Roles reference

Overview

This article describes the comprehensive set of roles and permissions that can be applied to user accounts, as well as the permissions, limitations, and recommended use cases for each role. 

For the most common Incydr roles, see Roles for Incydr. For additional use cases, see Role assignment use cases.

View and edit roles

  1. Sign in to the Code42 console.
  2. Go to Administration > Environment > Users.
  3. Select a user.
    The user details appear.
  4. Click Roles.
    The roles assigned to the user appear below.
  5. To add or remove roles, click Edit Edit icon.
  6. From Edit roles, select or deselect roles as appropriate for that user. See below for detailed descriptions of each role.
  7. Click Save.

All roles

Available roles vary based on your product plan. In addition, some roles only provide capabilities for managing specific agent types. For example, roles related to backup and restore functionality do not apply to the insider risk agent.

Admin Restore

Assign this role to administrators who restore data for users using the Code42 console. Assign this role in conjunction with a role that has access to the Code42 console, such as PROe User or Desktop User.

  • Limitations 
    • No access to the Code42 console or Code42 agent.
    • File restore only applies to the backup agent.
  • Scope of permissions
    • All organizations.
Permissions Description
restore.all Permission to perform a full web restore for all devices user has authority to manage.
restore.limited Permission to perform a limited size web restore for all devices user has authority to manage.
restore.personal Permission to perform a personal web restore.

Admin Restore Limited

Backup agent only

Assign this role to administrators who restore a limited amount of data for users using the Code42 console. The amount that this role is limited to restore is defined by Web restore limit in organization settings. Assign this role in conjunction with a role that has access to the Code42 console, such as PROe User or Desktop User.

  • Limitations 
    • No access to the Code42 console or Code42 agent.
  • Scope of permissions
    • All organizations.
Permissions Description
restore.limited Permission to perform a limited size web restore for all devices user has authority to manage.

Agent User

Incydr Professional, Enterprise, Horizon, and Gov F2 only

This role is the default role for users in Incydr Professional, Enterprise, Horizon, and Gov F2. People with this role cannot sign in to the Code42 console. This role is assigned at initial user registration.

  • Limitations 
    • Cannot sign in to the Code42 console.
  • Scope of permissions
    • Assigned user.
Permissions Description
computer.read Permission to view computer information.
computer.update Permission to update computer information.

Alert Emails

Backup agent only

Assign this role to administrators who want to receive warning and critical alerts emails to monitor the frequency and success of backup operations for their users' devices.

  • Scope of permissions
    • All organizations.
Permissions Description
ReceivesAlert.EMAIL Permission to receive alert emails.

Alert Rule Builder

Assign this role to administrators who need to create and modify alert rules.

  • Limitations 
    • Cannot sign in to the Code42 console.
  • Scope of permissions
    • All organizations.
Permissions Description
alerting.rules.write Create and modify alert rules.

Audit Log Viewer

Assign this role to information security personnel who need to review events in the Audit Log

Incydr Basic, Advanced, and Gov F1 only: Assign this role in conjunction with a role that has access to the Code42 console, such as PROe User or Desktop User.

  • Limitations 
    • Cannot perform any functions except view the Audit Log.
  • Scope of permissions
    • All organizations.
Permissions Description
auditlog.read Permission to view Audit Log events.

Cross Org Admin

Assign this role to administrators who manage users and devices in all organizations, and who need to restore files for users. 

  • Limitations 
    • Has only limited access to the Code42 console command line interface (CLI).
  • Scope of permissions
    • All organizations.
Permissions Description
account.update For internal use only.
console.login Permission to log in to the Code42 console.
cpd.restore Permission to restore from the Code42 agent.
crossorg_computer.all Permission to access, alter, or remove any computer information across the customer's organization.
crossorg_computer.delete Permission to delete any computer across the customer's organization.
crossorg_computer.read Permission to view computer information across the customer's organization.
crossorg_computer.update Permission to update computer information across the customer's organization.
crossorg_org.create Permission to create new parent organizations across the customer's organization.
crossorg_org.delete Permission to delete any org across the customer's organization.
crossorg_org.read Permission to view organization information across the customer's organization.
crossorg_org.update_deactivate Permission to update organization information and deactivate organizations across the customer's organization.
crossorg_plan.all Permission to create, read, update and delete plans across the customer's organization.
crossorg_plan.create Permission to create plans across the customer's organization.
crossorg_plan.delete Permission to delete plans across the customer's organization.
crossorg_plan.read Permission to read information about plans across the customer's organization.
crossorg_plan.update Permission to update information on plans across the customer's organization.
crossorg_user.all Permission to access, alter, or remove any user information across the customer's organization.
crossorg_user.create Permission to create users across the customer's organization.
crossorg_user.delete Permission to delete users across the customer's organization.
crossorg_user.read Permission to view user information across the customer's organization.
crossorg_user.update Permission to update user information across the customer's organization.
fileforensics.settings_write Permission to view and edit file forensics related settings.
preservation.archive.purgepath Permission to remove specified paths and associated file versions from archives.
pushrestore.all Permission to perform a push restore from and to any device the user has authority to manage.
pushrestore.limited Permission to perform a push restore only to the source user's devices. There is no size limit.
pushrestore.personal Permission to perform a personal push restore.
restore.all Permission to perform a full web restore for all devices user has authority to manage.
restore.limited Permission to perform a limited size web restore for all devices user has authority to manage.
restore.personal Permission to perform a personal web restore.
search.configure Permission to configure search related settings.
securitytools.settings_write Permission to edit settings for Code42 Security Tools.
select.all Permission to remotely browse file and directory names for all devices user has authority to manage. Used for remotely selecting push-restore destination and backup sources.
select.personal Permission to remotely browse file and directory names for personal devices. Used for remotely selecting push-restore destination and backup sources.
system.command_restricted View the CLI and run any command for which the user has permission.
viewlogs.device Allows access to agent logs for any device the user has read permissions to

Cross Org Admin - No Restore

Assign this role to administrators who manage users and devices in all organizations, but who should not restore files for users. 

