Understand and Assign Roles

  • Updated on Sep 24, 2025
  • 3 minute(s) read
Prev Next

Control what your users can see and do in the Red Canary platform by assigning them specific roles. Each role is a collection of permissions that grants access to different functions. You must be an Admin user to be able to assign or remove roles.

Assign User Roles

  1. Click the user icon at the top right of your Red Canary portal, then click Users & Roles.

  2. Search for a user. If you need to add a new user, enter their email address in the top bar and click Invite.

  3. Assign roles to the user by toggling a role name. Untoggle the role to remove it from the user.

    Note: Each account (subdomain) must have an assigned technical contact and business contact. To remove those roles from a user, assign those roles to another user and the role will be transferred.

Understand User Role Permissions

The table below lists user roles available in the Red Canary platform, including the specific permissions each role provides. Regardless of their role, all users have the ability to:

  • Log in to Red Canary

  • Edit their own user profile

  • Download sensor installers

  • Securely share files with their Red Canary team

Role Name

Description

Permissions

Admin

An administrative role for system or IT administrators responsible for platform setup and configuration. This role does not grant the ability to perform all actions.

Users with this role can:

  • Manage security settings, including users, roles, single sign-on, etc.

  • Can enable and disable multi-factor authentication for users

  • Manage endpoints (view, decommission, reinstate, etc.)

  • Manage pre-configured and on-demand automation triggers and playbooks

  • View audit logs

  • View the Status Checks page

  • Add and modify third-party integrations

  • View Investigations

Analyst

Designed for security operations users who review Red Canary events, threats, and reports.

Users with this role can:

  • View threats details

  • View Reports, Insights, and Activity Monitors

  • View endpoints (but not decommission them)

  • Mark threats as Acknowledged, Remediated, or Not Remediated

  • View Investigations

Analyst Viewer

A read-only version of the Analyst role.

Users with this role can:

  • View threat details (but not mark them)

  • View Reports, Insights, and Activity Monitors

  • View endpoints (but not decommission them)

Applications Manager

Grants users the ability to manage the Applications page without full Admin permissions.

Users with this role can:

  • View and edit applications

Business Contact

The designated business point of contact for the Red Canary account.

Each account must have an assigned business contact. If you remove this role from one user, you must assign it to another.

Users with this role can:

  • Request changes to license coverage

  • View external alert sources

  • Accept terms and conditions

EDR User

Grants unprivileged access to an Endpoint Detection & Response (EDR) or Endpoint Protection Platform (EPP).

Users with this role can:

  • Unprivileged access to EDR or EPP platforms

Readiness Manager

Grants users access to Readiness Exercises features within their account, provided they are an active Readiness Exercises customer.

Users with this role can:

  • View the Readiness Home, Exercises, Actions, Scenarios, and Skills pages

  • Setup, exercise, and retrospect scenarios

  • Create and manage Actions

  • Access and manage Recommendations

  • Export completed Exercise Reports and Certificates of Attendance

Readiness User

Grants users access to Readiness Exercises features within their account, provided they are an active Readiness Exercises customer.

Users with this role can:

  • View the Readiness Home, Exercises, Actions, Scenarios, and Skills pages

  • Exercise and retrospect scenarios

  • Create and manage Actions

  • Access and manage Recommendations

  • Export Exercise Reports and Certificates of Attendance

Responder

Grants users the ability to respond to threats by isolating endpoints and executing response actions on those systems.

Users with this role can:

  • View threat details

  • Use endpoint isolation

  • Manage pre-configured and on-demand automation triggers and playbooks

  • Have privileged access to the EDR platform

  • Manage endpoints (view, decommission, reinstate, etc.)

  • View Investigations

Supporting Partner

Designed for users who are not part of your organization but work with Red Canary to achieve your security outcomes.

Users with this role can:

  • Have all permissions of the Admin, Analyst, and Responder roles

Technical Contact

The designated technical point of contact for the Red Canary account.

Each account must have an assigned technical contact. If you remove this role from one user, you must assign it to another.

  • Manage system settings

  • Manage pre-configured and on-demand automation triggers and playbooks

  • Have privileged access to any EDR/EPP platforms

  • Administer external alert sources

  • Add and modify third-party integrations

Workflow User

Designed for users who receive, review, and update the remediation status of threats.

  • View threat details

  • Mark threats as Acknowledged, Remediated, or Not Remediated

  • View Investigations