Overview
This article describes the comprehensive set of roles and permissions that can be applied to user accounts, as well as the permissions, limitations, and recommended use cases for each role.
For the most common Incydr roles, see Roles for Incydr. For additional use cases, see Role assignment use cases.
View and edit roles
- Sign in to the Code42 console.
- Go to Administration > Environment > Users.
- Select a user.
The user details appear. - Click Roles.
The roles assigned to the user appear below. - To add or remove roles, click Edit .
- From Edit roles, select or deselect roles as appropriate for that user. See below for detailed descriptions of each role.
- Click Save.
All roles
Available roles vary based on your product plan. In addition, some roles only provide capabilities for managing specific agent types. For example, roles related to backup and restore functionality do not apply to the insider risk agent.
Admin Restore
Assign this role to administrators who restore data for users using the Code42 console. Assign this role in conjunction with a role that has access to the Code42 console, such as PROe User or Desktop User.
-
Limitations
- No access to the Code42 console or Code42 agent.
- File restore only applies to the backup agent.
-
Scope of permissions
- All organizations.
Permissions | Description |
---|---|
restore.all | Permission to perform a full web restore for all devices user has authority to manage. |
restore.limited | Permission to perform a limited size web restore for all devices user has authority to manage. |
restore.personal | Permission to perform a personal web restore. |
Admin Restore Limited
Backup agent only
Assign this role to administrators who restore a limited amount of data for users using the Code42 console. The amount that this role is limited to restore is defined by Web restore limit in organization settings. Assign this role in conjunction with a role that has access to the Code42 console, such as PROe User or Desktop User.
-
Limitations
- No access to the Code42 console or Code42 agent.
-
Scope of permissions
- All organizations.
Permissions | Description |
---|---|
restore.limited | Permission to perform a limited size web restore for all devices user has authority to manage. |
Agent User
Incydr Professional, Enterprise, Horizon, and Gov F2 only
This role is the default role for users in Incydr Professional, Enterprise, Horizon, and Gov F2. People with this role cannot sign in to the Code42 console. This role is assigned at initial user registration.
-
Limitations
- Cannot sign in to the Code42 console.
-
Scope of permissions
- Assigned user.
Permissions | Description |
---|---|
computer.read | Permission to view computer information. |
computer.update | Permission to update computer information. |
Alert Emails
Backup agent only
Assign this role to administrators who want to receive warning and critical alerts emails to monitor the frequency and success of backup operations for their users' devices.
-
Scope of permissions
- All organizations.
Permissions | Description |
---|---|
ReceivesAlert.EMAIL | Permission to receive alert emails. |
Alert Rule Builder
Assign this role to administrators who need to create and modify alert rules.
-
Limitations
- Cannot sign in to the Code42 console.
-
Scope of permissions
- All organizations.
Permissions | Description |
---|---|
alerting.rules.write | Create and modify alert rules. |
Audit Log Viewer
Assign this role to information security personnel who need to review events in the Audit Log.
Incydr Basic, Advanced, and Gov F1 only: Assign this role in conjunction with a role that has access to the Code42 console, such as PROe User or Desktop User.
-
Limitations
- Cannot perform any functions except view the Audit Log.
-
Scope of permissions
- All organizations.
Permissions | Description |
---|---|
auditlog.read | Permission to view Audit Log events. |
Cross Org Admin
Assign this role to administrators who manage users and devices in all organizations, and who need to restore files for users.
-
Limitations
- Has only limited access to the Code42 console command line interface (CLI).
-
Scope of permissions
- All organizations.
Permissions | Description |
---|---|
account.update | For internal use only. |
console.login | Permission to log in to the Code42 console. |
cpd.restore | Permission to restore from the Code42 agent. |
crossorg_computer.all | Permission to access, alter, or remove any computer information across the customer's organization. |
crossorg_computer.delete | Permission to delete any computer across the customer's organization. |
crossorg_computer.read | Permission to view computer information across the customer's organization. |
crossorg_computer.update | Permission to update computer information across the customer's organization. |
crossorg_org.create | Permission to create new parent organizations across the customer's organization. |
crossorg_org.delete | Permission to delete any org across the customer's organization. |
crossorg_org.read | Permission to view organization information across the customer's organization. |
crossorg_org.update_deactivate | Permission to update organization information and deactivate organizations across the customer's organization. |
crossorg_plan.all | Permission to create, read, update and delete plans across the customer's organization. |
crossorg_plan.create | Permission to create plans across the customer's organization. |
crossorg_plan.delete | Permission to delete plans across the customer's organization. |
crossorg_plan.read | Permission to read information about plans across the customer's organization. |
crossorg_plan.update | Permission to update information on plans across the customer's organization. |
crossorg_user.all | Permission to access, alter, or remove any user information across the customer's organization. |
crossorg_user.create | Permission to create users across the customer's organization. |
crossorg_user.delete | Permission to delete users across the customer's organization. |
crossorg_user.read | Permission to view user information across the customer's organization. |
crossorg_user.update | Permission to update user information across the customer's organization. |
fileforensics.settings_write | Permission to view and edit file forensics related settings. |
preservation.archive.purgepath | Permission to remove specified paths and associated file versions from archives. |
pushrestore.all | Permission to perform a push restore from and to any device the user has authority to manage. |
pushrestore.limited | Permission to perform a push restore only to the source user's devices. There is no size limit. |
pushrestore.personal | Permission to perform a personal push restore. |
restore.all | Permission to perform a full web restore for all devices user has authority to manage. |
restore.limited | Permission to perform a limited size web restore for all devices user has authority to manage. |
restore.personal | Permission to perform a personal web restore. |
search.configure | Permission to configure search related settings. |
securitytools.settings_write | Permission to edit settings for Code42 Security Tools. |
select.all | Permission to remotely browse file and directory names for all devices user has authority to manage. Used for remotely selecting push-restore destination and backup sources. |
select.personal | Permission to remotely browse file and directory names for personal devices. Used for remotely selecting push-restore destination and backup sources. |
system.command_restricted | View the CLI and run any command for which the user has permission. |
viewlogs.device | Allows access to agent logs for any device the user has read permissions to |
Cross Org Admin - No Restore
Assign this role to administrators who manage users and devices in all organizations, but who should not restore files for users.
-
Limitations
- Cannot perform push or web restores.
- File restore only applies to the backup agent.
-
Scope of permissions
- All organizations.
