Skip to main content
All CollectionsSentinelOne & GuardzManaged SentinelOne (Ultimate Plan)
SentinelOne Console User Management And Role Permissions
SentinelOne Console User Management And Role Permissions
Updated this week

Create And Manage Console User

SentinelOne Console User Management is under Security Controls.

With this feature, Admin users can now easily:
Add new console users
Remove existing users
Reset user passwords
Regenerate passwords for new accounts

Once access is granted, the user will receive an email invitation to log in and set their password.
Please note - the invitation link is valid for 72 hours.

Console User Role Permissions

The following permissions are defined by default for all console users created from the Guardz platform for SentinelOne console access.

Page

Permission

Description

Included

Endpoints Permissions

View

See endpoints in the Sentinels window

Yes

Endpoints Permissions

View Threats

See all threats on selected endpoints

Yes

Endpoints Permissions

Update Software

Upgrade Agents to a newer version

Yes

Endpoints Permissions

Unprotect

Remove Anti-Tampering protection from Agents

Yes

Endpoints Permissions

Uninstall

Uninstall the Agent from endpoints

Yes

Endpoints Permissions

Shut Down

Shut down endpoints

Yes

Endpoints Permissions

Show Passphrase

See the passphrase of an Agent required to run some Agent features from the CLI

Yes

Endpoints Permissions

Show Applications

See all applications installed on endpoints

Yes

Endpoints Permissions

Set Customer Identifier

Add a Customer Identifier string to identify endpoints

Yes

Endpoints Permissions

Send Message

Send messages to users through the Management Console

Yes

Endpoints Permissions

Search On Deep Visibility

Pivot on an endpoint to search for it in Event Search

Yes

Endpoints Permissions

Revoke Token

Revoke the token that an Agent uses to communicate with the Management

No

Endpoints Permissions

Restart Services

Restart Agent services on endpoints

Yes

Endpoints Permissions

Reset Local Configuration

Revert the local configuration of an endpoint to its defaults

Yes

Endpoints Permissions

Remote Shell

Run Remote Shell on endpoints

Yes

Endpoints Permissions

Remote Profiling

Collect Agent operational data for advanced diagnostics

Yes

Endpoints Permissions

Reload

Reload the Agent

Yes

Endpoints Permissions

Reject Uninstall

Reject requests to uninstall an Agent

No

Endpoints Permissions

Reconnect To Network

Undo the Disconnect from Network action

Yes

Endpoints Permissions

Reboot

Reboot the endpoint

Yes

Endpoints Permissions

Randomize Uuid

Reset the Agent UUID to handle duplicates

No

Endpoints Permissions

Purge Research Data

Clean logs from your Management after Research experts resolve an issue

No

Endpoints Permissions

Purge Db

Delete SST files from C\ProgramData\Sentinel\data\prdb\ to free disk space

No

Endpoints Permissions

Purge Crash Dumps

Clean logs from your Management after Support resolves an issue that required a crash dump

No

Endpoints Permissions

Protect

Turn on Anti-Tampering

Yes

Endpoints Permissions

Move To Another Site

Move Agents from one Site to a different Site

Yes

Endpoints Permissions

Migrate Agent

Move the Agent to a different Management Console

Yes

Endpoints Permissions

Mark As Up To Date

Mark this endpoint Up To Date if the Agent version is the latest but the endpoint is shown as Out of date