  • Limitations 
    • Cannot perform push or web restores.
    • File restore only applies to the backup agent.
  • Scope of permissions
    • All organizations.
Permissions Description
account.update For internal use only.
console.login Permission to log in to the Code42 console.
cpd.restore Permission to restore from the Code42 agent.
crossorg_computer.all Permission to access, alter, or remove any computer information across the customer's organization.
crossorg_computer.delete Permission to delete any computer across the customer's organization.
crossorg_computer.read Permission to view computer information across the customer's organization.
crossorg_computer.update Permission to update computer information across the customer's organization.
crossorg_org.create Permission to create new parent organizations across the customer's organization.
crossorg_org.delete Permission to delete any org across the customer's organization.
crossorg_org.read Permission to view organization information across the customer's organization.
crossorg_org.update_deactivate Permission to update organization information and deactivate organizations across the customer's organization.
crossorg_plan.all Permission to create, read, update and delete plans across the customer's organization.
crossorg_plan.create Permission to create plans across the customer's organization.
crossorg_plan.delete Permission to delete plans across the customer's organization.
crossorg_plan.read Permission to read information about plans across the customer's organization.
crossorg_plan.update Permission to update information on plans across the customer's organization.
crossorg_user.all Permission to access, alter, or remove any user information across the customer's organization.
crossorg_user.create Permission to create users across the customer's organization.
crossorg_user.delete Permission to delete users across the customer's organization.
crossorg_user.read Permission to view user information across the customer's organization.
crossorg_user.update Permission to update user information across the customer's organization.
fileforensics.settings_write Permission to view and edit file forensics related settings.
search.configure Permission to configure search related settings.
securitytools.settings_write Permission to edit settings for Code42 Security Tools.
select.all Permission to remotely browse file and directory names for all devices user has authority to manage. Used for remotely selecting push-restore destination and backup sources.
select.personal Permission to remotely browse file and directory names for personal devices. Used for remotely selecting push-restore destination and backup sources.
system.command_restricted View the CLI and run any command for which the user has permission.
viewlogs.device Allows access to agent logs for any device the user has read permissions to

Cross Org Computer Modify

Incydr Basic, Advanced, and Gov F1 only

Assign this role to individuals who modify device settings in all organizations. Assign in conjunction with Cross Org Help Desk to allow help desk personnel to add and deactivate user devices.

  • Limitations 
    • Cannot add/deactivate users or organizations.
  • Scope of permissions
    • All organizations.
Permissions Description
crossorg_computer.update Permission to update computer information across the customer's organization.
crossorg_user.read Permission to view user information across the customer's organization.

Cross Org Help Desk

Incydr Basic, Advanced, and Gov F1 only

Assign this role to help desk personnel who assist others in all organizations, but who cannot change any settings. The people with this role can view users and devices, restore files to the source user's devices using the Code42 console, and use reports to view data. To allow people with this role to add and deactivate user devices, assign this role in conjunction with the Cross Org Computer Modify role. 

  • Limitations 
    • Cannot change settings.
    • Cannot add/deactivate users, devices, or organizations.
  • Scope of permissions
    • All organizations.
Permissions Description
console.login Permission to log in to the Code42 console.
cpd.restore Permission to restore from the Code42 agent.
crossorg_computer.read Permission to view computer information across the customer's organization.
crossorg_org.read Permission to view organization information across the customer's organization.
crossorg_plan.read Permission to read information about plans across the customer's organization.
crossorg_user.read Permission to view user information across the customer's organization.
pushrestore.limited Permission to perform a push restore only to the source user's devices. There is no size limit.
select.all Permission to remotely browse file and directory names for all devices user has authority to manage. Used for remotely selecting push-restore destination and backup sources.
select.personal Permission to remotely browse file and directory names for personal devices. Used for remotely selecting push-restore destination and backup sources.

Cross Org Help Desk - No Restore

Incydr Basic, Advanced, and Gov F1 only

Assign this role to help desk personnel who assist others in all organizations, but who do not change any settings or restore files for others. People with this role can view users and devices and use reports to view data.

  • Limitations 
    • Cannot perform push or web restores.
    • Cannot change settings.
    • Cannot add/deactivate users, devices, or organizations.
  • Scope of permissions
    • All organizations.
Permissions Description
console.login Permission to log in to the Code42 console.
cpd.restore Permission to restore from the Code42 agent.
crossorg_computer.read Permission to view computer information across the customer's organization.
crossorg_org.read Permission to view organization information across the customer's organization.
crossorg_plan.read Permission to read information about plans across the customer's organization.
crossorg_user.read Permission to view user information across the customer's organization.

Cross Org Legal Admin

Assign this role to legal personnel who place custodians on legal hold and administer legal holds for all organizations. People with this role can restore files for legal hold collection purposes (push restore), view data in reports, and create, modify, and deactivate legal holds.

  • Limitations 
    • Cannot change settings.
    • Cannot add or deactivate users, devices, or organizations.
    • Legal hold only applies to the backup agent.
  • Scope of permissions
    • All organizations.
Permissions Description
console.login Permission to log in to the Code42 console.
crossorg_computer.read Permission to view computer information across the customer's organization.
crossorg_org.read Permission to view organization information across the customer's organization.
crossorg_plan.all Permission to create, read, update and delete plans across the customer's organization.
crossorg_plan.create Permission to create plans across the customer's organization.
crossorg_plan.delete Permission to delete plans across the customer's organization.
crossorg_plan.read Permission to read information about plans across the customer's organization.
crossorg_plan.update Permission to update information on plans across the customer's organization.
crossorg_user.read Permission to view user information across the customer's organization.
legalhold.all Permission to perform any operation regarding any Legal Hold
legalhold.create Permission to create a Legal Hold
legalhold.modify_membership Permission to add/remove users to/from any Legal Hold
legalhold.read Permission to view any Legal Hold
legalhold.update Permission to update any Legal Hold
pushrestore.all Permission to perform a push restore from and to any device the user has authority to manage.
pushrestore.limited Permission to perform a push restore only to the source user's devices. There is no size limit.
pushrestore.personal Permission to perform a personal push restore.
restore.all Permission to perform a full web restore for all devices user has authority to manage.
restore.limited Permission to perform a limited size web restore for all devices user has authority to manage.
restore.personal Permission to perform a personal web restore.
select.all Permission to remotely browse file and directory names for all devices user has authority to manage. Used for remotely selecting push-restore destination and backup sources.
select.personal Permission to remotely browse file and directory names for personal devices. Used for remotely selecting push-restore destination and backup sources.

Cross Org Manager

Assign this role to executive users who need statistics, but not technical details, about all organizations. People with this role can view users and devices, restore files to the source user's devices using the Code42 console, and view data in reports.

  • Limitations 
    • Cannot change settings.
    • Cannot add/deactivate users, devices, or organizations.
  • Scope of permissions
    • All organizations.
Permissions Description
console.login Permission to log in to the Code42 console.
cpd.restore Permission to restore from the Code42 agent.
crossorg_computer.read Permission to view computer information across the customer's organization.
crossorg_org.read Permission to view organization information across the customer's organization.
crossorg_plan.read Permission to read information about plans across the customer's organization.
crossorg_user.read Permission to view user information across the customer's organization.
pushrestore.personal Permission to perform a personal push restore.
restore.limited Permission to perform a limited size web restore for all devices user has authority to manage.
restore.personal Permission to perform a personal web restore.
select.personal Permission to remotely browse file and directory names for personal devices. Used for remotely selecting push-restore destination and backup sources.

Cross Org Security Viewer

Assign this role to information security personnel who need to retrieve information from devices that use endpoint monitoring in all organizations. People with this role can use the Activity Profile to view user activity detected by endpoint monitoring, and view data in reports. This role only applies to customers with the retired Code42 Gold product plan. It must be assigned in conjunction with the Security Center User role. 

