Role assignment use cases

Overview

Roles give users the authorization they need to do their work in Code42. This article describes common use cases for role assignments.

For more information on role assignment, see these additional articles:

Considerations

  • Assign roles so that users have the lowest level of privilege needed to perform their jobs.
  • After assigning roles, test to confirm that users can perform their required tasks and access the data they need.
  • If you need to manage an application that integrates with Code42 (see use case 3), create a user in your Code42 environment who is exclusively used to configure and use the integration because users set up this way do not consume a license.
  • If any of your users are assigned the Security Center User role, assign them either the Insider Risk Admin or Insider Risk Analyst role instead, depending on their responsibilities. The Security Center User role only applied to the retired Code42 Gold product plan.
  • Assign the Customer Cloud Admin role only to those users who you want to have all possible rights. 
    Assign the Customer Cloud Admin role with care
    Don't assign this role to anyone except for the individuals you want to have complete control of your Code42 environment. When possible, rather than assigning the Customer Cloud Admin role, assign roles with the lowest level of privilege necessary for users to do their jobs.

Use cases

Use case 1: Add users to watchlists

Scenario

You need to assign roles to an individual who will add users to and remove users from watchlists.

You also want this individual to investigate suspicious file activity in Forensic Search via the Forensic Search icon Saved search magnifying glass icon in the watchlists. To perform these tasks, this individual needs to have roles that permit them to manage users in the watchlists as well as view security data. However, you do not want the individual to have rights to perform administrative actions such as deactivate users or devices.

Assign these roles:

Add users to watchlists with an integration
If you want to use an application integration with the sole purpose of adding and removing users in watchlists, assign the user running the application the Departing Employee Manager or High Risk Employee Manager role, or use an API client with API permissions to Detection Lists. 

Use case 2: Investigate suspicious file activity

Scenario

You need to assign roles to an individual who will investigate suspicious file activity.

You want this individual to be able to view security data in dashboards and alerts so they can identify users to investigate. You also want them to be able to create alert rules, perform investigations and download files with Forensic Search, and create cases. However, you do not want them to manage users in watchlists, since their job is to investigate incidents, not manage users. Their privileges should be restricted solely to investigation.

Assign these roles:

  • Insider Risk Analyst: Provides access to all Incydr features except watchlists. 
  • Security Center - Restore: Allows the user to download files found via Forensic Search to their machine.
    This includes files the user may not normally have access to.

Use case 3: Manage a security application integrated with Code42 

Scenario

You have a security incident response application integrated with Code42 (such as Cortex XSOARIBM ResilientSplunk Phantom, or another such application integrated with Code42 using the Code42 API). You need to assign roles to a Code42 user account used by this application so that it has the permissions needed to automatically respond to security incidents. 

You want the integrated application be able to add users to and remove users from watchlists. You want the integrated application to be able to use Forensic Search to automatically investigate suspicious file activity. You also want the integration to have the ability to block and deactivate users or devices as needed as part of a security incident response. 

Assign this role:

Additional roles:

Assign additional roles depending on the needs of your integrated application:

API clients

If you use the following integrations, as a user with the Insider Risk Admin role create an API client solely to be used by the integration:

Use case 4: Administer a Code42 organization

Scenario

You need to assign roles to a user who will manage an individual organization in the Code42 environment.

You want the individual to be able to perform all needed administrative tasks in the organization, such as add users, deactivate users and devices, move users to different organizations, and create child organizations. This individual will not perform any security investigations. Their duties will be solely to manage Code42 users, devices, and settings in their organization.

Assign this role:

  • Org Admin: Allows the user to perform administrative actions in their organization.

Additional roles:

Following are additional roles you can assign that restrict access to only the user's own organization:

Use case 5: Perform end user help desk support

Backup agent only

Scenario

You need to assign roles to an individual who will perform support-related tasks (such as restore files and change settings) for users of the Code42 agent in multiple organizations.

You do not want this individual to be able to perform any administrative actions such as add users, deactivate users and devices, move users to different organizations, or create organizations. Their privileges are limited to helping end users.

Assign these roles:

  • Cross Org Help Desk: Allows the individual to restore files and change settings for users of the Code42 agent.
  • User Modify: Allows the individual to view and update user information.

Use case 6: Create legal holds

Backup agent only

Scenario

You need to assign roles to an individual who will configure legal holds for multiple organizations in the Code42 environment.

You want the individual to be able to perform all the administrative tasks needed for legal holds, such as create matters, create preservation policies, add custodians to legal holds, and perform restores of files under legal hold. But you do not want this individual to be able to perform any administrative actions such as add users, deactivate users and devices, move users to different organizations, or create organizations. Their privileges are limited to legal hold tasks.

Assign this role: