remove any computer information.
computer.delete Permission to delete computer.
computer.read Permission to view computer information.
computer.update Permission to update computer information.
console.login Permission to log in to the Code42 console.
cpd.restore Permission to restore from the Code42 app.
fileforensics.settings_write Permission to view and edit file forensics related settings.
org.create Permission to create child organizations within user's organization.
org.delete Permission to delete information within user's organization.
org.read Permission to view org information within user's organization.
org.update_deactivate Permission to update information within a user's organization and deactivate organizations.
plan.all Permission to create, read, update and delete plans within a user's organization hierarchy.
plan.create Permission to create plans within a user's organization hierarchy.
plan.delete Permission to delete plans from a user's organization hierarchy.
plan.read Permission to read information about plans within a user's organization hierarchy.
plan.update Permission to update information on plans within a user's organization hierarchy.
pushrestore.all Permission to perform a push restore from and to any device the user has authority to manage.
pushrestore.limited Permission to perform a push restore only to the source user's devices. There is no size limit.
pushrestore.personal Permission to perform a personal push restore.
search.configure Permission to configure search related settings.
securitytools.settings_write Permission to edit settings for Code42 Security Tools.
select.all Permission to remotely browse file and directory names for all devices user has authority to manage. Used for remotely selecting push-restore destination and backup sources.
select.personal Permission to remotely browse file and directory names for personal devices. Used for remotely selecting push-restore destination and backup sources.
system.command_restricted View the CLI and run any command for which the user has permission.
user.all Permission to access, alter or remove any user information.
user.create Permission to create users.
user.delete Permission to delete users.
user.read Permission to view user information.
user.update Permission to update user information.
viewlogs.device Allows access to agent logs for any device the user has read permissions to

Org Computer Modify

Assign this role to individuals who modify device settings in their organization. Assign in conjunction with Org Help Desk to enable help desk personnel to add and deactivate user devices.

    Limitations 
    • Cannot modify settings of devices in other organizations.
    • Cannot add/deactivate users or organizations.
  • Scope of permissions
    • All organizations.
Permissions Description
computer.update Permission to update computer information.
user.read Permission to view user information.

Org Help Desk

Assign this role to help desk personnel who assist others in their organization, but who do not change any settings. The people with this role can view users and devices, restore files to the source user's devices using the Code42 console, and use reports to view data. To allow people with this role to add and deactivate devices, assign this role in conjunction with the Org Computer Modify role. 

  • Limitations 
    • Cannot change settings.
    • Cannot add/deactivate users, devices, or organizations.
  • Scope of permissions
    • The user's organization and its child organizations.
Permissions Description
computer.read Permission to view computer information.
console.login Permission to log in to the Code42 console.
cpd.restore Permission to restore from the Code42 app.
org.read Permission to view org information within user's organization.
plan.read Permission to read information about plans within a user's organization hierarchy.
pushrestore.limited Permission to perform a push restore only to the source user's devices. There is no size limit.
select.all Permission to remotely browse file and directory names for all devices user has authority to manage. Used for remotely selecting push-restore destination and backup sources.
select.personal Permission to remotely browse file and directory names for personal devices. Used for remotely selecting push-restore destination and backup sources.
user.read Permission to view user information.

Org Help Desk - No Restore

Assign this role to help desk personnel who assist others in their organization, but who do not change any settings or restore files for others. People with this role can view users and devices.

  • Limitations 
    • Cannot perform push or web restores.
    • Cannot change settings.
    • Cannot add/deactivate users, devices, or organizations.
  • Scope of permissions
    • The user's organization and its child organizations.
Permissions Description
computer.read Permission to view computer information.
console.login Permission to log in to the Code42 console.
cpd.restore Permission to restore from the Code42 app.
org.read Permission to view org information within user's organization.
plan.read Permission to read information about plans within a user's organization hierarchy.
user.read Permission to view user information.

Org Legal Admin

Assign this role to legal personnel who place custodians on legal hold and administer legal holds for all organizations, but who only need to restore files from users within their organization. People with this role can restore files for legal hold collection purposes (push restore), and create, modify, and deactivate legal holds.

