Understand and Assign Roles

Admin

An administrative role for system or IT administrators responsible for platform setup and configuration. This role does not grant the ability to perform all actions.

Users with this role can:

• Manage security settings, including users, roles, single sign-on, etc.

• Can enable and disable multi-factor authentication for users

• Manage endpoints (view, decommission, reinstate, etc.)

• Manage pre-configured and on-demand automation triggers and playbooks

• View audit logs

• View the Status Checks page

• Add and modify third-party integrations

Analyst

Designed for security operations users who review Red Canary events, threats, and reports.

Users with this role can:

• View threats details

• View Reports, Insights, and Activity Monitors

• View endpoints (but not decommission them)

• Mark threats as Acknowledged, Remediated, or Not Remediated

Analyst Viewer

A read-only version of the Analyst role.

Users with this role can:

• View threat details (but not mark them)

• View Reports, Insights, and Activity Monitors

• View endpoints (but not decommission them)

Applications Manager

Grants users the ability to manage the Applications page without full Admin permissions.

Users with this role can:

• View and edit applications

Business Contact

The designated business point of contact for the Red Canary account.

Each account must have an assigned business contact. If you remove this role from one user, you must assign it to another.

Users with this role can:

• Request changes to license coverage

• View external alert sources

• Accept terms and conditions

EDR User

Grants unprivileged access to an Endpoint Detection & Response (EDR) or Endpoint Protection Platform (EPP).

Users with this role can:

• Unprivileged access to EDR or EPP platforms

Readiness Manager

Grants users access to Readiness Exercises features within their account, provided they are an active Readiness Exercises customer.

Users with this role can:

• View the Readiness Home, Exercises, Actions, Scenarios, and Skills pages

• Setup, exercise, and retrospect scenarios

• Create and manage Actions

• Access and manage Recommendations

• Export completed Exercise Reports and Certificates of Attendance

Readiness User

Grants users access to Readiness Exercises features within their account, provided they are an active Readiness Exercises customer.

Users with this role can:

• View the Readiness Home, Exercises, Actions, Scenarios, and Skills pages

• Exercise and retrospect scenarios

• Create and manage Actions

• Access and manage Recommendations

• Export Exercise Reports and Certificates of Attendance

Responder

Grants users the ability to respond to threats by isolating endpoints and executing response actions on those systems.

Users with this role can:

• View threat details

• Use endpoint isolation

• Manage pre-configured and on-demand automation triggers and playbooks

• Have privileged access to the EDR platform

• Manage endpoints (view, decommission, reinstate, etc.)

Supporting Partner

Designed for users who are not part of your organization but work with Red Canary to achieve your security outcomes.

Users with this role can:

• Have all permissions of the Admin, Analyst, and Responder roles

Technical Contact

The designated technical point of contact for the Red Canary account.

Each account must have an assigned technical contact. If you remove this role from one user, you must assign it to another.

• Manage system settings

• Manage pre-configured and on-demand automation triggers and playbooks

• Have privileged access to any EDR/EPP platforms

• Administer external alert sources

• Add and modify third-party integrations

Workflow User

Designed for users who receive, review, and update the remediation status of threats.

• View threat details

• Mark threats as Acknowledged, Remediated, or Not Remediated