Permissions | Description |
---|---|
account.update | For internal use only. |
console.login | Permission to log in to the Code42 console. |
cpd.restore | Permission to restore from the Code42 agent. |
crossorg_computer.all | Permission to access, alter, or remove any computer information across the customer's organization. |
crossorg_computer.delete | Permission to delete any computer across the customer's organization. |
crossorg_computer.read | Permission to view computer information across the customer's organization. |
crossorg_computer.update | Permission to update computer information across the customer's organization. |
crossorg_org.create | Permission to create new parent organizations across the customer's organization. |
crossorg_org.delete | Permission to delete any org across the customer's organization. |
crossorg_org.read | Permission to view organization information across the customer's organization. |
crossorg_org.update_deactivate | Permission to update organization information and deactivate organizations across the customer's organization. |
crossorg_plan.all | Permission to create, read, update and delete plans across the customer's organization. |
crossorg_plan.create | Permission to create plans across the customer's organization. |
crossorg_plan.delete | Permission to delete plans across the customer's organization. |
crossorg_plan.read | Permission to read information about plans across the customer's organization. |
crossorg_plan.update | Permission to update information on plans across the customer's organization. |
crossorg_user.all | Permission to access, alter, or remove any user information across the customer's organization. |
crossorg_user.create | Permission to create users across the customer's organization. |
crossorg_user.delete | Permission to delete users across the customer's organization. |
crossorg_user.read | Permission to view user information across the customer's organization. |
crossorg_user.update | Permission to update user information across the customer's organization. |
fileforensics.settings_write | Permission to view and edit file forensics related settings. |
search.configure | Permission to configure search related settings. |
securitytools.settings_write | Permission to edit settings for Code42 Security Tools. |
select.all | Permission to remotely browse file and directory names for all devices user has authority to manage. Used for remotely selecting push-restore destination and backup sources. |
select.personal | Permission to remotely browse file and directory names for personal devices. Used for remotely selecting push-restore destination and backup sources. |
system.command_restricted | View the CLI and run any command for which the user has permission. |
viewlogs.device | Allows access to agent logs for any device the user has read permissions to |
Cross Org Computer Modify
Incydr Basic, Advanced, and Gov F1 only
Assign this role to individuals who modify device settings in all organizations. Assign in conjunction with Cross Org Help Desk to allow help desk personnel to add and deactivate user devices.
-
Limitations
- Cannot add/deactivate users or organizations.
-
Scope of permissions
- All organizations.
Permissions | Description |
---|---|
crossorg_computer.update | Permission to update computer information across the customer's organization. |
crossorg_user.read | Permission to view user information across the customer's organization. |
Cross Org Help Desk
Incydr Basic, Advanced, and Gov F1 only
Assign this role to help desk personnel who assist others in all organizations, but who cannot change any settings. The people with this role can view users and devices, restore files to the source user's devices using the Code42 console, and use reports to view data. To allow people with this role to add and deactivate user devices, assign this role in conjunction with the Cross Org Computer Modify role.
-
Limitations
- Cannot change settings.
- Cannot add/deactivate users, devices, or organizations.
-
Scope of permissions
- All organizations.
Permissions | Description |
---|---|
console.login | Permission to log in to the Code42 console. |
cpd.restore | Permission to restore from the Code42 agent. |
crossorg_computer.read | Permission to view computer information across the customer's organization. |
crossorg_org.read | Permission to view organization information across the customer's organization. |
crossorg_plan.read | Permission to read information about plans across the customer's organization. |
crossorg_user.read | Permission to view user information across the customer's organization. |
pushrestore.limited | Permission to perform a push restore only to the source user's devices. There is no size limit. |
select.all | Permission to remotely browse file and directory names for all devices user has authority to manage. Used for remotely selecting push-restore destination and backup sources. |
select.personal | Permission to remotely browse file and directory names for personal devices. Used for remotely selecting push-restore destination and backup sources. |
Cross Org Help Desk - No Restore
Incydr Basic, Advanced, and Gov F1 only
Assign this role to help desk personnel who assist others in all organizations, but who do not change any settings or restore files for others. People with this role can view users and devices and use reports to view data.
-
Limitations
- Cannot perform push or web restores.
- Cannot change settings.
- Cannot add/deactivate users, devices, or organizations.
-
Scope of permissions
- All organizations.
Permissions | Description |
---|---|
console.login | Permission to log in to the Code42 console. |
cpd.restore | Permission to restore from the Code42 agent. |
crossorg_computer.read | Permission to view computer information across the customer's organization. |
crossorg_org.read | Permission to view organization information across the customer's organization. |
crossorg_plan.read | Permission to read information about plans across the customer's organization. |
crossorg_user.read | Permission to view user information across the customer's organization. |
Cross Org Legal Admin
Assign this role to legal personnel who place custodians on legal hold and administer legal holds for all organizations. People with this role can restore files for legal hold collection purposes (push restore), view data in reports, and create, modify, and deactivate legal holds.
-
Limitations
- Cannot change settings.
- Cannot add or deactivate users, devices, or organizations.
- Legal hold only applies to the backup agent.
-
Scope of permissions
- All organizations.
Permissions | Description |
---|---|
console.login | Permission to log in to the Code42 console. |
crossorg_computer.read | Permission to view computer information across the customer's organization. |
crossorg_org.read | Permission to view organization information across the customer's organization. |
crossorg_plan.all | Permission to create, read, update and delete plans across the customer's organization. |
crossorg_plan.create | Permission to create plans across the customer's organization. |
crossorg_plan.delete | Permission to delete plans across the customer's organization. |
crossorg_plan.read | Permission to read information about plans across the customer's organization. |
crossorg_plan.update | Permission to update information on plans across the customer's organization. |
crossorg_user.read | Permission to view user information across the customer's organization. |
legalhold.all | Permission to perform any operation regarding any Legal Hold |
legalhold.create | Permission to create a Legal Hold |
legalhold.modify_membership | Permission to add/remove users to/from any Legal Hold |
legalhold.read | Permission to view any Legal Hold |
legalhold.update | Permission to update any Legal Hold |
pushrestore.all | Permission to perform a push restore from and to any device the user has authority to manage. |
pushrestore.limited | Permission to perform a push restore only to the source user's devices. There is no size limit. |
pushrestore.personal | Permission to perform a personal push restore. |
restore.all | Permission to perform a full web restore for all devices user has authority to manage. |
restore.limited | Permission to perform a limited size web restore for all devices user has authority to manage. |
restore.personal | Permission to perform a personal web restore. |
select.all | Permission to remotely browse file and directory names for all devices user has authority to manage. Used for remotely selecting push-restore destination and backup sources. |
select.personal | Permission to remotely browse file and directory names for personal devices. Used for remotely selecting push-restore destination and backup sources. |
Cross Org Manager
Assign this role to executive users who need statistics, but not technical details, about all organizations. People with this role can view users and devices, restore files to the source user's devices using the Code42 console, and view data in reports.
-
Limitations
- Cannot change settings.
- Cannot add/deactivate users, devices, or organizations.
-
Scope of permissions
- All organizations.
Permissions | Description |
---|---|
console.login | Permission to log in to the Code42 console. |
cpd.restore | Permission to restore from the Code42 agent. |
crossorg_computer.read | Permission to view computer information across the customer's organization. |
crossorg_org.read | Permission to view organization information across the customer's organization. |
crossorg_plan.read | Permission to read information about plans across the customer's organization. |
crossorg_user.read | Permission to view user information across the customer's organization. |
pushrestore.personal | Permission to perform a personal push restore. |
restore.limited | Permission to perform a limited size web restore for all devices user has authority to manage. |
restore.personal | Permission to perform a personal web restore. |
select.personal | Permission to remotely browse file and directory names for personal devices. Used for remotely selecting push-restore destination and backup sources. |
Cross Org Security Viewer
Assign this role to information security personnel who need to retrieve information from devices that use endpoint monitoring in all organizations. People with this role can use the Activity Profile to view user activity detected by endpoint monitoring, and view data in reports. This role only applies to customers with the retired Code42 Gold product plan. It must be assigned in conjunction with the Security Center User role.
If this role is assigned to analysts who use Incydr, assign them the Insider Risk Read Only role instead. This role is designed specifically for users of Incydr and only contains permissions for use with Incydr product plans. For directions on assigning roles to Incydr users, see Roles for Incydr.
