Understand and Assign Roles
    • 23 Jun 2025
    • 3 Minutes to read
    • PDF

    Understand and Assign Roles

    • PDF

    Article summary

    Control what your users can see and do in the Red Canary platform by assigning them specific roles. Each role is a collection of permissions that grants access to different functions. You must be an Admin user to be able to assign or remove roles.

    Assign User Roles

    1. Click your user icon at the top right of your Red Canary, then click Users & Roles.

    2. Search for a user. If you need to add a new user, enter their email address in the top bar and click Invite.

    3. Assign a role(s) to the user by toggling a role name. Untoggle the role to remove it from the user.

      Note: Each account (subdomain) must have an assigned technical contact and business contact. To remove those roles from a user, assign those roles to another user and the role will be transferred.

    Understand User Role Permissions

    The table below lists user roles available in the Red Canary platform, including the specific permissions each role provides. Regardless of their role, all users have the ability to:

    • Log in to Red Canary

    • Edit their own user profile

    • Download sensor installers

    • Securely share files with their Red Canary team

    Role Name

    Description

    Permissions

    Admin

    An administrative role for system or IT administrators responsible for platform setup and configuration. This role does not grant the ability to perform all actions.

    Users with this role can:

    • Manage security settings, including users, roles, single sign-on, etc.

    • Can enable and disable multi-factor authentication for users

    • Manage endpoints (view, decommission, reinstate, etc.)

    • Manage pre-configured and on-demand automation triggers and playbooks

    • View audit logs

    • View the Status Checks page

    • Add and modify third-party integrations

    Analyst

    Designed for security operations users who review Red Canary events, threats, and reports.

    Users with this role can:

    • View threats details

    • View Reports, Insights, and Activity Monitors

    • View endpoints (but not decommission them)

    • Mark threats as Acknowledged, Remediated, or Not Remediated

    Analyst Viewer

    A read-only version of the Analyst role.

    Users with this role can:

    • View threat details (but not mark them)

    • View Reports, Insights, and Activity Monitors

    • View endpoints (but not decommission them)

    Applications Manager

    Grants users the ability to manage the Applications page without full Admin permissions.

    Users with this role can:

    • View and edit applications

    Business Contact

    The designated business point of contact for the Red Canary account.

    Each account must have an assigned business contact. If you remove this role from one user, you must assign it to another.

    Users with this role can:

    • Request changes to license coverage

    • View external alert sources

    • Accept terms and conditions

    EDR User

    Grants unprivileged access to an Endpoint Detection & Response (EDR) or Endpoint Protection Platform (EPP).

    Users with this role can:

    • Unprivileged access to EDR or EPP platforms

    Readiness Manager

    Grants users access to Readiness Exercises features within their account, provided they are an active Readiness Exercises customer.

    Users with this role can:

    • View the Readiness Home, Exercises, Actions, Scenarios, and Skills pages

    • Setup, exercise, and retrospect scenarios

    • Create and manage Actions

    • Access and manage Recommendations

    • Export completed Exercise Reports and Certificates of Attendance

    Readiness User

    Grants users access to Readiness Exercises features within their account, provided they are an active Readiness Exercises customer.

    Users with this role can:

    • View the Readiness Home, Exercises, Actions, Scenarios, and Skills pages

    • Exercise and retrospect scenarios

    • Create and manage Actions

    • Access and manage Recommendations

    • Export Exercise Reports and Certificates of Attendance

    Responder

    Grants users the ability to respond to threats by isolating endpoints and executing response actions on those systems.

    Users with this role can:

    • View threat details

    • Use endpoint isolation

    • Manage pre-configured and on-demand automation triggers and playbooks

    • Have privileged access to the EDR platform

    • Manage endpoints (view, decommission, reinstate, etc.)

    Supporting Partner

    Designed for users who are not part of your organization but work with Red Canary to achieve your security outcomes.

    Users with this role can:

    • Have all permissions of the Admin, Analyst, and Responder roles

    Technical Contact

    The designated technical point of contact for the Red Canary account.

    Each account must have an assigned technical contact. If you remove this role from one user, you must assign it to another.

    • Manage system settings

    • Manage pre-configured and on-demand automation triggers and playbooks

    • Have privileged access to any EDR/EPP platforms

    • Administer external alert sources

    • Add and modify third-party integrations

    Workflow User

    Designed for users who receive, review, and update the remediation status of threats.

    • View threat details

    • Mark threats as Acknowledged, Remediated, or Not Remediated


    Was this article helpful?

    Changing your password will log you out immediately. Use the new password to log back in.
    First name must have atleast 2 characters. Numbers and special characters are not allowed.
    Last name must have atleast 1 characters. Numbers and special characters are not allowed.
    Enter a valid email
    Enter a valid password
    Your profile has been successfully updated.