If this role is assigned to analysts who use Incydr, assign them the Insider Risk Read Only role instead. This role is designed specifically for users of Incydr and only contains permissions for use with Incydr product plans. For directions on assigning roles to Incydr users, see Roles for Incydr

  • Limitations 
    • Cannot view security data in features offered by other product plans than the Code42 Gold product plan (for example, Forensic Search, Alerts, risk dashboards, and so on).
    • Cannot change settings in organizations.
    • Cannot add/deactivate users, devices, or organizations.
  • Scope of permissions
    • All organizations.
Permissions Description
console.login Permission to log in to the Code42 console.
crossorg_computer.read Permission to view computer information across the customer's organization.
crossorg_org.read Permission to view organization information across the customer's organization.
crossorg_plan.read Permission to read information about plans across the customer's organization.
crossorg_user.read Permission to view user information across the customer's organization.
securitytools.data_read Permission to view data collected by Code42 Security Tools.

Cross Org User Modify

Incydr Basic, Advanced, and Gov F1 only

Assign this role to help desk personnel who modify user settings on all organizations, but not device or organization settings. This role must be assigned in conjunction with a role that has access to the Code42 console, such as Cross Org Help Desk.

  • Limitations 
    • Cannot add or deactivate users.
    • Cannot update organization settings.
  • Scope of permissions
    • All organizations.
Permissions Description
crossorg_user.read Permission to view user information across the customer's organization.
crossorg_user.update Permission to update user information across the customer's organization.

Customer Cloud Admin

Assign this role to "super user" administrators who should have all possible permissions. People with this role have permissions to perform the tasks of any role.

Use with caution
Always assign roles so that users have the lowest level of privilege needed to perform their jobs. Do not assign the Customer Cloud Admin role if another role will provide the desired permissions. 
  • Scope of permissions
    • All organizations.
Permissions Description
account.update For internal use only.
alerting.alerts.read View alerts generated.
alerting.alerts.write Manage generated alerts, including ability to edit notes and status.
alerting.rules.read View rules configured for alerts.
alerting.rules.write Create and modify alert rules.
api_client.read Permission to view API client information.
api_client.write Permission to create, modify and remove API client information.
auditlog.read Permission to view Audit Log events.
cases.content.read View all case information, including events and findings.
cases.content.write Edit all aspects of a case, including add/remove file events, assign subjects, statuses, and add/edit findings.
client_management.agent_channel_upgrade.read Permission to read AgentUpgradeChannel information.
client_management.agent_channel_upgrade.subscribe Permission to subscribe to an AgentUpgradeChannel.
client_management.deployment_policy.read Permission to read DeploymentPolicy information.
client_management.deployment_policy.write Permission to write DeploymentPolicy information.
client_management.device_upgrade.read Permission to read DeviceUpgrade (DCU) settings.
client_management.device_upgrade.write Permission to write DeviceUpgrade (DCU) settings.
console.login Permission to log in to the Code42 console.
cpd.restore Permission to restore from the Code42 agent.
crossorg_computer.all Permission to access, alter, or remove any computer information across the customer's organization.
crossorg_computer.delete Permission to delete any computer across the customer's organization.
crossorg_computer.read Permission to view computer information across the customer's organization.
crossorg_computer.update Permission to update computer information across the customer's organization.
crossorg_org.create Permission to create new parent organizations across the customer's organization.
crossorg_org.delete Permission to delete any org across the customer's organization.
crossorg_org.read Permission to view organization information across the customer's organization.
crossorg_org.update_deactivate Permission to update organization information and deactivate organizations across the customer's organization.
crossorg_org.update_restricted Permission to update restricted organization information across the customer's organization.
crossorg_plan.all Permission to create, read, update and delete plans across the customer's organization.
crossorg_plan.create Permission to create plans across the customer's organization.
crossorg_plan.delete Permission to delete plans across the customer's organization.
crossorg_plan.read Permission to read information about plans across the customer's organization.
crossorg_plan.update Permission to update information on plans across the customer's organization.
crossorg_user.all Permission to access, alter, or remove any user information across the customer's organization.
crossorg_user.create Permission to create users across the customer's organization.
crossorg_user.delete Permission to delete users across the customer's organization.
crossorg_user.read Permission to view user information across the customer's organization.
crossorg_user.update Permission to update user information across the customer's organization.
customer_admin.all Permission to configure settings for your entire environment, such as subscription information and single sign-on (SSO).
dataconnections.fileaccess.read Create temporary read-only access to specific files in a cloud storage data connection.
dataconnections.settings.read View all settings configured for Data Connections.
dataconnections.settings.write Add, edit, and remove settings configured for Data Connections.
dataconnections.sharing.read

View sharing permissions on files in a cloud storage data connection. 

dataconnections.sharing.write Revoke sharing permissions on files in a cloud storage data connection.
datapreferences.settings.read View all settings configured for Data Preferences.
datapreferences.settings.write Add, edit, and remove settings configured for Data Preferences.
detectionlists.departingemployee.read View users on the departing employee list, including notes, departure date, attributes, and event counts.
detectionlists.departingemployee.write Add and remove users from the departing employee list, including details for departure date.
detectionlists.departingemployeealerts.read View departing employee alert settings.
detectionlists.departingemployeealerts.write Modify departing employee alert settings.
detectionlists.highriskemployee.read View users on the high risk employee list, including notes, attributes, and risk factors.
detectionlists.highriskemployee.write Add and remove users from high risk employee list.
detectionlists.highriskemployeealerts.read View high risk employee alert settings.
detectionlists.highriskemployeealerts.write Modify high risk employee alert settings.
detectionlists.userprofile.read Ability to search for user profiles and get basic user information such as their name, department, and cloud aliases.
detectionlists.userprofile.write Ability to add and remove cloud alias names from a user profile.
detectionlists.userprofilenotes.read Ability to view user notes.
detectionlists.userprofilenotes.write Ability to update user notes.
directory.identity_management.read View identity management integrations.
directory.identity_management.write Create and modify identity management integrations.
directory.keystore.read View keystore configuration and status.
directory.keystore.write Modify keystore configuration, start migrations.
directory.uac.elevated_role_manage Authorize principal to manage role assignments for any customer role.
email.update Permission to change customer-specific email settings and content.
fileforensics.restore Permission to download (restore) files from within Security Center.
fileforensics.settings_write Permission to view and edit file forensics related settings.
instructor.lesson.read View and send lessons configured for Instructor.
instructor.lesson.write Modify Instructor lesson configuration.
legalhold.all Permission to perform any operation regarding any Legal Hold
legalhold.create Permission to create a Legal Hold
legalhold.modify_membership Permission to add/remove users to/from any Legal Hold
legalhold.read Permission to view any Legal Hold
legalhold.update Permission to update any Legal Hold
notify_new_location.all Permission to view and update whether the user is notified on login from a new location.
notify_new_location.read Permission to read whether the user is notified on login from a new location.
notify_new_location.update Permission to update whether the user is notified on login from a new location.
preservation.archive.purgepath Permission to remove specified paths and associated file versions from archives.
preservation.metadata.read Permission to view the preservation manifest for any archive in the organization.
prioritization.settings.read View all available risk settings, including the risk indicators and corresponding weights.
prioritization.settings.write Edit all aspects of risk settings, including the weight assigned to individual risk indicators.
pushrestore.all Permission to perform a push restore from and to any device the user has authority to manage.
pushrestore.limited Permission to perform a push restore only to the source user's devices. There is no size limit.
pushrestore.personal Permission to perform a personal push restore.
response.actions.execute View and execute all response actions.
restore.all Permission to perform a full web restore for all devices user has authority to manage.
restore.limited Permission to perform a limited size web restore for all devices user has authority to manage.
restore.personal Permission to perform a personal web restore.
search.configure Permission to configure search related settings.
search.fileevents.read View, search, and export event-level metadata about file and data movement. Includes access to Forensic Search web app and related APIs.
search.saved.read View saved searches that have been created in Forensic Search.
search.saved.write Create, modify, and delete saved searches in Forensic Search.
securitytools.data_read Permission to view data collected by Code42 Security Tools.
securitytools.settings_write Permission to edit settings for Code42 Security Tools.
select.all Permission to remotely browse file and directory names for all devices user has authority to manage. Used for remotely selecting push-restore destination and backup sources.
select.personal Permission to remotely browse file and directory names for personal devices. Used for remotely selecting push-restore destination and backup sources.
support_user.toggle_creation Permission to enable/disable support user creation.
system.command_restricted View the CLI and run any command for which the user has permission.
twofactorauth.configure Permission to view and edit two-factor auth settings for local users.
viewlogs.device Allows access to agent logs for any device the user has read permissions to
visualizations.endpointhealth.read View device health information for collection of file events.
visualizations.risksummaries.read View the risk exposure visualizations.