Yes

Endpoints Permissions

Manage Endpoint Tags

Add remove edit and override endpoint tags on endpoints

Yes

Endpoints Permissions

Initiate Scan

Run Full Disk Scan

Yes

Endpoints Permissions

Flush Events Queue

Delete all notifications waiting to be sent

No

Endpoints Permissions

File Fetch

Download threat files and Agent logs

Yes

Endpoints Permissions

Events Throttling

Stop Agents from sending events to the Management for a specific time

No

Endpoints Permissions

Enable Ranger

Enable an Agent to be selected as an active scanner for Ranger

Yes

Endpoints Permissions

Enable Agent Content Update

Accept automatic live security updates to SentinelOne Agents

Yes

Endpoints Permissions

Enable Agent

Enable a Disabled Agent

Yes

Endpoints Permissions

Edit

Run Agent actions that change the configuration of an endpoint or Agent

Yes

Endpoints Permissions

Disconnect From Network

Break communication between the endpoint and other network components

Yes

Endpoints Permissions

Disable Ranger

Stop an Agent from being an active scanner for Ranger

Yes

Endpoints Permissions

Disable Agent

Identify interoperability issues related to the Agent

Yes

Endpoints Permissions

Decommission

Remove the endpoint from the Console

Yes

Endpoints Permissions

Control Research Data

Control if Agents upload verbose detection data to your instance in the Cloud

Yes

Endpoints Permissions

Control Crash Dumps

Control if Agents upload verbose detection data to your instance in the Cloud

Yes

Endpoints Permissions

Configure Firewall Logging

Set if Firewall blocked traffic events are logged

Yes

Endpoints Permissions

Configuration

Edit the JSON configuration of an Agent

No

Endpoints Permissions

Clear Remote Shell Session

Manually force a Remote Shell session to close

Yes

Endpoints Permissions

Cancel Upgrade

Stop an upgrade action

No

Endpoints Permissions

Cancel Agent Content Updates

Stop automatic live security updates to SentinelOne Agents

No

Endpoints Permissions

Approve Uninstall

Approve a request to uninstall an Agent from an endpoint

Yes

Endpoints Permissions

Abort Scan

Stop a Full Disk Scan

Yes

Endpoints Permissions

Fetch Logs

Download logs of Agent operations to send to Support

Yes

Endpoints Permissions

Download Remote Shell Transcript

Download Remote Shell transcript results from the Activity Log

Yes

Endpoints Permissions

Enable Live Update

Accept automatic live security updates to SentinelOne Agents

Yes

Endpoints Permissions

Account Uninstall Password View Uninstall Password

See the password to bulk uninstall all Windows and Linux Agents of an Account

Yes

Endpoints Permissions

Account Uninstall Password Modify Uninstall Password

Change the password to bulk uninstall all Windows Agents of an Account

Yes

Endpoint Threats Permissions

View

See all threats and their details

Yes

Endpoint Threats Permissions

Xdr Actions

Run XDR actions from Marketplace Apps

No

Endpoint Threats Permissions

Update Incident Status

Change the Incident Status of threats

Yes

Endpoint Threats Permissions

Update External Ticket Id

Change the External Ticket Id of a threat

Yes

Endpoint Threats Permissions

Update Analyst Verdict

Change the Analyst Verdict of threats

Yes

Endpoint Threats Permissions

Unquarantine

Run the Unquarantine action on threats

Yes

Endpoint Threats Permissions

Mark Threat

Mark benign activity as a threat from Deep Visibility or Skylight

Yes

Endpoint Threats Permissions

Mark Suspicious

Mark benign activity as suspicious from Deep Visibility or Skylight

Yes

Endpoint Threats Permissions

Fetch Threat File

Download the file or files that are the root of a threat

Yes

Endpoint Threats Permissions

Create Slim Threat

Create a threat alert from minimal data of a file or process that was not detected as malicious