-
Limitations
- Cannot view security data in features offered by other product plans than the Code42 Gold product plan (for example, Forensic Search, Alerts, risk dashboards, and so on).
- Cannot change settings in organizations.
- Cannot add/deactivate users, devices, or organizations.
-
Scope of permissions
- All organizations.
Permissions | Description |
---|---|
console.login | Permission to log in to the Code42 console. |
crossorg_computer.read | Permission to view computer information across the customer's organization. |
crossorg_org.read | Permission to view organization information across the customer's organization. |
crossorg_plan.read | Permission to read information about plans across the customer's organization. |
crossorg_user.read | Permission to view user information across the customer's organization. |
securitytools.data_read | Permission to view data collected by Code42 Security Tools. |
Cross Org User Modify
Incydr Basic, Advanced, and Gov F1 only
Assign this role to help desk personnel who modify user settings on all organizations, but not device or organization settings. This role must be assigned in conjunction with a role that has access to the Code42 console, such as Cross Org Help Desk.
-
Limitations
- Cannot add or deactivate users.
- Cannot update organization settings.
-
Scope of permissions
- All organizations.
Permissions | Description |
---|---|
crossorg_user.read | Permission to view user information across the customer's organization. |
crossorg_user.update | Permission to update user information across the customer's organization. |
Customer Cloud Admin
Assign this role to "super user" administrators who should have all possible permissions. People with this role have permissions to perform the tasks of any role.
Always assign roles so that users have the lowest level of privilege needed to perform their jobs. Do not assign the Customer Cloud Admin role if another role will provide the desired permissions.
-
Scope of permissions
- All organizations.
Permissions | Description |
---|---|
account.update | For internal use only. |
alerting.alerts.read | View alerts generated. |
alerting.alerts.write | Manage generated alerts, including ability to edit notes and status. |
alerting.rules.read | View rules configured for alerts. |
alerting.rules.write | Create and modify alert rules. |
api_client.read | Permission to view API client information. |
api_client.write | Permission to create, modify and remove API client information. |
auditlog.read | Permission to view Audit Log events. |
cases.content.read | View all case information, including events and findings. |
cases.content.write | Edit all aspects of a case, including add/remove file events, assign subjects, statuses, and add/edit findings. |
client_management.agent_channel_upgrade.read | Permission to read AgentUpgradeChannel information. |
client_management.agent_channel_upgrade.subscribe | Permission to subscribe to an AgentUpgradeChannel. |
client_management.deployment_policy.read | Permission to read DeploymentPolicy information. |
client_management.deployment_policy.write | Permission to write DeploymentPolicy information. |
client_management.device_upgrade.read | Permission to read DeviceUpgrade (DCU) settings. |
client_management.device_upgrade.write | Permission to write DeviceUpgrade (DCU) settings. |
console.login | Permission to log in to the Code42 console. |
cpd.restore | Permission to restore from the Code42 agent. |
crossorg_computer.all | Permission to access, alter, or remove any computer information across the customer's organization. |
crossorg_computer.delete | Permission to delete any computer across the customer's organization. |
crossorg_computer.read | Permission to view computer information across the customer's organization. |
crossorg_computer.update | Permission to update computer information across the customer's organization. |
crossorg_org.create | Permission to create new parent organizations across the customer's organization. |
crossorg_org.delete | Permission to delete any org across the customer's organization. |
crossorg_org.read | Permission to view organization information across the customer's organization. |
crossorg_org.update_deactivate | Permission to update organization information and deactivate organizations across the customer's organization. |
crossorg_org.update_restricted | Permission to update restricted organization information across the customer's organization. |
crossorg_plan.all | Permission to create, read, update and delete plans across the customer's organization. |
crossorg_plan.create | Permission to create plans across the customer's organization. |
crossorg_plan.delete | Permission to delete plans across the customer's organization. |
crossorg_plan.read | Permission to read information about plans across the customer's organization. |
crossorg_plan.update | Permission to update information on plans across the customer's organization. |
crossorg_user.all | Permission to access, alter, or remove any user information across the customer's organization. |
crossorg_user.create | Permission to create users across the customer's organization. |
crossorg_user.delete | Permission to delete users across the customer's organization. |
crossorg_user.read | Permission to view user information across the customer's organization. |
crossorg_user.update | Permission to update user information across the customer's organization. |
customer_admin.all | Permission to configure settings for your entire environment, such as subscription information and single sign-on (SSO). |
dataconnections.fileaccess.read | Create temporary read-only access to specific files in a cloud storage data connection. |
dataconnections.settings.read | View all settings configured for Data Connections. |
dataconnections.settings.write | Add, edit, and remove settings configured for Data Connections. |
dataconnections.sharing.read |
View sharing permissions on files in a cloud storage data connection. |
dataconnections.sharing.write | Revoke sharing permissions on files in a cloud storage data connection. |
datapreferences.settings.read | View all settings configured for Data Preferences. |
datapreferences.settings.write | Add, edit, and remove settings configured for Data Preferences. |
detectionlists.departingemployee.read | View users on the departing employee list, including notes, departure date, attributes, and event counts. |
detectionlists.departingemployee.write | Add and remove users from the departing employee list, including details for departure date. |
detectionlists.departingemployeealerts.read | View departing employee alert settings. |
detectionlists.departingemployeealerts.write | Modify departing employee alert settings. |
detectionlists.highriskemployee.read | View users on the high risk employee list, including notes, attributes, and risk factors. |
detectionlists.highriskemployee.write | Add and remove users from high risk employee list. |
detectionlists.highriskemployeealerts.read | View high risk employee alert settings. |
detectionlists.highriskemployeealerts.write | Modify high risk employee alert settings. |
detectionlists.userprofile.read | Ability to search for user profiles and get basic user information such as their name, department, and cloud aliases. |
detectionlists.userprofile.write | Ability to add and remove cloud alias names from a user profile. |
detectionlists.userprofilenotes.read | Ability to view user notes. |
detectionlists.userprofilenotes.write | Ability to update user notes. |
directory.identity_management.read | View identity management integrations. |
directory.identity_management.write | Create and modify identity management integrations. |
directory.keystore.read | View keystore configuration and status. |
directory.keystore.write | Modify keystore configuration, start migrations. |
directory.uac.elevated_role_manage | Authorize principal to manage role assignments for any customer role. |
email.update | Permission to change customer-specific email settings and content. |
fileforensics.restore | Permission to download (restore) files from within Security Center. |
fileforensics.settings_write | Permission to view and edit file forensics related settings. |
instructor.lesson.read | View and send lessons configured for Instructor. |
instructor.lesson.write | Modify Instructor lesson configuration. |
legalhold.all | Permission to perform any operation regarding any Legal Hold |
legalhold.create | Permission to create a Legal Hold |
legalhold.modify_membership | Permission to add/remove users to/from any Legal Hold |
legalhold.read | Permission to view any Legal Hold |
legalhold.update | Permission to update any Legal Hold |
notify_new_location.all | Permission to view and update whether the user is notified on login from a new location. |
notify_new_location.read | Permission to read whether the user is notified on login from a new location. |
notify_new_location.update | Permission to update whether the user is notified on login from a new location. |
preservation.archive.purgepath | Permission to remove specified paths and associated file versions from archives. |
preservation.metadata.read | Permission to view the preservation manifest for any archive in the organization. |
prioritization.settings.read | View all available risk settings, including the risk indicators and corresponding weights. |
prioritization.settings.write | Edit all aspects of risk settings, including the weight assigned to individual risk indicators. |
pushrestore.all | Permission to perform a push restore from and to any device the user has authority to manage. |
pushrestore.limited | Permission to perform a push restore only to the source user's devices. There is no size limit. |
pushrestore.personal | Permission to perform a personal push restore. |
response.actions.execute | View and execute all response actions. |
restore.all | Permission to perform a full web restore for all devices user has authority to manage. |
restore.limited | Permission to perform a limited size web restore for all devices user has authority to manage. |
restore.personal | Permission to perform a personal web restore. |
search.configure | Permission to configure search related settings. |
search.fileevents.read | View, search, and export event-level metadata about file and data movement. Includes access to Forensic Search web app and related APIs. |
search.saved.read | View saved searches that have been created in Forensic Search. |
search.saved.write | Create, modify, and delete saved searches in Forensic Search. |
securitytools.data_read | Permission to view data collected by Code42 Security Tools. |
securitytools.settings_write | Permission to edit settings for Code42 Security Tools. |
select.all | Permission to remotely browse file and directory names for all devices user has authority to manage. Used for remotely selecting push-restore destination and backup sources. |
select.personal | Permission to remotely browse file and directory names for personal devices. Used for remotely selecting push-restore destination and backup sources. |
support_user.toggle_creation | Permission to enable/disable support user creation. |
system.command_restricted | View the CLI and run any command for which the user has permission. |
twofactorauth.configure | Permission to view and edit two-factor auth settings for local users. |
viewlogs.device | Allows access to agent logs for any device the user has read permissions to |
visualizations.endpointhealth.read | View device health information for collection of file events. |
visualizations.risksummaries.read | View the risk exposure visualizations. |
Departing Employee Manager
Assign this role to people who add or remove users in the Departing watchlist. (The High Risk Employee Manager role is required to add or remove users in other watchlists.) This role is intended to augment the Insider Risk Analyst role.