Departing Employee Manager

Assign this role to people who add or remove users in the Departing watchlist. (The High Risk Employee Manager role is required to add or remove users in other watchlists.) This role is intended to augment the Insider Risk Analyst role.

  • Limitations 
    • Cannot perform any administrator actions beyond managing users in the Departing watchlist.
  • Scope of permissions
    • Assigned user.
Permissions Description
console.login Permission to log in to the Code42 console.
crossorg_org.read Permission to view organization information across the customer's organization.
crossorg_user.read Permission to view user information across the customer's organization.
detectionlists.departingemployee.read View users on the departing employee list, including notes, departure date, attributes, and event counts.
detectionlists.departingemployee.write Add and remove users from the departing employee list, including details for departure date.
detectionlists.departingemployeealerts.read View departing employee alert settings.
detectionlists.departingemployeealerts.write Modify departing employee alert settings.
detectionlists.userprofile.read Ability to search for user profiles and get basic user information such as their name, department, and cloud aliases.
detectionlists.userprofile.write Ability to add and remove cloud alias names from a user profile.
detectionlists.userprofilenotes.read Ability to view user notes.
detectionlists.userprofilenotes.write Ability to update user notes.

Desktop User

Backup agent only

This role is the default role for Code42 agent users. People with this role can sign in to the Code42 agent, select files for backup in the Code42 agent, and restore files from the Code42 agent.

  • Limitations 
    • Cannot interact with other users' data or change settings in the Code42 environment.
  • Scope of permissions
    • Assigned user.
Permissions Description
cpd.restore Permission to restore from the Code42 agent.
plan.create Permission to create plans within a user's organization hierarchy.
restore.personal Permission to perform a personal web restore.
select.personal Permission to remotely browse file and directory names for personal devices. Used for remotely selecting push-restore destination and backup sources.

Desktop User - No Web Restore

Backup agent only

Assign this role to users of the Code42 agent who do not need to perform restores using the Code42 console. People with this role can still restore files from the Code42 agent and select files for backup in the Code42 agent.

  • Limitations 
    • Cannot interact with other users' data or change settings.
    • Cannot perform web restores.
  • Scope of permissions
    • Assigned user.
Permissions Description
cpd.restore Permission to restore from the Code42 agent.
select.personal Permission to remotely browse file and directory names for personal devices. Used for remotely selecting push-restore destination and backup sources.

High Risk Employee Manager

Assign this role to people who add or remove users in all watchlists except for the Departing watchlist, which requires the Departing Employee Manager role. This role is intended to augment the Insider Risk Analyst role.

  • Limitations 
    • Cannot perform any administrator actions beyond managing users in watchlists.
    • Cannot manage users in the Departing watchlist.
  • Scope of permissions
    • Assigned user.
Permissions Description
console.login Permission to log in to the Code42 console.
crossorg_org.read Permission to view organization information across the customer's organization.
crossorg_user.read Permission to view user information across the customer's organization.
detectionlists.highriskemployee.read View users on the high risk employee list, including notes, attributes, and risk factors.
detectionlists.highriskemployee.write Add and remove users from high risk employee list.
detectionlists.highriskemployeealerts.read View high risk employee alert settings.
detectionlists.highriskemployeealerts.write Modify high risk employee alert settings.
detectionlists.userprofile.read Ability to search for user profiles and get basic user information such as their name, department, and cloud aliases.
detectionlists.userprofile.write Ability to add and remove cloud alias names from a user profile.
detectionlists.userprofilenotes.read Ability to view user notes.
detectionlists.userprofilenotes.write Ability to update user notes.

Identity Management Administrator

Assign this role to an administrator whose work is limited to setup and maintenance of Identity Management. People assigned this role can configure single sign-on and provisioning

This role is intended to augment the Security Administrator role, or to be used as a standalone role.

  • Limitations 
    • Cannot use Incydr features.
  • Scope of permissions
    • All organizations.
Permissions Description
console.login Permission to log in to the Code42 console.
directory.identity_management.read View identity management integrations.
directory.identity_management.write Create and modify identity management integrations.
directory.uac.elevated_role_manage Authorize principal to manage role assignments for any customer role.

Insider Risk Admin

Assign this role to administrators who need read and write access to all Incydr functionality. The person with this role typically is the administrator responsible for managing the team of insider risk analysts, and assigns the Insider Risk Analyst and Insider Risk Read Only roles.

For Incydr users currently assigned the Security Center User role, assign them either this role or the Insider Risk Analyst role instead, depending on their responsibilities. These roles are designed specifically for users of Incydr and only contain permissions for use with Incydr product plans. For directions on assigning roles to Incydr users, see Roles for Incydr.