Yes

Endpoint Threats Permissions

Threat Actions Rollback

Run the Rollback mitigation action on threats

Yes

Endpoint Threats Permissions

Threat Actions Restore Macro

Restore removed macros to Office files

Yes

Endpoint Threats Permissions

Threat Actions Remove Macro

Remove malicious macros from Office files without quarantining the files

Yes

Endpoint Threats Permissions

Threat Actions Remediate

Run the Remediate mitigation action on threats

Yes

Endpoint Threats Permissions

Threat Actions Quarantine

Run the Quarantine mitigation action on threats

Yes

Endpoint Threats Permissions

Threat Actions Kill

Run the Kill mitigation action on threats

Yes

Access Settings Permissions

View

See configuration settings in Settings Configuration

Yes

Access Settings Permissions

Edit

Edit configuration settings in Settings Configuration

No

Accounts Permissions

View

See Account information

Yes

Accounts Permissions

Edit

Edit Account information

No

Accounts Permissions

Delete

Delete an Account

No

Accounts Permissions

Create

Create an Account

No

Activity Permissions

View

See all activities that occurred in your environment

Yes

Agent Artifacts Permissions

View

See Integrations Token Management to create and manage public repo tokens for CWS Agents

Yes

Agent Artifacts Permissions

Delete

Delete tokens for CWS Agents

Yes

Agent Artifacts Permissions

Create

Create tokens for CWS Agents

Yes

Agent Artifacts Permissions

List Access Tokens

See all tokens generated for CWS Agents

Yes

Agent Packages Permissions

View

See the Packages page

Yes

Agent Packages Permissions

Edit

Change the build number scope and other properties of a package

No

Agent Packages Permissions

Delete

Remove a package from the Packages page

No

Agent Packages Permissions

Create

Upload a package

No

Applications Permissions

View

See all applications on your endpoints

Yes

Applications Permissions

View Risks

See all applications by threat assessment and endpoint installation

Yes

Applications Permissions

Scan Vulnerabilities

Scan applications for vulnerabilities also needed to run the Extensive Vulnerability Scan

Yes

Applications Permissions

Application Fp Fn Actions

Report a detected CVE as a false positive or a false negative

Yes

Applications Permissions

Set Statuses

Give a status to endpoints that have applications with detected CVEs to reflect their state during the remediation flow

