Administrative Roles

Role-based access control (RBAC) enables you to use preconfigured roles to assign access rights to administrative users. You can manage roles for all Cortex apps and services in the Hub. By assigning roles, you enforce the separation of access among functional or regional areas of your organization.
Each role extends specific privileges to users. The way you configure administrative access depends on the security requirements of your organization. Use roles to assign specific access privileges to administrative user accounts. The built-in roles provide specific access rights that cannot be changed.
The following tables describe the Traps-specific roles and the access privileges associated with each:
Role
Privileges
Hub roles
Assign one of three common Cortex administrative roles to provide full access to your Traps management services instances.
Viewer
Assign this role to users that need read-only access to all areas in Traps management service but do not need to perform deployment or security policy management. Users with this role can view and export data only.
Security Admin
Assign this role to users that must manage security profiles, policies, and events. Users with this role have read-only access to deployment operations (such as managing installation packages).
Privileged Security Admin
Provides the same privileges as the Security Admin role, in addition to Live Terminal and File Retrieval.
IT Admin
Assign this role to users that must perform deployment operations such as managing agent installation packages and uninstalling Traps agents. Users with this role have read-only access to security events, policy, and profile management pages.
Privileged IT Admin
Provides the same privileges as IT Admin, in addition Live Terminal.
Deployment Admin
Assign this role to users that must manage endpoints and installation packages. Users with this role do not have access to sensitive information and cannot view or manage security policy or events.
No Role (default)
Assign this role to users that should no longer have access to any Traps management service pages or functions.
Privilege
Viewer
Security Admin
Privileged Security Admin
IT Admin
Privileged IT Admin
Deployment Admin
No Role
Global
Filter results
check-mark.png
check-mark.png
check-mark.png
check-mark.png
check-mark.png
check-mark.png
Sort results
check-mark.png
check-mark.png
check-mark.png
check-mark.png
check-mark.png
check-mark.png
Column management
check-mark.png
check-mark.png
check-mark.png
check-mark.png
check-mark.png
check-mark.png
Export data
check-mark.png
check-mark.png
check-mark.png
check-mark.png
check-mark.png
check-mark.png
Dashboard
check-mark.png
check-mark.png
check-mark.png
check-mark.png
check-mark.png
check-mark.png
(excludes security events)
Security Events
Details—Change event status
check-mark.png
check-mark.png
Details—Retrieve data
check-mark.png
check-mark.png
Details—Retrieve files
check-mark.png
Details—Create exceptions
check-mark.png
check-mark.png
Details—Terminate processes
check-mark.png
check-mark.png
Quarantine/restore files
check-mark.png
check-mark.png
Initiate live terminal
check-mark.png
check-mark.png
Download WildFire reports
check-mark.png
check-mark.png
check-mark.png
check-mark.png
check-mark.png
Request WildFire verdict change
check-mark.png
check-mark.png
Exceptions—Make comments and manage exceptions
check-mark.png
check-mark.png
Comments
check-mark.png
check-mark.png
History
check-mark.png
check-mark.png
check-mark.png
check-mark.png
check-mark.png
Files
Create exceptions
check-mark.png
check-mark.png
Endpoints
check-mark.png
check-mark.png
check-mark.png
check-mark.png
check-mark.png
Download WildFire reports
check-mark.png
check-mark.png
check-mark.png
check-mark.png
check-mark.png
Request WildFire verdict change
check-mark.png
check-mark.png
Make comments and manage exceptions
check-mark.png
check-mark.png
Restore quarantined files
check-mark.png
check-mark.png
Endpoints
View endpoint details
check-mark.png
check-mark.png
check-mark.png
check-mark.png
check-mark.png
Retrieve data from endpoint
check-mark.png
check-mark.png
check-mark.png
check-mark.png
check-mark.png
Retrieve files from endpoint
check-mark.png
Initiate live terminal
check-mark.png
check-mark.png
Scan for malware
check-mark.png
Upgrade and uninstall
check-mark.png
check-mark.png
check-mark.png
Delete
check-mark.png
check-mark.png
check-mark.png
Manage aliases
check-mark.png
check-mark.png
check-mark.png
Terminate process
check-mark.png
check-mark.png
check-mark.png
View assigned policy
check-mark.png
check-mark.png
check-mark.png
check-mark.png
check-mark.png
check-mark.png
Actions Tracker
View actions status
check-mark.png
check-mark.png
check-mark.png
check-mark.png
check-mark.png
check-mark.png
Retrieve data from endpoint
check-mark.png
check-mark.png
check-mark.png
check-mark.png
check-mark.png
check-mark.png
Endpoint Groups
View and configure endpoint groups
check-mark.png
check-mark.png
check-mark.png
Agent Installations
Manage installation packages
check-mark.png
check-mark.png
check-mark.png
Policy Rules
View and configure policy rules
check-mark.png
check-mark.png
Profiles
View profile details
check-mark.png
check-mark.png
check-mark.png
check-mark.png
check-mark.png
Configure profiles
check-mark.png
check-mark.png
Exceptions
Configure process exceptions
check-mark.png
check-mark.png
Configure hash exceptions
check-mark.png
check-mark.png
Import support exceptions
check-mark.png
check-mark.png
View and configure exception details
check-mark.png
check-mark.png
Logs
View logs
check-mark.png
check-mark.png
check-mark.png
check-mark.png
Export logs
check-mark.png
check-mark.png
check-mark.png
check-mark.png
Permissions
Role management
Reports
View reports
check-mark.png
check-mark.png
check-mark.png
Schedule/create reports
check-mark.png
check-mark.png

Related Documentation