  • Limitations 
    • Cannot restore files from Forensic Search (requires the Security Center - Restore role).
    • Cannot view the Audit Log (requires the Audit Log Viewer role).
    • Cannot add/deactivate users, devices, or organizations.
  • Scope of permissions
    • All organizations.
Permissions Description
alerting.alerts.read View alerts generated.
alerting.alerts.write Manage generated alerts, including ability to edit notes and status.
alerting.rules.read View rules configured for alerts.
alerting.rules.write Create and modify alert rules.
cases.content.read View all case information, including events and findings.
cases.content.write Edit all aspects of a case, including add/remove file events, assign subjects, statuses, and add/edit findings.
console.login Permission to log in to the Code42 console.
dataconnections.settings.read View all settings configured for Data Connections.
dataconnections.sharing.read

View sharing permissions on files in a cloud storage data connection. 

dataconnections.sharing.write Revoke sharing permissions on files in a cloud storage data connection.
datapreferences.settings.read View all settings configured for Data Preferences.
datapreferences.settings.write Add, edit, and remove settings configured for Data Preferences.
detectionlists.departingemployee.read View users on the departing employee list, including notes, departure date, attributes, and event counts.
detectionlists.departingemployee.write Add and remove users from the departing employee list, including details for departure date.
detectionlists.departingemployeealerts.read View departing employee alert settings.
detectionlists.departingemployeealerts.write Modify departing employee alert settings.
detectionlists.highriskemployee.read View users on the high risk employee list, including notes, attributes, and risk factors.
detectionlists.highriskemployee.write Add and remove users from high risk employee list.
detectionlists.highriskemployeealerts.read View high risk employee alert settings.
detectionlists.highriskemployeealerts.write Modify high risk employee alert settings.
detectionlists.userprofile.read Ability to search for user profiles and get basic user information such as their name, department, and cloud aliases.
detectionlists.userprofile.write Ability to add and remove cloud alias names from a user profile.
detectionlists.userprofilenotes.read Ability to view user notes.
detectionlists.userprofilenotes.write Ability to update user notes.
instructor.lesson.read View and send lessons configured for Instructor.
instructor.lesson.write Modify Instructor lesson configuration.
messageservices.configuration.read View message services configurations.
preservation.archive.purgepath Permission to remove specified paths and associated file versions from archives.
prioritization.settings.read View all available risk settings, including the risk indicators and corresponding weights.
prioritization.settings.write Edit all aspects of risk settings, including the weight assigned to individual risk indicators.
search.fileevents.read View, search, and export event-level metadata about file and data movement. Includes access to Forensic Search web app and related APIs.
search.saved.read View saved searches that have been created in Forensic Search.
search.saved.write Create, modify, and delete saved searches in Forensic Search.
visualizations.endpointhealth.read View device health information for collection of file events.
visualizations.risksummaries.read View the risk exposure visualizations.

Insider Risk Analyst

Assign this role to analysts responsible for using Incydr to investigate and respond to insider risks. The people assigned this role perform investigations with Forensic Search, create cases, create alert rules, and view alert notifications. For directions on assigning roles to Incydr users, see Roles for Incydr.

Permissions Description
alerting.alerts.read View alerts generated.
alerting.alerts.write Manage generated alerts, including ability to edit notes and status.
alerting.rules.read View rules configured for alerts.
alerting.rules.write Create and modify alert rules.
cases.content.read View all case information, including events and findings.
cases.content.write Edit all aspects of a case, including add/remove file events, assign subjects, statuses, and add/edit findings.
console.login Permission to log in to the Code42 console.
dataconnections.settings.read View all settings configured for Data Connections.
dataconnections.sharing.read

View sharing permissions on files in a cloud storage data connection. 

datapreferences.settings.read View all settings configured for Data Preferences.
datapreferences.settings.write Add, edit, and remove settings configured for Data Preferences.
detectionlists.userprofile.read Ability to search for user profiles and get basic user information such as their name, department, and cloud aliases.
detectionlists.userprofile.write Ability to add and remove cloud alias names from a user profile.
detectionlists.userprofilenotes.read Ability to view user notes.
detectionlists.userprofilenotes.write Ability to update user notes.
instructor.lesson.read View and send lessons configured for Instructor.
instructor.lesson.write Modify Instructor lesson configuration.
messageservices.configuration.read View message services configurations.
prioritization.settings.read View all available risk settings, including the risk indicators and corresponding weights.
prioritization.settings.write Edit all aspects of risk settings, including the weight assigned to individual risk indicators.
search.fileevents.read View, search, and export event-level metadata about file and data movement. Includes access to Forensic Search web app and related APIs.
search.saved.read View saved searches that have been created in Forensic Search.
search.saved.write Create, modify, and delete saved searches in Forensic Search.
visualizations.endpointhealth.read View device health information for collection of file events.
visualizations.risksummaries.read View the risk exposure visualizations.

Insider Risk Read Only

Assign this role to people who need to keep informed about insider risk investigations in Incydr, but who should not create alert rules, cases, or saved searches. For example, assign it to a junior analyst to allow them to perform light investigations, or assign it to the CISO or Chief Privacy Officer to allow them read-only access. People assigned this role can view information in Incydr, including watchlists, dashboards, alerts, and cases. For directions on assigning roles to Incydr users, see Roles for Incydr.

  • Limitations 
    • View-only capabilities; cannot make any changes in Incydr.
    • Cannot view the Audit Log (requires the Audit Log Viewer role).
    • Cannot add/deactivate users, devices, or organizations.
  • Scope of permissions
    • All organizations.
Permissions Description
alerting.alerts.read View alerts generated.
alerting.rules.read View rules configured for alerts.
cases.content.read View all case information, including events and findings.
console.login Permission to log in to the Code42 console.
dataconnections.settings.read View all settings configured for Data Connections.
dataconnections.sharing.read

View sharing permissions on files in a cloud storage data connection. 

datapreferences.settings.read View all settings configured for Data Preferences.
detectionlists.departingemployee.read View users on the departing employee list, including notes, departure date, attributes, and event counts.
detectionlists.departingemployeealerts.read View departing employee alert settings.
detectionlists.highriskemployee.read View users on the high risk employee list, including notes, attributes, and risk factors.
detectionlists.highriskemployeealerts.read View high risk employee alert settings.
detectionlists.userprofile.read Ability to search for user profiles and get basic user information such as their name, department, and cloud aliases.
detectionlists.userprofilenotes.read Ability to view user notes.
instructor.lesson.read View and send lessons configured for Instructor.
messageservices.configuration.read View message services configurations.
prioritization.settings.read View all available risk settings, including the risk indicators and corresponding weights.
search.fileevents.read View, search, and export event-level metadata about file and data movement. Includes access to Forensic Search web app and related APIs.
search.saved.read View saved searches that have been created in Forensic Search.
visualizations.endpointhealth.read View device health information for collection of file events.
visualizations.risksummaries.read View the risk exposure visualizations.

Insider Risk Respond

Assign this role to people allowed to use the Actions menu to respond to insider risk events. This role is intended to augment the Insider Risk Analyst role.

  • Limitations 
    • Cannot add/deactivate users, devices, or organizations.
  • Scope of permissions
    • All organizations.
Permissions Description
dataconnections.sharing.write Revoke sharing permissions on files in a cloud storage data connection.
instructor.lesson.read View and send lessons configured for Instructor.
response.actions.execute View and execute all response actions.