-
Limitations
- Cannot perform any administrator actions beyond managing users in the Departing watchlist.
-
Scope of permissions
- Assigned user.
Permissions | Description |
---|---|
console.login | Permission to log in to the Code42 console. |
crossorg_org.read | Permission to view organization information across the customer's organization. |
crossorg_user.read | Permission to view user information across the customer's organization. |
detectionlists.departingemployee.read | View users on the departing employee list, including notes, departure date, attributes, and event counts. |
detectionlists.departingemployee.write | Add and remove users from the departing employee list, including details for departure date. |
detectionlists.departingemployeealerts.read | View departing employee alert settings. |
detectionlists.departingemployeealerts.write | Modify departing employee alert settings. |
detectionlists.userprofile.read | Ability to search for user profiles and get basic user information such as their name, department, and cloud aliases. |
detectionlists.userprofile.write | Ability to add and remove cloud alias names from a user profile. |
detectionlists.userprofilenotes.read | Ability to view user notes. |
detectionlists.userprofilenotes.write | Ability to update user notes. |
Desktop User
Backup agent only
This role is the default role for Code42 agent users. People with this role can sign in to the Code42 agent, select files for backup in the Code42 agent, and restore files from the Code42 agent.
-
Limitations
- Cannot interact with other users' data or change settings in the Code42 environment.
-
Scope of permissions
- Assigned user.
Permissions | Description |
---|---|
cpd.restore | Permission to restore from the Code42 agent. |
plan.create | Permission to create plans within a user's organization hierarchy. |
restore.personal | Permission to perform a personal web restore. |
select.personal | Permission to remotely browse file and directory names for personal devices. Used for remotely selecting push-restore destination and backup sources. |
Desktop User - No Web Restore
Backup agent only
Assign this role to users of the Code42 agent who do not need to perform restores using the Code42 console. People with this role can still restore files from the Code42 agent and select files for backup in the Code42 agent.
-
Limitations
- Cannot interact with other users' data or change settings.
- Cannot perform web restores.
-
Scope of permissions
- Assigned user.
Permissions | Description |
---|---|
cpd.restore | Permission to restore from the Code42 agent. |
select.personal | Permission to remotely browse file and directory names for personal devices. Used for remotely selecting push-restore destination and backup sources. |
High Risk Employee Manager
Assign this role to people who add or remove users in all watchlists except for the Departing watchlist, which requires the Departing Employee Manager role. This role is intended to augment the Insider Risk Analyst role.
-
Limitations
- Cannot perform any administrator actions beyond managing users in watchlists.
- Cannot manage users in the Departing watchlist.
-
Scope of permissions
- Assigned user.
Permissions | Description |
---|---|
console.login | Permission to log in to the Code42 console. |
crossorg_org.read | Permission to view organization information across the customer's organization. |
crossorg_user.read | Permission to view user information across the customer's organization. |
detectionlists.highriskemployee.read | View users on the high risk employee list, including notes, attributes, and risk factors. |
detectionlists.highriskemployee.write | Add and remove users from high risk employee list. |
detectionlists.highriskemployeealerts.read | View high risk employee alert settings. |
detectionlists.highriskemployeealerts.write | Modify high risk employee alert settings. |
detectionlists.userprofile.read | Ability to search for user profiles and get basic user information such as their name, department, and cloud aliases. |
detectionlists.userprofile.write | Ability to add and remove cloud alias names from a user profile. |
detectionlists.userprofilenotes.read | Ability to view user notes. |
detectionlists.userprofilenotes.write | Ability to update user notes. |
Identity Management Administrator
Assign this role to an administrator whose work is limited to setup and maintenance of Identity Management. People assigned this role can configure single sign-on and provisioning.
This role is intended to augment the Security Administrator role, or to be used as a standalone role.
-
Limitations
- Cannot use Incydr features.
-
Scope of permissions
- All organizations.
Permissions | Description |
---|---|
console.login | Permission to log in to the Code42 console. |
directory.identity_management.read | View identity management integrations. |
directory.identity_management.write | Create and modify identity management integrations. |
directory.uac.elevated_role_manage | Authorize principal to manage role assignments for any customer role. |
Insider Risk Admin
Assign this role to administrators who need read and write access to all Incydr functionality. The person with this role typically is the administrator responsible for managing the team of insider risk analysts, and assigns the Insider Risk Analyst and Insider Risk Read Only roles.
For Incydr users currently assigned the Security Center User role, assign them either this role or the Insider Risk Analyst role instead, depending on their responsibilities. These roles are designed specifically for users of Incydr and only contain permissions for use with Incydr product plans. For directions on assigning roles to Incydr users, see Roles for Incydr.
-
Limitations
- Cannot restore files from Forensic Search (requires the Security Center - Restore role).
- Cannot view the Audit Log (requires the Audit Log Viewer role).
- Cannot add/deactivate users, devices, or organizations.
-
Scope of permissions
- All organizations.
