Understand and Assign Roles
    • 09 Oct 2024
    • 3 Minutes to read
    • PDF

    Understand and Assign Roles

    • PDF

    Article summary

    Roles grant users access to features and functionality in Red Canary. A user can have one or more roles on a subdomain/account.

    Assign and remove roles for users

    You can assign a role to a user to grant them the abilities of that role.

    Assign a role user

    1. Click your user icon at the top right of your Red Canary, and then click Users & Roles.

    2. Assign one or more roles to the user by checking the boxes next to each role.

    Remove a role user

    1. Click your user icon at the top right of your Red Canary, and then click Users & Roles.

    2. Remove a role from the user by unchecking the boxes next to each role.

    Note: Each account must have an assigned technical contact and business contact. To remove those roles from a user, assign those roles to another user and the role will be transferred.

    Permissions

    All users have the ability to:

    • Log in to Red Canary

    • Edit their own user profile

    • Download sensor installers

    • Securely share files with their Red Canary team

    EDR User

    For organizations with an Endpoint Detection & Response (EDR) or Endpoint Protection Platform (EPP) platform for which Red Canary can manage user accounts and Single Sign-on (SSO), the EDR user role grants users unprivileged access to that EDR/EPP platform.

    Readiness User

    The Readiness User role grants users access to Readiness Exercises features within their subdomain, provided they are an active Readiness Exercises customer.

    • View the Readiness Home, Exercises, Actions, Scenarios, and Skills pages

    • Exercise and retrospect scenarios

    • Create and manage Actions

    • Access and manage Recommendations

    • Export Exercise Reports and Certificates of Attendance

    Readiness Manager

    The Readiness Manager role grants users access to Readiness Exercises features within their subdomain, provided they are an active Readiness Exercises customer.

    • View the Readiness Home, Exercises, Actions, Scenarios, and Skills pages

    • Setup, exercise, and retrospect scenarios

    • Create and manage Actions

    • Access and manage Recommendations

    • Export completed Exercise Reports and Certificates of Attendance

    Responder

    The Responder role grants users the ability to respond to threats by isolating endpoints and executing response actions on those systems. 

    • View threat details

    • Use endpoint isolation 

    • Manage pre-configured and on-demand automation triggers and playbooks

    • Have privileged access to the EDR platform

    Workflow User

    The Workflow User role is designed for users who will receive, review, and update the remediate state of threats. 

    • View threat details

    • Mark threats as Acknowledged, Remediated, or Not Remediated

    Analyst

    The Analyst role is designed for security operations users who will be reviewing Red Canary events, threats, and reports.

    • View threats details

    • View Reports, Insights, and Activity Monitors

    • View endpoints (but not decommission them)

    • Mark threats as Acknowledged, Remediated, or Not Remediated

    Analyst Viewer

    The Analyst Viewer role is a read-only version of the Analyst role.

    • View threat details (but not mark them)

    • View Reports, Insights, and Activity Monitors

    • View endpoints (but not decommission them)

    Applications Manager

    The Applications Manager role grants users, without Admin permissions, the ability to view and edit the Applications page.

    • Manage applications

    Admin

    The Admin role is an administrative role designed for system or IT administrators who set up and configure the platform and integrations. This role is not the type of administrator role that grants the ability to perform all actions.

    • Manage security settings, including users, roles, single sign-on, etc.

    • Can enable and disable multi-factor authentication for users

    • Manage endpoints (view, decommission, reinstate, etc.) 

    • Manage pre-configured and on-demand automation triggers and playbooks

    • View audit logs

    • View the Status Checks page

    • Add and modify third-party integrations

    Technical Contact

    Each account’s single Technical Contact is the technical point of contact for Red Canary. 

    • Manage system settings

    • Manage pre-configured and on-demand automation triggers and playbooks

    • Have privileged access to any EDR/EPP platforms

    • Administer external alert sources

    • Add and modify third-party integrations

    Business Contact

    Each account’s single Business Contact is the business point of contact for Red Canary.

    • Request changes to license coverage

    • View external alert sources

    • Accept terms and conditions

    Supporting Partner

    This composite role is equivalent to the Admin, Analyst, and Responder roles and is intended for users who are not part of your organization but work with Red Canary to achieve your security outcomes.

     


    Was this article helpful?