Administrative Roles

This section describes Cortex XDR administrative roles.
Role-based access control (RBAC) enables you to use pre-configured roles to assign access rights to administrative users. You can manage roles for all Cortex apps and services in the Cortex hub. By assigning roles, you enforce the separation of access among functional or regional areas of your organization.
Each role extends specific privileges to users. The way you configure administrative access depends on the security requirements of your organization. Use roles to assign specific access privileges to administrative user accounts. The built-in roles provide specific access rights that cannot be changed.
The specific roles that you can assign for Cortex XDR users are as follows:
Role
Privileges
Hub roles
Assign one of three common hub administrative roles to provide full access to your Cortex XDR instances. Access to and management of Analytics features also requires an administrative role assigned to Cortex XDR - Analytics.
Investigation
Access to the alerts, incidents, and investigation tabs. The user can view alerts and incidents, run and schedule queries, but cannot view rules.
Investigation and Response
Access to the Alerts, Incidents, Investigation and Response tabs. The Rules tab is not visible or accessible.
Investigation and Rules View
Access to the Alerts, Incidents, and Investigation tabs, with additional read-only access to rules.
Investigation, Rules View and Response
Access to the Alerts, Incidents, Investigation and Response tabs and read-only access to Rules.
Investigation, Rules and Response
Access to all features except the app configuration pages and audit logs.

Related Documentation