Permissions | Description |
---|---|
alerting.alerts.read | View alerts generated. |
alerting.alerts.write | Manage generated alerts, including ability to edit notes and status. |
alerting.rules.read | View rules configured for alerts. |
alerting.rules.write | Create and modify alert rules. |
cases.content.read | View all case information, including events and findings. |
cases.content.write | Edit all aspects of a case, including add/remove file events, assign subjects, statuses, and add/edit findings. |
console.login | Permission to log in to the Code42 console. |
dataconnections.settings.read | View all settings configured for Data Connections. |
dataconnections.sharing.read |
View sharing permissions on files in a cloud storage data connection. |
dataconnections.sharing.write | Revoke sharing permissions on files in a cloud storage data connection. |
datapreferences.settings.read | View all settings configured for Data Preferences. |
datapreferences.settings.write | Add, edit, and remove settings configured for Data Preferences. |
detectionlists.departingemployee.read | View users on the departing employee list, including notes, departure date, attributes, and event counts. |
detectionlists.departingemployee.write | Add and remove users from the departing employee list, including details for departure date. |
detectionlists.departingemployeealerts.read | View departing employee alert settings. |
detectionlists.departingemployeealerts.write | Modify departing employee alert settings. |
detectionlists.highriskemployee.read | View users on the high risk employee list, including notes, attributes, and risk factors. |
detectionlists.highriskemployee.write | Add and remove users from high risk employee list. |
detectionlists.highriskemployeealerts.read | View high risk employee alert settings. |
detectionlists.highriskemployeealerts.write | Modify high risk employee alert settings. |
detectionlists.userprofile.read | Ability to search for user profiles and get basic user information such as their name, department, and cloud aliases. |
detectionlists.userprofile.write | Ability to add and remove cloud alias names from a user profile. |
detectionlists.userprofilenotes.read | Ability to view user notes. |
detectionlists.userprofilenotes.write | Ability to update user notes. |
instructor.lesson.read | View and send lessons configured for Instructor. |
instructor.lesson.write | Modify Instructor lesson configuration. |
messageservices.configuration.read | View message services configurations. |
preservation.archive.purgepath | Permission to remove specified paths and associated file versions from archives. |
prioritization.settings.read | View all available risk settings, including the risk indicators and corresponding weights. |
prioritization.settings.write | Edit all aspects of risk settings, including the weight assigned to individual risk indicators. |
search.fileevents.read | View, search, and export event-level metadata about file and data movement. Includes access to Forensic Search web app and related APIs. |
search.saved.read | View saved searches that have been created in Forensic Search. |
search.saved.write | Create, modify, and delete saved searches in Forensic Search. |
visualizations.endpointhealth.read | View device health information for collection of file events. |
visualizations.risksummaries.read | View the risk exposure visualizations. |
Insider Risk Analyst
Assign this role to analysts responsible for using Incydr to investigate and respond to insider risks. The people assigned this role perform investigations with Forensic Search, create cases, create alert rules, and view alert notifications. For directions on assigning roles to Incydr users, see Roles for Incydr.
-
Limitations
- Cannot access the watchlists (requires the High Risk Employee Manager and/or Departing Employee Manager roles).
- Cannot restore files from Forensic Search (requires the Security Center - Restore role).
- Cannot view the Audit Log (requires the Audit Log Viewer role).
- Cannot add/deactivate users, devices, or organizations.
-
Scope of permissions
- All organizations.
Permissions | Description |
---|---|
alerting.alerts.read | View alerts generated. |
alerting.alerts.write | Manage generated alerts, including ability to edit notes and status. |
alerting.rules.read | View rules configured for alerts. |
alerting.rules.write | Create and modify alert rules. |
cases.content.read | View all case information, including events and findings. |
cases.content.write | Edit all aspects of a case, including add/remove file events, assign subjects, statuses, and add/edit findings. |
console.login | Permission to log in to the Code42 console. |
dataconnections.settings.read | View all settings configured for Data Connections. |
dataconnections.sharing.read |
View sharing permissions on files in a cloud storage data connection. |
datapreferences.settings.read | View all settings configured for Data Preferences. |
datapreferences.settings.write | Add, edit, and remove settings configured for Data Preferences. |
detectionlists.userprofile.read | Ability to search for user profiles and get basic user information such as their name, department, and cloud aliases. |
detectionlists.userprofile.write | Ability to add and remove cloud alias names from a user profile. |
detectionlists.userprofilenotes.read | Ability to view user notes. |
detectionlists.userprofilenotes.write | Ability to update user notes. |
instructor.lesson.read | View and send lessons configured for Instructor. |
instructor.lesson.write | Modify Instructor lesson configuration. |
messageservices.configuration.read | View message services configurations. |
prioritization.settings.read | View all available risk settings, including the risk indicators and corresponding weights. |
prioritization.settings.write | Edit all aspects of risk settings, including the weight assigned to individual risk indicators. |
search.fileevents.read | View, search, and export event-level metadata about file and data movement. Includes access to Forensic Search web app and related APIs. |
search.saved.read | View saved searches that have been created in Forensic Search. |
search.saved.write | Create, modify, and delete saved searches in Forensic Search. |
visualizations.endpointhealth.read | View device health information for collection of file events. |
visualizations.risksummaries.read | View the risk exposure visualizations. |
Insider Risk Read Only
Assign this role to people who need to keep informed about insider risk investigations in Incydr, but who should not create alert rules, cases, or saved searches. For example, assign it to a junior analyst to allow them to perform light investigations, or assign it to the CISO or Chief Privacy Officer to allow them read-only access. People assigned this role can view information in Incydr, including watchlists, dashboards, alerts, and cases. For directions on assigning roles to Incydr users, see Roles for Incydr.
-
Limitations
- View-only capabilities; cannot make any changes in Incydr.
- Cannot view the Audit Log (requires the Audit Log Viewer role).
- Cannot add/deactivate users, devices, or organizations.
-
Scope of permissions
- All organizations.
Permissions | Description |
---|---|
alerting.alerts.read | View alerts generated. |
alerting.rules.read | View rules configured for alerts. |
cases.content.read | View all case information, including events and findings. |
console.login | Permission to log in to the Code42 console. |
dataconnections.settings.read | View all settings configured for Data Connections. |
dataconnections.sharing.read |
View sharing permissions on files in a cloud storage data connection. |
datapreferences.settings.read | View all settings configured for Data Preferences. |
detectionlists.departingemployee.read | View users on the departing employee list, including notes, departure date, attributes, and event counts. |
detectionlists.departingemployeealerts.read | View departing employee alert settings. |
detectionlists.highriskemployee.read | View users on the high risk employee list, including notes, attributes, and risk factors. |
detectionlists.highriskemployeealerts.read | View high risk employee alert settings. |
detectionlists.userprofile.read | Ability to search for user profiles and get basic user information such as their name, department, and cloud aliases. |
detectionlists.userprofilenotes.read | Ability to view user notes. |
instructor.lesson.read | View and send lessons configured for Instructor. |
messageservices.configuration.read | View message services configurations. |
prioritization.settings.read | View all available risk settings, including the risk indicators and corresponding weights. |
search.fileevents.read | View, search, and export event-level metadata about file and data movement. Includes access to Forensic Search web app and related APIs. |
search.saved.read | View saved searches that have been created in Forensic Search. |
visualizations.endpointhealth.read | View device health information for collection of file events. |
visualizations.risksummaries.read | View the risk exposure visualizations. |
Insider Risk Respond
Assign this role to people allowed to use the Actions menu to respond to insider risk events. This role is intended to augment the Insider Risk Analyst role.