Manifest Viewer

Backup agent only

Assign this role to people who need to access backup archive metadata so they can generate reports on files and their versions. This role is used only by APIs.

  • Limitations 
    • Does not directly grant access to view or manage users and organizations.
  • Scope of permissions
    • Used solely by APIs.
    • Allows access to archives for all organizations.
Permissions Description
preservation.metadata.read Permission to view the preservation manifest for any archive in the organization.

Multi-Factor Auth Admin

Assign this role to administrators who manage two-factor authentication for local users within a specific organization. Assign this role in conjunction with an administrative role with organization and user access rights such as Org Admin.

  • Limitations 
    • Does not directly grant access to view or manage users and organizations.
  • Scope of permissions
    • The user's organization and its child organizations.
Permissions Description
twofactorauth.configure Permission to view and edit two-factor auth settings for local users.

Org Admin

Assign this role to administrators who manage users and devices within a specific organization. The person assigned this role can perform web restores, view data in reports, and update settings for users, devices, and organizations.

  • Limitations 
    • Limited access to the Code42 console command line interface (CLI).
  • Scope of permissions
    • The user's organization and its child organizations.
Permissions Description
account.update For internal use only.
computer.all Permission to access, alter, or remove any computer information.
computer.delete Permission to delete computer.
computer.read Permission to view computer information.
computer.update Permission to update computer information.
console.login Permission to log in to the Code42 console.
cpd.restore Permission to restore from the Code42 agent.
fileforensics.settings_write Permission to view and edit file forensics related settings.
org.create Permission to create child organizations within user's organization.
org.delete Permission to delete information within user's organization.
org.read Permission to view org information within user's organization.
org.update_deactivate Permission to update information within a user's organization and deactivate organizations.
plan.all Permission to create, read, update and delete plans within a user's organization hierarchy.
plan.create Permission to create plans within a user's organization hierarchy.
plan.delete Permission to delete plans from a user's organization hierarchy.
plan.read Permission to read information about plans within a user's organization hierarchy.
plan.update Permission to update information on plans within a user's organization hierarchy.
preservation.archive.purgepath Permission to remove specified paths and associated file versions from archives.
pushrestore.all Permission to perform a push restore from and to any device the user has authority to manage.
pushrestore.limited Permission to perform a push restore only to the source user's devices. There is no size limit.
pushrestore.personal Permission to perform a personal push restore.
restore.all Permission to perform a full web restore for all devices user has authority to manage.
restore.limited Permission to perform a limited size web restore for all devices user has authority to manage.
restore.personal Permission to perform a personal web restore.
search.configure Permission to configure search related settings.
securitytools.settings_write Permission to edit settings for Code42 Security Tools.
select.all Permission to remotely browse file and directory names for all devices user has authority to manage. Used for remotely selecting push-restore destination and backup sources.
select.personal Permission to remotely browse file and directory names for personal devices. Used for remotely selecting push-restore destination and backup sources.
system.command_restricted View the CLI and run any command for which the user has permission.
user.all Permission to access, alter or remove any user information.
user.create Permission to create users.
user.delete Permission to delete users.
user.read Permission to view user information.
user.update Permission to update user information.
viewlogs.device Allows access to agent logs for any device the user has read permissions to

Org Admin - No Web Restore

Incydr Basic, Advanced, and Gov F1 only

Assign this role to administrators who manage users and devices within a specific organization and who do not perform web restores. The person assigned this role can update settings for users, devices, and organizations.

  • Limitations
    • Cannot add/deactivate users or computers outside their organization.
    • Limited access to the Code42 console command line interface (CLI).
    • Cannot perform web restores.
  • Scope of permissions
    • The user's organization and its child organizations.
Permissions Description
account.update For internal use only.
computer.all Permission to access, alter, or remove any computer information.
computer.delete Permission to delete computer.
computer.read Permission to view computer information.
computer.update Permission to update computer information.
console.login Permission to log in to the Code42 console.
cpd.restore Permission to restore from the Code42 agent.
fileforensics.settings_write Permission to view and edit file forensics related settings.
org.create Permission to create child organizations within user's organization.
org.delete Permission to delete information within user's organization.
org.read Permission to view org information within user's organization.
org.update_deactivate Permission to update information within a user's organization and deactivate organizations.
plan.all Permission to create, read, update and delete plans within a user's organization hierarchy.
plan.create Permission to create plans within a user's organization hierarchy.
plan.delete Permission to delete plans from a user's organization hierarchy.
plan.read Permission to read information about plans within a user's organization hierarchy.
plan.update Permission to update information on plans within a user's organization hierarchy.
pushrestore.all Permission to perform a push restore from and to any device the user has authority to manage.
pushrestore.limited Permission to perform a push restore only to the source user's devices. There is no size limit.
pushrestore.personal Permission to perform a personal push restore.
search.configure Permission to configure search related settings.
securitytools.settings_write Permission to edit settings for Code42 Security Tools.
select.all Permission to remotely browse file and directory names for all devices user has authority to manage. Used for remotely selecting push-restore destination and backup sources.
select.personal Permission to remotely browse file and directory names for personal devices. Used for remotely selecting push-restore destination and backup sources.
system.command_restricted View the CLI and run any command for which the user has permission.
user.all Permission to access, alter or remove any user information.
user.create Permission to create users.
user.delete Permission to delete users.
user.read Permission to view user information.
user.update Permission to update user information.
viewlogs.device Allows access to agent logs for any device the user has read permissions to

Org Computer Modify

Incydr Basic, Advanced, and Gov F1 only

Assign this role to individuals who modify device settings in their organization. Assign in conjunction with Org Help Desk to enable help desk personnel to add and deactivate user devices.

  • Limitations 
    • Cannot modify settings of devices in other organizations.
    • Cannot add/deactivate users or organizations.
  • Scope of permissions
    • All organizations.
Permissions Description
computer.update Permission to update computer information.
user.read Permission to view user information.

Org Help Desk

Incydr Basic, Advanced, and Gov F1 only

Assign this role to help desk personnel who assist others in their organization, but who do not change any settings. The people with this role can view users and devices, restore files to the source user's devices using the Code42 console, and use reports to view data. To allow people with this role to add and deactivate devices, assign this role in conjunction with the Org Computer Modify role. 

  • Limitations 
    • Cannot change settings.
    • Cannot add/deactivate users, devices, or organizations.
  • Scope of permissions
    • The user's organization and its child organizations.
Permissions Description
computer.read Permission to view computer information.
console.login Permission to log in to the Code42 console.
cpd.restore Permission to restore from the Code42 agent.
org.read Permission to view org information within user's organization.
plan.read Permission to read information about plans within a user's organization hierarchy.
pushrestore.limited Permission to perform a push restore only to the source user's devices. There is no size limit.
select.all Permission to remotely browse file and directory names for all devices user has authority to manage. Used for remotely selecting push-restore destination and backup sources.
select.personal Permission to remotely browse file and directory names for personal devices. Used for remotely selecting push-restore destination and backup sources.
user.read Permission to view user information.