  • Limitations 
    • No "root" level access.
    • Cannot change settings.
    • Cannot add/deactivate users, devices, or organizations.
  • Scope of permissions
    • The user's organization and its child organizations.
Permissions Description
computer.read Permission to view computer information.
console.login Permission to log in to the Code42 console.
legalhold.all Permission to perform any operation regarding any Legal Hold
legalhold.create Permission to create a Legal Hold
legalhold.modify_membership Permission to add/remove users to/from any Legal Hold
legalhold.read Permission to view any Legal Hold
legalhold.update Permission to update any Legal Hold
org.read Permission to view org information within user's organization.
plan.all Permission to create, read, update and delete plans within a user's organization hierarchy.
plan.create Permission to create plans within a user's organization hierarchy.
plan.delete Permission to delete plans from a user's organization hierarchy.
plan.read Permission to read information about plans within a user's organization hierarchy.
plan.update Permission to update information on plans within a user's organization hierarchy.
pushrestore.all Permission to perform a push restore from and to any device the user has authority to manage.
pushrestore.limited Permission to perform a push restore only to the source user's devices. There is no size limit.
pushrestore.personal Permission to perform a personal push restore.
restore.all Permission to perform a full web restore for all devices user has authority to manage.
restore.limited Permission to perform a limited size web restore for all devices user has authority to manage.
restore.personal Permission to perform a personal web restore.
select.all Permission to remotely browse file and directory names for all devices user has authority to manage. Used for remotely selecting push-restore destination and backup sources.
select.personal Permission to remotely browse file and directory names for personal devices. Used for remotely selecting push-restore destination and backup sources.
user.read Permission to view user information.

Org Manager

Assign this role to executive users who need statistics, but not technical details, about their organization. People with this role can view users and devices, restore files to the source user's devices using the Code42 console, and view data in reports.

  • Limitations 
    • Cannot change settings.
    • Cannot add/deactivate users, devices, or organizations.
  • Scope of permissions
    • The user's organization and its child organizations.
Permissions Description
computer.read Permission to view computer information.
console.login Permission to log in to the Code42 console.
cpd.restore Permission to restore from the Code42 app.
org.read Permission to view org information within user's organization.
plan.read Permission to read information about plans within a user's organization hierarchy.
pushrestore.personal Permission to perform a personal push restore.
restore.limited Permission to perform a limited size web restore for all devices user has authority to manage.
restore.personal Permission to perform a personal web restore.
select.personal Permission to remotely browse file and directory names for personal devices. Used for remotely selecting push-restore destination and backup sources.
user.read Permission to view user information.
viewlogs.device Allows access to agent logs for any device the user has read permissions to

Org Security Viewer

Assign this role to information security personnel who need to retrieve information from devices that use endpoint monitoring in their organization. People with this role can use the Activity Profile to view user activity detected by endpoint monitoring, and can view data in reports. This role only applies to customers with the retired Code42 Gold product plan. It must be assigned in conjunction with the Security Center User role. 

  • Limitations 
    • Cannot view security data in features offered by other product plans than the Code42 Gold product plan (for example, Forensic Search, Alerts, Risk Exposure dashboard, and so on).
    • Does not restrict access by organization for security data features in non-Code42 Gold product plans.
    • Cannot change settings in the organization.
    • Cannot add/deactivate users, devices, or organizations.
  • Scope of permissions
    • The user's organization and its child organizations.
Permissions Description
computer.read Permission to view computer information.
console.login Permission to log in to the Code42 console.
org.read Permission to view org information within user's organization.
plan.read Permission to read information about plans within a user's organization hierarchy.
securitytools.data_read Permission to view data collected by Code42 Security Tools.
user.read Permission to view user information.

PROe User

This role is the default role for Code42 console users. People with this role can sign in to the Code42 console and restore files from the Code42 console.

  • Limitations 
    • Cannot access other information or functions of Code42 for Enterprise.
  • Scope of permissions
    • Assigned user.
Permissions Description
console.login Permission to log in to the Code42 console.
cpd.restore Permission to restore from the Code42 app.

Push Restore

Assign this role to help desk personnel who assist others with restoring data. People with this role can restore files from the Code42 console and view files within backup archives. Assign this role in conjunction with a role that has access to the Code42 console, such as Org Help Desk

  • Limitations 
    • Cannot add/deactivate users, organizations, or devices.
  • Scope of permissions
    • All organizations.
Permissions Description
pushrestore.all Permission to perform a push restore from and to any device the user has authority to manage.
pushrestore.limited Permission to perform a push restore only to the source user's devices. There is no size limit.
pushrestore.personal Permission to perform a personal push restore.
select.all Permission to remotely browse file and directory names for all devices user has authority to manage. Used for remotely selecting push-restore destination and backup sources.
select.personal Permission to remotely browse file and directory names for personal devices. Used for remotely selecting push-restore destination and backup sources.

Remote File Selection

Assign this role to help desk personnel who monitor backups by viewing files within backup archives. Assign this role in conjunction with a role that has access to the Code42 console, such as Org Help Desk - No Restore.