-
Limitations
- Cannot add/deactivate users, devices, or organizations.
-
Scope of permissions
- All organizations.
Permissions | Description |
---|---|
dataconnections.sharing.write | Revoke sharing permissions on files in a cloud storage data connection. |
instructor.lesson.read | View and send lessons configured for Instructor. |
response.actions.execute | View and execute all response actions. |
Manifest Viewer
Backup agent only
Assign this role to people who need to access backup archive metadata so they can generate reports on files and their versions. This role is used only by APIs.
-
Limitations
- Does not directly grant access to view or manage users and organizations.
-
Scope of permissions
- Used solely by APIs.
- Allows access to archives for all organizations.
Permissions | Description |
---|---|
preservation.metadata.read | Permission to view the preservation manifest for any archive in the organization. |
Multi-Factor Auth Admin
Assign this role to administrators who manage two-factor authentication for local users within a specific organization. Assign this role in conjunction with an administrative role with organization and user access rights such as Org Admin.
-
Limitations
- Does not directly grant access to view or manage users and organizations.
-
Scope of permissions
- The user's organization and its child organizations.
Permissions | Description |
---|---|
twofactorauth.configure | Permission to view and edit two-factor auth settings for local users. |
Org Admin
Assign this role to administrators who manage users and devices within a specific organization. The person assigned this role can perform web restores, view data in reports, and update settings for users, devices, and organizations.
-
Limitations
- Limited access to the Code42 console command line interface (CLI).
-
Scope of permissions
- The user's organization and its child organizations.
Permissions | Description |
---|---|
account.update | For internal use only. |
computer.all | Permission to access, alter, or remove any computer information. |
computer.delete | Permission to delete computer. |
computer.read | Permission to view computer information. |
computer.update | Permission to update computer information. |
console.login | Permission to log in to the Code42 console. |
cpd.restore | Permission to restore from the Code42 agent. |
fileforensics.settings_write | Permission to view and edit file forensics related settings. |
org.create | Permission to create child organizations within user's organization. |
org.delete | Permission to delete information within user's organization. |
org.read | Permission to view org information within user's organization. |
org.update_deactivate | Permission to update information within a user's organization and deactivate organizations. |
plan.all | Permission to create, read, update and delete plans within a user's organization hierarchy. |
plan.create | Permission to create plans within a user's organization hierarchy. |
plan.delete | Permission to delete plans from a user's organization hierarchy. |
plan.read | Permission to read information about plans within a user's organization hierarchy. |
plan.update | Permission to update information on plans within a user's organization hierarchy. |
preservation.archive.purgepath | Permission to remove specified paths and associated file versions from archives. |
pushrestore.all | Permission to perform a push restore from and to any device the user has authority to manage. |
pushrestore.limited | Permission to perform a push restore only to the source user's devices. There is no size limit. |
pushrestore.personal | Permission to perform a personal push restore. |
restore.all | Permission to perform a full web restore for all devices user has authority to manage. |
restore.limited | Permission to perform a limited size web restore for all devices user has authority to manage. |
restore.personal | Permission to perform a personal web restore. |
search.configure | Permission to configure search related settings. |
securitytools.settings_write | Permission to edit settings for Code42 Security Tools. |
select.all | Permission to remotely browse file and directory names for all devices user has authority to manage. Used for remotely selecting push-restore destination and backup sources. |
select.personal | Permission to remotely browse file and directory names for personal devices. Used for remotely selecting push-restore destination and backup sources. |
system.command_restricted | View the CLI and run any command for which the user has permission. |
user.all | Permission to access, alter or remove any user information. |
user.create | Permission to create users. |
user.delete | Permission to delete users. |
user.read | Permission to view user information. |
user.update | Permission to update user information. |
viewlogs.device | Allows access to agent logs for any device the user has read permissions to |
Org Admin - No Web Restore
Incydr Basic, Advanced, and Gov F1 only
Assign this role to administrators who manage users and devices within a specific organization and who do not perform web restores. The person assigned this role can update settings for users, devices, and organizations.
-
Limitations
- Cannot add/deactivate users or computers outside their organization.
- Limited access to the Code42 console command line interface (CLI).
- Cannot perform web restores.
-
Scope of permissions
- The user's organization and its child organizations.
Permissions | Description |
---|---|
account.update | For internal use only. |
computer.all | Permission to access, alter, or remove any computer information. |
computer.delete | Permission to delete computer. |
computer.read | Permission to view computer information. |
computer.update | Permission to update computer information. |
console.login | Permission to log in to the Code42 console. |
cpd.restore | Permission to restore from the Code42 agent. |
fileforensics.settings_write | Permission to view and edit file forensics related settings. |
org.create | Permission to create child organizations within user's organization. |
org.delete | Permission to delete information within user's organization. |
org.read | Permission to view org information within user's organization. |
org.update_deactivate | Permission to update information within a user's organization and deactivate organizations. |
plan.all | Permission to create, read, update and delete plans within a user's organization hierarchy. |
plan.create | Permission to create plans within a user's organization hierarchy. |
plan.delete | Permission to delete plans from a user's organization hierarchy. |
plan.read | Permission to read information about plans within a user's organization hierarchy. |
plan.update | Permission to update information on plans within a user's organization hierarchy. |
pushrestore.all | Permission to perform a push restore from and to any device the user has authority to manage. |
pushrestore.limited | Permission to perform a push restore only to the source user's devices. There is no size limit. |
pushrestore.personal | Permission to perform a personal push restore. |
search.configure | Permission to configure search related settings. |
securitytools.settings_write | Permission to edit settings for Code42 Security Tools. |
select.all | Permission to remotely browse file and directory names for all devices user has authority to manage. Used for remotely selecting push-restore destination and backup sources. |
select.personal | Permission to remotely browse file and directory names for personal devices. Used for remotely selecting push-restore destination and backup sources. |
system.command_restricted | View the CLI and run any command for which the user has permission. |
user.all | Permission to access, alter or remove any user information. |
user.create | Permission to create users. |
user.delete | Permission to delete users. |
user.read | Permission to view user information. |
user.update | Permission to update user information. |
viewlogs.device | Allows access to agent logs for any device the user has read permissions to |
Org Computer Modify
Incydr Basic, Advanced, and Gov F1 only
Assign this role to individuals who modify device settings in their organization. Assign in conjunction with Org Help Desk to enable help desk personnel to add and deactivate user devices.
-
Limitations
- Cannot modify settings of devices in other organizations.
- Cannot add/deactivate users or organizations.
-
Scope of permissions
- All organizations.
Permissions | Description |
---|---|
computer.update | Permission to update computer information. |
user.read | Permission to view user information. |
Org Help Desk
Incydr Basic, Advanced, and Gov F1 only
Assign this role to help desk personnel who assist others in their organization, but who do not change any settings. The people with this role can view users and devices, restore files to the source user's devices using the Code42 console, and use reports to view data. To allow people with this role to add and deactivate devices, assign this role in conjunction with the Org Computer Modify role.
-
Limitations
- Cannot change settings.
- Cannot add/deactivate users, devices, or organizations.
-
Scope of permissions
- The user's organization and its child organizations.