Org Help Desk - No Restore

Incydr Basic, Advanced, and Gov F1 only

Assign this role to help desk personnel who assist others in their organization, but who do not change any settings or restore files for others. People with this role can view users and devices.

  • Limitations 
    • Cannot perform push or web restores.
    • Cannot change settings.
    • Cannot add/deactivate users, devices, or organizations.
  • Scope of permissions
    • The user's organization and its child organizations.
Permissions Description
computer.read Permission to view computer information.
console.login Permission to log in to the Code42 console.
cpd.restore Permission to restore from the Code42 agent.
org.read Permission to view org information within user's organization.
plan.read Permission to read information about plans within a user's organization hierarchy.
user.read Permission to view user information.

Org Legal Admin

Assign this role to legal personnel who place custodians on legal hold and administer legal holds for all organizations, but who only need to restore files from users within their organization. People with this role can restore files for legal hold collection purposes (push restore), and create, modify, and deactivate legal holds.

  • Limitations 
    • Cannot change settings.
    • Cannot add/deactivate users, devices, or organizations.
    • Legal holds only apply to the backup agent.
  • Scope of permissions
    • The user's organization and its child organizations.
Permissions Description
computer.read Permission to view computer information.
console.login Permission to log in to the Code42 console.
legalhold.all Permission to perform any operation regarding any Legal Hold
legalhold.create Permission to create a Legal Hold
legalhold.modify_membership Permission to add/remove users to/from any Legal Hold
legalhold.read Permission to view any Legal Hold
legalhold.update Permission to update any Legal Hold
org.read Permission to view org information within user's organization.
plan.all Permission to create, read, update and delete plans within a user's organization hierarchy.
plan.create Permission to create plans within a user's organization hierarchy.
plan.delete Permission to delete plans from a user's organization hierarchy.
plan.read Permission to read information about plans within a user's organization hierarchy.
plan.update Permission to update information on plans within a user's organization hierarchy.
pushrestore.all Permission to perform a push restore from and to any device the user has authority to manage.
pushrestore.limited Permission to perform a push restore only to the source user's devices. There is no size limit.
pushrestore.personal Permission to perform a personal push restore.
restore.all Permission to perform a full web restore for all devices user has authority to manage.
restore.limited Permission to perform a limited size web restore for all devices user has authority to manage.
restore.personal Permission to perform a personal web restore.
select.all Permission to remotely browse file and directory names for all devices user has authority to manage. Used for remotely selecting push-restore destination and backup sources.
select.personal Permission to remotely browse file and directory names for personal devices. Used for remotely selecting push-restore destination and backup sources.
user.read Permission to view user information.

Org Manager

Assign this role to executive users who need statistics, but not technical details, about their organization. People with this role can view users and devices, restore files to the source user's devices using the Code42 console, and view data in reports.

  • Limitations 
    • Cannot change settings.
    • Cannot add/deactivate users, devices, or organizations.
  • Scope of permissions
    • The user's organization and its child organizations.
Permissions Description
computer.read Permission to view computer information.
console.login Permission to log in to the Code42 console.
cpd.restore Permission to restore from the Code42 agent.
org.read Permission to view org information within user's organization.
plan.read Permission to read information about plans within a user's organization hierarchy.
pushrestore.personal Permission to perform a personal push restore.
restore.limited Permission to perform a limited size web restore for all devices user has authority to manage.
restore.personal Permission to perform a personal web restore.
select.personal Permission to remotely browse file and directory names for personal devices. Used for remotely selecting push-restore destination and backup sources.
user.read Permission to view user information.
viewlogs.device Allows access to agent logs for any device the user has read permissions to

Org Security Viewer

Assign this role to information security personnel who need to retrieve information from devices that use endpoint monitoring in their organization. People with this role can use the Activity Profile to view user activity detected by endpoint monitoring, and can view data in reports. This role only applies to customers with the retired Code42 Gold product plan. It must be assigned in conjunction with the Security Center User role. 

If this role is assigned to analysts who use Incydr, assign them the Insider Risk Read Only role instead. This role is designed specifically for users of Incydr and only contains permissions for use with Incydr product plans. For directions on assigning roles to Incydr users, see Roles for Incydr

  • Limitations 
    • Cannot view security data in features offered by other product plans than the Code42 Gold product plan (for example, Forensic Search, Alerts, risk dashboards, and so on).
    • Does not restrict access by organization for security data features in non-Code42 Gold product plans.
    • Cannot change settings in the organization.
    • Cannot add/deactivate users, devices, or organizations.
  • Scope of permissions
    • The user's organization and its child organizations.
Permissions Description
computer.read Permission to view computer information.
console.login Permission to log in to the Code42 console.
org.read Permission to view org information within user's organization.
plan.read Permission to read information about plans within a user's organization hierarchy.
securitytools.data_read Permission to view data collected by Code42 Security Tools.
user.read Permission to view user information.

PROe User

This role is the default role for Code42 console users. People with this role can sign in to the Code42 console and restore files from the Code42 console.

  • Limitations 
    • Cannot access other Code42 console information or functions.
    • Applies only to users of the backup agent.
  • Scope of permissions
    • Assigned user.
Permissions Description
console.login Permission to log in to the Code42 console.
cpd.restore Permission to restore from the Code42 agent.

Push Restore

Assign this role to help desk personnel who assist others with restoring data. People with this role can restore files from the Code42 console and view files within backup archives. Assign this role in conjunction with a role that has access to the Code42 console, such as Org Help Desk

  • Limitations 
    • Cannot add/deactivate users, organizations, or devices.
    • Push restore only applies to the backup agent.
  • Scope of permissions
    • All organizations.
Permissions Description
pushrestore.all Permission to perform a push restore from and to any device the user has authority to manage.
pushrestore.limited Permission to perform a push restore only to the source user's devices. There is no size limit.
pushrestore.personal Permission to perform a personal push restore.
select.all Permission to remotely browse file and directory names for all devices user has authority to manage. Used for remotely selecting push-restore destination and backup sources.
select.personal Permission to remotely browse file and directory names for personal devices. Used for remotely selecting push-restore destination and backup sources.

Remote File Selection

Backup agent only

Assign this role to help desk personnel who monitor backups by viewing files within backup archives. Assign this role in conjunction with a role that has access to the Code42 console, such as Org Help Desk - No Restore.

  • Limitations 
    • Cannot add/deactivate users, organizations, or devices.
  • Scope of permissions
    • All organizations.
Permissions Description
select.all Permission to remotely browse file and directory names for all devices user has authority to manage. Used for remotely selecting push-restore destination and backup sources.
select.personal Permission to remotely browse file and directory names for personal devices. Used for remotely selecting push-restore destination and backup sources.