  • Limitations 
    • Cannot add/deactivate users, organizations, or devices.
  • Scope of permissions
    • All organizations.
Permissions Description
select.all Permission to remotely browse file and directory names for all devices user has authority to manage. Used for remotely selecting push-restore destination and backup sources.
select.personal Permission to remotely browse file and directory names for personal devices. Used for remotely selecting push-restore destination and backup sources.

Security Administrator

Assign this role to an administrator whose work is limited to setup and maintenance of the Code42 installation. People assigned this role can perform client management jobs that include app downloadsdeployment policies, customizations, and Code42 app upgrades.

Assign this role instead of the Customer Cloud Admin role if the administrator's job is limited to setup and maintenance of the Code42 installation. 

  • Limitations 
    • Cannot add or deactivate users.
  • Scope of permissions
    • All organizations.
Permissions Description
client_management.agent_channel_upgrade.read Permission to read AgentUpgradeChannel information.
client_management.agent_channel_upgrade.subscribe Permission to subscribe to an AgentUpgradeChannel.
client_management.deployment_policy.read Permission to read DeploymentPolicy information.
client_management.deployment_policy.write Permission to write DeploymentPolicy information.
client_management.device_upgrade.read Permission to read DeviceUpgrade (DCU) settings.
client_management.device_upgrade.write Permission to write DeviceUpgrade (DCU) settings.
console.login Permission to log in to the Code42 console.
customer_admin.all Permission to configure settings for your entire environment, such as subscription information and single sign-on (SSO).
dataconnections.settings.read View all settings configured for Data Connections.
dataconnections.settings.write Add, edit, and remove settings configured for Data Connections.

Security Center User

Assign this role to information security personnel who need to view user activity detected by endpoint monitoring and who manage activity profiles. This role only applies to customers with the retired Code42 Gold product plan.

  • Limitations 
    • Cannot change settings.
    • Cannot add/deactivate users, devices, or organizations.
  • Scope of permissions
    • All organizations.
Permissions Description
alerting.alerts.read View alerts generated.
alerting.alerts.write Manage generated alerts, including ability to edit notes and status.
alerting.rules.read View rules configured for alerts.
alerting.rules.write Create and modify alert rules.
cases.content.read View all case information, including events and findings.
cases.content.write Edit all aspects of a case, including add/remove file events, assign subjects, statuses, and add/edit findings.
crossorg_org.read Permission to view organization information across the customer's organization.
crossorg_user.read Permission to view user information across the customer's organization.
datapreferences.settings.read View all settings configured for Data Preferences.
datapreferences.settings.write Add, edit, and remove settings configured for Data Preferences.
detectionlists.departingemployee.read View users on the departing employee list, including notes, departure date, attributes, and event counts.
detectionlists.departingemployee.write Add and remove users from the departing employee list, including details for departure date.
detectionlists.departingemployeealerts.read View departing employee alert settings.
detectionlists.departingemployeealerts.write Modify departing employee alert settings.
detectionlists.highriskemployee.read View users on the high risk employee list, including notes, attributes, and risk factors.
detectionlists.highriskemployee.write Add and remove users from high risk employee list.
detectionlists.highriskemployeealerts.read View high risk employee alert settings.
detectionlists.highriskemployeealerts.write Modify high risk employee alert settings.
detectionlists.userprofile.read Ability to search for user profiles and get basic user information such as their name, department, and cloud aliases.
detectionlists.userprofile.write Ability to add and remove cloud alias names from a user profile.
detectionlists.userprofilenotes.read Ability to view user notes.
detectionlists.userprofilenotes.write Ability to update user notes.
fileforensics.settings_write Permission to view and edit file forensics related settings.
search.fileevents.read View, search, and export event-level metadata about file and data movement. Includes access to Forensic Search web app and related APIs.
search.saved.read View saved searches that have been created in Forensic Search.
search.saved.write Create, modify, and delete saved searches in Forensic Search.
securitytools.data_read Permission to view data collected by Code42 Security Tools.
securitytools.settings_write Permission to edit settings for Code42 Security Tools.
visualizations.endpointhealth.read View device health information for collection of file events.
visualizations.risksummaries.read View the risk exposure visualizations.

User Modify

Assign this role to help desk personnel who modify user settings in their organization, but who do not modify device or organization settings. This role must be assigned in conjunction with a role that has access to the Code42 console, such as Cross Org Help Desk.

  • Limitations Scope of permissions
    • Cannot add or deactivate users.
    • Cannot update organization settings.
    • The user's organization and its child organizations.
Permissions Description
user.read Permission to view user information.
user.update Permission to update user information.
  • Was this article helpful?