Permissions | Description |
---|---|
computer.read | Permission to view computer information. |
console.login | Permission to log in to the Code42 console. |
cpd.restore | Permission to restore from the Code42 agent. |
org.read | Permission to view org information within user's organization. |
plan.read | Permission to read information about plans within a user's organization hierarchy. |
pushrestore.limited | Permission to perform a push restore only to the source user's devices. There is no size limit. |
select.all | Permission to remotely browse file and directory names for all devices user has authority to manage. Used for remotely selecting push-restore destination and backup sources. |
select.personal | Permission to remotely browse file and directory names for personal devices. Used for remotely selecting push-restore destination and backup sources. |
user.read | Permission to view user information. |
Org Help Desk - No Restore
Incydr Basic, Advanced, and Gov F1 only
Assign this role to help desk personnel who assist others in their organization, but who do not change any settings or restore files for others. People with this role can view users and devices.
-
Limitations
- Cannot perform push or web restores.
- Cannot change settings.
- Cannot add/deactivate users, devices, or organizations.
-
Scope of permissions
- The user's organization and its child organizations.
Permissions | Description |
---|---|
computer.read | Permission to view computer information. |
console.login | Permission to log in to the Code42 console. |
cpd.restore | Permission to restore from the Code42 agent. |
org.read | Permission to view org information within user's organization. |
plan.read | Permission to read information about plans within a user's organization hierarchy. |
user.read | Permission to view user information. |
Org Legal Admin
Assign this role to legal personnel who place custodians on legal hold and administer legal holds for all organizations, but who only need to restore files from users within their organization. People with this role can restore files for legal hold collection purposes (push restore), and create, modify, and deactivate legal holds.
-
Limitations
- Cannot change settings.
- Cannot add/deactivate users, devices, or organizations.
- Legal holds only apply to the backup agent.
-
Scope of permissions
- The user's organization and its child organizations.
Permissions | Description |
---|---|
computer.read | Permission to view computer information. |
console.login | Permission to log in to the Code42 console. |
legalhold.all | Permission to perform any operation regarding any Legal Hold |
legalhold.create | Permission to create a Legal Hold |
legalhold.modify_membership | Permission to add/remove users to/from any Legal Hold |
legalhold.read | Permission to view any Legal Hold |
legalhold.update | Permission to update any Legal Hold |
org.read | Permission to view org information within user's organization. |
plan.all | Permission to create, read, update and delete plans within a user's organization hierarchy. |
plan.create | Permission to create plans within a user's organization hierarchy. |
plan.delete | Permission to delete plans from a user's organization hierarchy. |
plan.read | Permission to read information about plans within a user's organization hierarchy. |
plan.update | Permission to update information on plans within a user's organization hierarchy. |
pushrestore.all | Permission to perform a push restore from and to any device the user has authority to manage. |
pushrestore.limited | Permission to perform a push restore only to the source user's devices. There is no size limit. |
pushrestore.personal | Permission to perform a personal push restore. |
restore.all | Permission to perform a full web restore for all devices user has authority to manage. |
restore.limited | Permission to perform a limited size web restore for all devices user has authority to manage. |
restore.personal | Permission to perform a personal web restore. |
select.all | Permission to remotely browse file and directory names for all devices user has authority to manage. Used for remotely selecting push-restore destination and backup sources. |
select.personal | Permission to remotely browse file and directory names for personal devices. Used for remotely selecting push-restore destination and backup sources. |
user.read | Permission to view user information. |
Org Manager
Assign this role to executive users who need statistics, but not technical details, about their organization. People with this role can view users and devices, restore files to the source user's devices using the Code42 console, and view data in reports.
-
Limitations
- Cannot change settings.
- Cannot add/deactivate users, devices, or organizations.
-
Scope of permissions
- The user's organization and its child organizations.
Permissions | Description |
---|---|
computer.read | Permission to view computer information. |
console.login | Permission to log in to the Code42 console. |
cpd.restore | Permission to restore from the Code42 agent. |
org.read | Permission to view org information within user's organization. |
plan.read | Permission to read information about plans within a user's organization hierarchy. |
pushrestore.personal | Permission to perform a personal push restore. |
restore.limited | Permission to perform a limited size web restore for all devices user has authority to manage. |
restore.personal | Permission to perform a personal web restore. |
select.personal | Permission to remotely browse file and directory names for personal devices. Used for remotely selecting push-restore destination and backup sources. |
user.read | Permission to view user information. |
viewlogs.device | Allows access to agent logs for any device the user has read permissions to |
Org Security Viewer
Assign this role to information security personnel who need to retrieve information from devices that use endpoint monitoring in their organization. People with this role can use the Activity Profile to view user activity detected by endpoint monitoring, and can view data in reports. This role only applies to customers with the retired Code42 Gold product plan. It must be assigned in conjunction with the Security Center User role.
If this role is assigned to analysts who use Incydr, assign them the Insider Risk Read Only role instead. This role is designed specifically for users of Incydr and only contains permissions for use with Incydr product plans. For directions on assigning roles to Incydr users, see Roles for Incydr.
-
Limitations
- Cannot view security data in features offered by other product plans than the Code42 Gold product plan (for example, Forensic Search, Alerts, risk dashboards, and so on).
- Does not restrict access by organization for security data features in non-Code42 Gold product plans.
- Cannot change settings in the organization.
- Cannot add/deactivate users, devices, or organizations.
-
Scope of permissions
- The user's organization and its child organizations.
Permissions | Description |
---|---|
computer.read | Permission to view computer information. |
console.login | Permission to log in to the Code42 console. |
org.read | Permission to view org information within user's organization. |
plan.read | Permission to read information about plans within a user's organization hierarchy. |
securitytools.data_read | Permission to view data collected by Code42 Security Tools. |
user.read | Permission to view user information. |
PROe User
This role is the default role for Code42 console users. People with this role can sign in to the Code42 console and restore files from the Code42 console.
-
Limitations
- Cannot access other Code42 console information or functions.
- Applies only to users of the backup agent.
-
Scope of permissions
- Assigned user.
Permissions | Description |
---|---|
console.login | Permission to log in to the Code42 console. |
cpd.restore | Permission to restore from the Code42 agent. |
Push Restore
Assign this role to help desk personnel who assist others with restoring data. People with this role can restore files from the Code42 console and view files within backup archives. Assign this role in conjunction with a role that has access to the Code42 console, such as Org Help Desk.
-
Limitations
- Cannot add/deactivate users, organizations, or devices.
- Push restore only applies to the backup agent.
-
Scope of permissions
- All organizations.
Permissions | Description |
---|---|
pushrestore.all | Permission to perform a push restore from and to any device the user has authority to manage. |
pushrestore.limited | Permission to perform a push restore only to the source user's devices. There is no size limit. |
pushrestore.personal | Permission to perform a personal push restore. |
select.all | Permission to remotely browse file and directory names for all devices user has authority to manage. Used for remotely selecting push-restore destination and backup sources. |
select.personal | Permission to remotely browse file and directory names for personal devices. Used for remotely selecting push-restore destination and backup sources. |
Remote File Selection
Backup agent only
Assign this role to help desk personnel who monitor backups by viewing files within backup archives. Assign this role in conjunction with a role that has access to the Code42 console, such as Org Help Desk - No Restore.
-
Limitations
- Cannot add/deactivate users, organizations, or devices.
-
Scope of permissions
- All organizations.