Security Administrator

Assign this role to an administrator whose work is limited to setup and maintenance of the Incydr installation. People assigned this role can configure data connections and perform agent management jobs that include agent downloadsdeployment policies, customizations, and Code42 agent upgrades.

Assign this role instead of the Customer Cloud Admin role if the administrator's job is limited to setup and maintenance of the Incydr installation. For more information on assigning roles for Incydr, see Roles for Incydr.

  • Limitations 
    • Cannot use Incydr features.
  • Scope of permissions
    • All organizations.
Permissions Description
client_management.agent_channel_upgrade.read Permission to read AgentUpgradeChannel information.
client_management.agent_channel_upgrade.subscribe Permission to subscribe to an AgentUpgradeChannel.
client_management.deployment_policy.read Permission to read DeploymentPolicy information.
client_management.deployment_policy.write Permission to write DeploymentPolicy information.
client_management.device_upgrade.read Permission to read DeviceUpgrade (DCU) settings.
client_management.device_upgrade.write Permission to write DeviceUpgrade (DCU) settings.
console.login Permission to log in to the Code42 console.
customer_admin.all Permission to configure settings for your entire environment, such as subscription information and single sign-on (SSO).
dataconnections.settings.read View all settings configured for Data Connections.
dataconnections.settings.write Add, edit, and remove settings configured for Data Connections.
messageservices.configuration.read View message services configurations.
messageservices.configuration.write Modify message services configurations.

Security Center - Restore

Assign this role to allow information security personnel to:

  • Download files captured from a user's endpoint.
  • Obtain temporary access to files in cloud storage data connections.

With this role, links to the file contents appear in the file event details. To restrict access to only cloud or endpoint files, assign the Security Center - Restore - Cloud or Security Center - Restore - Endpoint role instead.

Assign in conjunction with an administrative role such as Insider Risk Admin or Insider Risk Analyst. For directions on assigning roles to Incydr users, see Roles for Incydr

  • Limitations 
    • Does not directly grant access to view or manage other users.
  • Scope of permissions
    • The user's organization and its child organizations.
Permissions Description
fileforensics.restore Permission to download (restore) files from within the Code42 console.
dataconnections.fileaccess.read Create temporary read-only access to specific files in a cloud storage data connection.

Security Center - Restore - Cloud

Assign this role to allow information security personnel to:

  • Obtain temporary access to files in cloud storage data connections.

With this role, links to the file contents appear in the file event details.

Assign in conjunction with an administrative role such as Insider Risk Admin or Insider Risk Analyst. For directions on assigning roles to Incydr users, see Roles for Incydr

  • Limitations 
    • Does not directly grant access to view or manage other users.
    • Cannot download files captured from a user's endpoint.
  • Scope of permissions
    • The user's organization and its child organizations.
Permissions Description
dataconnections.fileaccess.read Create temporary read-only access to specific files in a cloud storage data connection.

Security Center - Restore - Endpoint

Assign this role to allow information security personnel to:

  • Download files captured from a user's endpoint.

With this role, links to the file contents appear in the file event details.

Assign in conjunction with an administrative role such as Insider Risk Admin or Insider Risk Analyst. For directions on assigning roles to Incydr users, see Roles for Incydr

  • Limitations 
    • Does not directly grant access to view or manage other users.
    • Cannot access files in cloud storage data connections.
  • Scope of permissions
    • The user's organization and its child organizations.
Permissions Description
fileforensics.restore Permission to download (restore) files from within the Code42 console.

Security Center User

Incydr Basic, Advanced, and Gov F1 only

Assign this role to information security personnel who need to view user activity detected by endpoint monitoring and who manage activity profiles. This role only applies to customers with the retired Code42 Gold product plan.

If this role is assigned to administrators or analysts who use Incydr, assign them either the Insider Risk Admin or Insider Risk Analyst role instead, depending on their responsibilities. These roles are designed specifically for users of Incydr and only contain permissions for use with Incydr product plans. For directions on assigning roles to Incydr users, see Roles for Incydr

  • Limitations 
    • Cannot change settings.
    • Cannot add/deactivate users, devices, or organizations.
    • Cannot restore files from Forensic Search (requires the Security Center - Restore role).
  • Scope of permissions
    • All organizations.
Permissions Description
alerting.alerts.read View alerts generated.
alerting.alerts.write Manage generated alerts, including ability to edit notes and status.
alerting.rules.read View rules configured for alerts.
alerting.rules.write Create and modify alert rules.
cases.content.read View all case information, including events and findings.
cases.content.write Edit all aspects of a case, including add/remove file events, assign subjects, statuses, and add/edit findings.
crossorg_org.read Permission to view organization information across the customer's organization.
crossorg_user.read Permission to view user information across the customer's organization.
datapreferences.settings.read View all settings configured for Data Preferences.
datapreferences.settings.write Add, edit, and remove settings configured for Data Preferences.
detectionlists.departingemployee.read View users on the departing employee list, including notes, departure date, attributes, and event counts.
detectionlists.departingemployee.write Add and remove users from the departing employee list, including details for departure date.
detectionlists.departingemployeealerts.read View departing employee alert settings.
detectionlists.departingemployeealerts.write Modify departing employee alert settings.
detectionlists.highriskemployee.read View users on the high risk employee list, including notes, attributes, and risk factors.
detectionlists.highriskemployee.write Add and remove users from high risk employee list.
detectionlists.highriskemployeealerts.read View high risk employee alert settings.
detectionlists.highriskemployeealerts.write Modify high risk employee alert settings.
detectionlists.userprofile.read Ability to search for user profiles and get basic user information such as their name, department, and cloud aliases.
detectionlists.userprofile.write Ability to add and remove cloud alias names from a user profile.
detectionlists.userprofilenotes.read Ability to view user notes.
detectionlists.userprofilenotes.write Ability to update user notes.
fileforensics.settings_write Permission to view and edit file forensics related settings.
prioritization.settings.read View all available risk settings, including the risk indicators and corresponding weights.
search.fileevents.read View, search, and export event-level metadata about file and data movement. Includes access to Forensic Search web app and related APIs.
search.saved.read View saved searches that have been created in Forensic Search.
search.saved.write Create, modify, and delete saved searches in Forensic Search.
securitytools.data_read Permission to view data collected by Code42 Security Tools.
securitytools.settings_write Permission to edit settings for Code42 Security Tools.
visualizations.endpointhealth.read View device health information for collection of file events.
visualizations.risksummaries.read View the risk exposure visualizations.

User Modify

Assign this role to help desk personnel who modify user settings in their organization, but who do not modify device or organization settings. This role must be assigned in conjunction with a role that has access to the Code42 console, such as Cross Org Help Desk.

  • Limitations
    • Cannot add or deactivate users.
    • Cannot update organization settings.
  • Scope of permissions
    • The user's organization and its child organizations.
Permissions Description
user.read Permission to view user information.
user.update Permission to update user information.