Login
      Contents x
      Understand and Assign Roles
      • 09 Oct 2024
      • 3 Minutes to read
      • PDF
      Contents

      Understand and Assign Roles

      • Updated on 09 Oct 2024
      • 3 Minutes to read
      • PDF
      Article summary

      Roles grant users access to features and functionality in Red Canary. A user can have one or more roles on a subdomain/account.

      Assign and remove roles for users

      You can assign a role to a user to grant them the abilities of that role.

      Assign a role user

      1. Click your user icon at the top right of your Red Canary, and then click Users & Roles.

      2. Assign one or more roles to the user by checking the boxes next to each role.

      Remove a role user

      1. Click your user icon at the top right of your Red Canary, and then click Users & Roles.

      2. Remove a role from the user by unchecking the boxes next to each role.

      Note: Each account must have an assigned technical contact and business contact. To remove those roles from a user, assign those roles to another user and the role will be transferred.

      Permissions

      All users have the ability to:

      • Log in to Red Canary

      • Edit their own user profile

      • Download sensor installers

      • Securely share files with their Red Canary team

      EDR User

      For organizations with an Endpoint Detection & Response (EDR) or Endpoint Protection Platform (EPP) platform for which Red Canary can manage user accounts and Single Sign-on (SSO), the EDR user role grants users unprivileged access to that EDR/EPP platform.

      Readiness User

      The Readiness User role grants users access to Readiness Exercises features within their subdomain, provided they are an active Readiness Exercises customer.

      • View the Readiness Home, Exercises, Actions, Scenarios, and Skills pages

      • Exercise and retrospect scenarios

      • Create and manage Actions

      • Access and manage Recommendations

      • Export Exercise Reports and Certificates of Attendance

      Readiness Manager

      The Readiness Manager role grants users access to Readiness Exercises features within their subdomain, provided they are an active Readiness Exercises customer.

      • View the Readiness Home, Exercises, Actions, Scenarios, and Skills pages

      • Setup, exercise, and retrospect scenarios

      • Create and manage Actions

      • Access and manage Recommendations

      • Export completed Exercise Reports and Certificates of Attendance

      Responder

      The Responder role grants users the ability to respond to threats by isolating endpoints and executing response actions on those systems. 

      • View threat details

      • Use endpoint isolation 

      • Manage pre-configured and on-demand automation triggers and playbooks

      • Have privileged access to the EDR platform

      Workflow User

      The Workflow User role is designed for users who will receive, review, and update the remediate state of threats. 

      • View threat details

      • Mark threats as Acknowledged, Remediated, or Not Remediated

      Analyst

      The Analyst role is designed for security operations users who will be reviewing Red Canary events, threats, and reports.

      • View threats details

      • View Reports, Insights, and Activity Monitors

      • View endpoints (but not decommission them)

      • Mark threats as Acknowledged, Remediated, or Not Remediated

      Analyst Viewer

      The Analyst Viewer role is a read-only version of the Analyst role.

      • View threat details (but not mark them)

      • View Reports, Insights, and Activity Monitors

      • View endpoints (but not decommission them)

      Applications Manager

      The Applications Manager role grants users, without Admin permissions, the ability to view and edit the Applications page.

      • Manage applications

      Admin

      The Admin role is an administrative role designed for system or IT administrators who set up and configure the platform and integrations. This role is not the type of administrator role that grants the ability to perform all actions.

      • Manage security settings, including users, roles, single sign-on, etc.

      • Can enable and disable multi-factor authentication for users

      • Manage endpoints (view, decommission, reinstate, etc.) 

      • Manage pre-configured and on-demand automation triggers and playbooks

      • View audit logs

      • View the Status Checks page

      • Add and modify third-party integrations

      Technical Contact

      Each account’s single Technical Contact is the technical point of contact for Red Canary. 

      • Manage system settings

      • Manage pre-configured and on-demand automation triggers and playbooks

      • Have privileged access to any EDR/EPP platforms

      • Administer external alert sources

      • Add and modify third-party integrations

      Business Contact

      Each account’s single Business Contact is the business point of contact for Red Canary.

      • Request changes to license coverage

      • View external alert sources

      • Accept terms and conditions

      Supporting Partner

      This composite role is equivalent to the Admin, Analyst, and Responder roles and is intended for users who are not part of your organization but work with Red Canary to achieve your security outcomes.

       

      Was this article helpful?
      What's Next
      PRODUCTS
      USE RED CANARY
      SUPPORT
      Change password!
      Changing your password will log you out immediately. Use the new password to log back in.
      Change profile
      Success!
      First name must have atleast 2 characters. Numbers and special characters are not allowed.
      Last name must have atleast 1 characters. Numbers and special characters are not allowed.
      Enter a valid email
      Enter a valid password
      Your profile has been successfully updated.
      Logout