Permissions | Description |
---|---|
select.all | Permission to remotely browse file and directory names for all devices user has authority to manage. Used for remotely selecting push-restore destination and backup sources. |
select.personal | Permission to remotely browse file and directory names for personal devices. Used for remotely selecting push-restore destination and backup sources. |
Security Administrator
Assign this role to an administrator whose work is limited to setup and maintenance of the Incydr installation. People assigned this role can configure data connections and perform agent management jobs that include agent downloads, deployment policies, customizations, and Code42 agent upgrades.
Assign this role instead of the Customer Cloud Admin role if the administrator's job is limited to setup and maintenance of the Incydr installation. For more information on assigning roles for Incydr, see Roles for Incydr.
-
Limitations
- Cannot use Incydr features.
-
Scope of permissions
- All organizations.
Permissions | Description |
---|---|
client_management.agent_channel_upgrade.read | Permission to read AgentUpgradeChannel information. |
client_management.agent_channel_upgrade.subscribe | Permission to subscribe to an AgentUpgradeChannel. |
client_management.deployment_policy.read | Permission to read DeploymentPolicy information. |
client_management.deployment_policy.write | Permission to write DeploymentPolicy information. |
client_management.device_upgrade.read | Permission to read DeviceUpgrade (DCU) settings. |
client_management.device_upgrade.write | Permission to write DeviceUpgrade (DCU) settings. |
console.login | Permission to log in to the Code42 console. |
customer_admin.all | Permission to configure settings for your entire environment, such as subscription information and single sign-on (SSO). |
dataconnections.settings.read | View all settings configured for Data Connections. |
dataconnections.settings.write | Add, edit, and remove settings configured for Data Connections. |
messageservices.configuration.read | View message services configurations. |
messageservices.configuration.write | Modify message services configurations. |
Security Center - Restore
Assign this role to allow information security personnel to:
- Download files captured from a user's endpoint.
- Obtain temporary access to files in cloud storage data connections.
With this role, links to the file contents appear in the file event details. To restrict access to only cloud or endpoint files, assign the Security Center - Restore - Cloud or Security Center - Restore - Endpoint role instead.
Assign in conjunction with an administrative role such as Insider Risk Admin or Insider Risk Analyst. For directions on assigning roles to Incydr users, see Roles for Incydr.
-
Limitations
- Does not directly grant access to view or manage other users.
-
Scope of permissions
- The user's organization and its child organizations.
Permissions | Description |
---|---|
fileforensics.restore | Permission to download (restore) files from within the Code42 console. |
dataconnections.fileaccess.read | Create temporary read-only access to specific files in a cloud storage data connection. |
Security Center - Restore - Cloud
Assign this role to allow information security personnel to:
- Obtain temporary access to files in cloud storage data connections.
With this role, links to the file contents appear in the file event details.
Assign in conjunction with an administrative role such as Insider Risk Admin or Insider Risk Analyst. For directions on assigning roles to Incydr users, see Roles for Incydr.
-
Limitations
- Does not directly grant access to view or manage other users.
- Cannot download files captured from a user's endpoint.
-
Scope of permissions
- The user's organization and its child organizations.
Permissions | Description |
---|---|
dataconnections.fileaccess.read | Create temporary read-only access to specific files in a cloud storage data connection. |
Security Center - Restore - Endpoint
Assign this role to allow information security personnel to:
- Download files captured from a user's endpoint.
With this role, links to the file contents appear in the file event details.
Assign in conjunction with an administrative role such as Insider Risk Admin or Insider Risk Analyst. For directions on assigning roles to Incydr users, see Roles for Incydr.
-
Limitations
- Does not directly grant access to view or manage other users.
- Cannot access files in cloud storage data connections.
-
Scope of permissions
- The user's organization and its child organizations.
Permissions | Description |
---|---|
fileforensics.restore | Permission to download (restore) files from within the Code42 console. |
Security Center User
Incydr Basic, Advanced, and Gov F1 only
Assign this role to information security personnel who need to view user activity detected by endpoint monitoring and who manage activity profiles. This role only applies to customers with the retired Code42 Gold product plan.
If this role is assigned to administrators or analysts who use Incydr, assign them either the Insider Risk Admin or Insider Risk Analyst role instead, depending on their responsibilities. These roles are designed specifically for users of Incydr and only contain permissions for use with Incydr product plans. For directions on assigning roles to Incydr users, see Roles for Incydr.
-
Limitations
- Cannot change settings.
- Cannot add/deactivate users, devices, or organizations.
- Cannot restore files from Forensic Search (requires the Security Center - Restore role).
-
Scope of permissions
- All organizations.
Permissions | Description |
---|---|
alerting.alerts.read | View alerts generated. |
alerting.alerts.write | Manage generated alerts, including ability to edit notes and status. |
alerting.rules.read | View rules configured for alerts. |
alerting.rules.write | Create and modify alert rules. |
cases.content.read | View all case information, including events and findings. |
cases.content.write | Edit all aspects of a case, including add/remove file events, assign subjects, statuses, and add/edit findings. |
crossorg_org.read | Permission to view organization information across the customer's organization. |
crossorg_user.read | Permission to view user information across the customer's organization. |
datapreferences.settings.read | View all settings configured for Data Preferences. |
datapreferences.settings.write | Add, edit, and remove settings configured for Data Preferences. |
detectionlists.departingemployee.read | View users on the departing employee list, including notes, departure date, attributes, and event counts. |
detectionlists.departingemployee.write | Add and remove users from the departing employee list, including details for departure date. |
detectionlists.departingemployeealerts.read | View departing employee alert settings. |
detectionlists.departingemployeealerts.write | Modify departing employee alert settings. |
detectionlists.highriskemployee.read | View users on the high risk employee list, including notes, attributes, and risk factors. |
detectionlists.highriskemployee.write | Add and remove users from high risk employee list. |
detectionlists.highriskemployeealerts.read | View high risk employee alert settings. |
detectionlists.highriskemployeealerts.write | Modify high risk employee alert settings. |
detectionlists.userprofile.read | Ability to search for user profiles and get basic user information such as their name, department, and cloud aliases. |
detectionlists.userprofile.write | Ability to add and remove cloud alias names from a user profile. |
detectionlists.userprofilenotes.read | Ability to view user notes. |
detectionlists.userprofilenotes.write | Ability to update user notes. |
fileforensics.settings_write | Permission to view and edit file forensics related settings. |
prioritization.settings.read | View all available risk settings, including the risk indicators and corresponding weights. |
search.fileevents.read | View, search, and export event-level metadata about file and data movement. Includes access to Forensic Search web app and related APIs. |
search.saved.read | View saved searches that have been created in Forensic Search. |
search.saved.write | Create, modify, and delete saved searches in Forensic Search. |
securitytools.data_read | Permission to view data collected by Code42 Security Tools. |
securitytools.settings_write | Permission to edit settings for Code42 Security Tools. |
visualizations.endpointhealth.read | View device health information for collection of file events. |
visualizations.risksummaries.read | View the risk exposure visualizations. |
User Modify
Assign this role to help desk personnel who modify user settings in their organization, but who do not modify device or organization settings. This role must be assigned in conjunction with a role that has access to the Code42 console, such as Cross Org Help Desk.
-
Limitations
- Cannot add or deactivate users.
- Cannot update organization settings.
-
Scope of permissions
- The user's organization and its child organizations.
Permissions | Description |
---|---|
user.read | Permission to view user information. |
user.update | Permission to update user information. |