Overview
In Code42, roles are made up of permissions. To use Incydr features, your assigned roles give you permissions to use those features. This article lists the permissions needed to use Incydr features, and the roles that contain those permissions.
For guidance on assigning roles for Incydr, see Roles for Incydr. For complete information on all roles, see Roles reference.
Considerations
- Assign roles with the necessary permissions so that users have the least level of privilege needed to perform their jobs. After assigning roles, test to confirm that users can perform their required tasks and can access the data they need.
- The Customer Cloud Admin role should only be assigned to the "super user" administrator who has all possible rights in Code42. Assign the Insider Risk Admin role instead to provide administrator rights for Incydr.
- Incydr Basic, Advanced, and Gov F1 only: If you have assigned the Security Center User role to administrators or analysts who use Incydr, assign them either the Insider Risk Admin or Insider Risk Analyst role instead, depending on their responsibilities. These roles are designed specifically for users of Incydr and only contain permissions for use with Incydr product plans. The Security Center User role not only contains permissions for users of Incydr, but also for users of the retired Code42 Gold product plan (the securitytools.data_read and securitytools.settings_write permissions).
- The Departing Employee risk indicator is visible to users that have access to view risk indicators, even if they do not have the detectionlists.departingemployee.read permission.
Permissions needed to use Incydr
The following table shows the permissions needed to use Incydr features, and the roles that have those permissions. To learn how to assign the roles, see Roles for Incydr.
|
Insider Risk Admin | Insider Risk Analyst | Insider Risk Read Only | Insider Risk Respond | Security Administrator | Departing Employee Manager | High Risk Employee Manager | Security Center - Restore | |
---|---|---|---|---|---|---|---|---|---|
Actions |
Use the Actions menu to respond to insider risks |
x | |||||||
Alerts |
View alert notifications |
x |
x |
x |
|||||
Modify alert notifications |
x | x | |||||||
View alert rules |
x | x | x | ||||||
Modify alert rules |
x | x | |||||||
Cases |
View cases |
x | x | x | |||||
Modify cases |
x | x | |||||||
Dashboards |
View the endpoint dashboard |
x | x | x | |||||
View the Action Items, Exfiltration, and Trends dashboards |
x | x | x | ||||||
Data connections |
View data connections information |
x | x | x | x | ||||
Modify data connections settings |
x | ||||||||
View a cloud storage file in file event details |
x | ||||||||
View a cloud storage file's sharing permissions in file event details |
x | x | x | ||||||
Revoke a cloud storage file's sharing permissions in file event details |
x | x | |||||||
Data preferences |
View data preferences |
x | x | x | |||||
Modify data preferences |
x | x | |||||||
Forensic Search |
Download files from the filename shown in the file event details |
x | |||||||
Search file event data |
x | x | x | ||||||
View saved searches |
x | x | x | ||||||
Modify saved searches |
x | x | |||||||
Instructor |
View and send lessons for Instructor |
x | x | x | x | ||||
Modify Instructor lesson configuration |
x | x | |||||||
Incydr Flows |
View list of licensed Incydr Flows and their current status |
x | x | x | x | ||||
Modify settings of Incydr Flows |
x | ||||||||
Message services |
View message services configuration |
x | x | x | |||||
Modify message services configuration |
x | ||||||||
Risk settings |
View risk settings |
x | x | x | |||||
Modify risk settings |
x | x | |||||||
User profiles |
View user profiles |
x | x | x | |||||
Modify user profiles |
x | x | |||||||
View user profile notes |
x | x | x | ||||||
Modify user profile notes |
x | x | |||||||
Watchlists |
View the Departing watchlist |
x | x | x | |||||
Modify the Departing watchlist |
x | x | |||||||
View Departing watchlist alert settings |
x | x | x | ||||||
Modify Departing watchlist alert settings |
x | x | |||||||
View other watchlists |
x | x | x | ||||||
Modify other watchlists |
x | x | |||||||
View other watchlists' alert settings |
x | x | x | ||||||
Modify other watchlists' alert settings |
x | x |
Why can't I see some features in the Code42 console?
In our support articles we present all the product features. However, depending on the roles you are assigned, or the product plan your organization has, you may not see every feature in your Code42 console.
Role assignments
Sometimes you cannot see features because of the roles you are assigned. Roles are comprised of permissions that give you access rights. Among other things, these permissions give you rights to view elements of the user interface.
For example, if you have been assigned the Insider Risk Admin role, not only do you have the cases.content.read permission that allows you to view cases, you also have the cases.content.write permission that lets you create cases. Therefore, you can see the Create case button:
However, if you have been assigned the Insider Risk Read Only role, you do not have the cases.content.write permission. As a result, you do not see the Create case button:
See the following articles for more information:
- For a complete list of all the roles and their permissions, see the Roles reference.
- To find out the roles you are assigned, go to My Profile described in My Profile reference.