Yes

Applications Permissions

Create External Ticket

Create a Jira ticket for applications and endpoints that require patching

Yes

Applications Permissions

Change Vulnerabilities Scan Policy

Change the Scan Policy or Extensive Scan configuration settings

No

Auto-Upgrade Policy Permissions

View

View the details of an Auto Upgrade policy

Yes

Auto-Upgrade Policy Permissions

Policy Action

Change Auto-Upgrade Policy order activate deactivate or delete

No

Auto-Upgrade Policy Permissions

Edit

Edit an Auto Upgrade policy

Yes

Auto-Upgrade Policy Permissions

Disable All Policies

Disable all Auto Upgrade policies in this scope and all lower scopes

No

Auto-Upgrade Policy Permissions

Create

Add a new Auto Upgrade Policy

Yes

Benchmarks Permissions

View

See Benchmark results and export results

Yes

Benchmarks Permissions

Run Benchmarks

Run Benchmark templates

Yes

Benchmarks Permissions

Manage Skip Control

Allows Users to Skip a Control

Yes

Benchmarks Permissions

Modify Settings

Edit CIS Benchmark configuration

Yes

Blocklist Permissions

View

See the hashes in the blacklist

Yes

Blocklist Permissions

Edit

Change the hash of a blacklist item

Yes

Blocklist Permissions

Delete

Delete a hash from the list

Yes

Blocklist Permissions

Create

Add a hash to the blacklist

Yes

Cloud Permissions

View

See the Cloud page

Yes

Cloud Account Permissions

View

See Cloud Account

Yes

Cloud Account Permissions

Enable Cloud Account

Enable Cloud Account

Yes

Cloud Account Permissions

Edit

Edit Cloud Account configuration

Yes

Cloud Account Permissions

Disable Cloud Account

Disable Cloud Account

Yes

Cloud Account Permissions

Delete

Delete Cloud Account

Yes

Cloud Account Permissions

Create

Create Cloud Account

Yes

Cloud Funnel Permissions

View

See the Cloud Funnel page

Yes

Cloud Funnel Permissions

Edit

Edit Cloud Funnel configuration

Yes

Cloud Funnel Permissions

Delete

Delete Cloud Funnel configuration

Yes

Cloud Funnel Permissions

Create

Create Cloud Funnel configuration

Yes

Cloud Policies Permissions

View

See Cloud policies

Yes

Cloud Policies Permissions

Manage

Add new delete existing and edit Cloud policies

Yes

Cloud Rogues Permissions

View

See Cloud Rogues

Yes

Cloud Rogues Permissions

Edit

Change Cloud Rogues configuration

Yes

Cloud Scanners Configuration Permissions

View

Read-only access to cloud scanner configuration

Yes

Cloud Scanners Configuration Permissions

Manage

Full access to deploy edit and delete cloud scanners

Yes

Compromised Credentials Protection Permissions

View

See how Compromised Credentials Protection is set up

Yes

Compromised Credentials Protection Permissions

Edit

Enable or disable options and change the settings for Compromised Credentials Protection

Yes

Console Integrations Permissions

View

See Settings Integrations

Yes

Console Integrations Permissions

Edit

Edit settings for SMTP Syslog and SSO

Yes

Console Integrations Permissions

Delete

Delete integration for SMTP Syslog and SSO

Yes

Console Integrations Permissions

Create

Set up integration for SMTP Syslog and SSO

Yes

Cloud Native Security Permissions

View

Read-only access to Cloud Native Security

Yes

Cloud Native Security Permissions

Triage

Limited actions permitted in Cloud Native Security

Yes

Cloud Native Security Permissions

Manage

Full access to complete actions in Cloud Native Security

Yes

Cloud Native Security Permissions

Publish CNS CLI Findings

Publish findings from the Cloud Native Security CLI tool to the Management console

Yes

Cloud Native Security Permissions

Get CNS CLI Scan Rules

Retrieve scan rules used by the Cloud Native Security CLI tool

Yes

Console Users Permissions

View

See the Users page

Yes

Console Users Permissions

Edit

Edit the properties and requirements of a user account delete or reset 2FA for other users

No

Console Users Permissions

Delete

Delete a user account

Yes

Console Users Permissions

Create

Add a user

No

Console Users Permissions

Can Revoke API Tokens for Others

Revoke API Tokens for other users

Yes

Console Users Permissions

Can Enable Generate API Token Setting for Self and Others

Enable Allow API Token Generation for other users

No

Console Users Permissions

Can Enable 2FA Configuration for Other Users

Reset delete and enroll 2FA for other users

No

Device Control Permissions

View

See the current list of devices in the controlled list

Yes

Device Control Permissions

Edit

Edit a rule for a device in the list name action class and vendor ID and select events to send to Activity

Yes

Device Control Permissions

Delete

Delete a rule from the list

Yes

Device Control Permissions

Create

Create a new rule

Yes

Endpoint Policy Permissions

View

See the Policy page

Yes

Endpoint Policy Permissions

Edit

Edit the policy settings and inheritance

No

Unified Tags Permissions

View

View the Tags page

Yes

Unified Tags Permissions

Edit

Edit tags

Yes

Unified Tags Permissions

Delete

Delete tags

Yes

Unified Tags Permissions

Create

Create tags

Yes

Exclusions Permissions

View

See the Exclusions page

Yes

Exclusions Permissions

Edit

Edit an exclusion

Yes

Exclusions Permissions

Delete

Delete an exclusion

Yes

Exclusions Permissions

Create

Create a new exclusion by Hash Path Signer Identity File Type or Browser

Yes

Extended Security Posture Management Permissions

View

View discovered vulnerabilities and misconfigurations

Yes

Extended Security Posture Management Permissions

Vulnerabilities View

View discovered vulnerabilities

Yes

Extended Security Posture Management Permissions

Misconfigurations View

View discovered misconfigurations

Yes

Extended Security Posture Management Permissions

Vulnerabilities Manage

Perform actions on vulnerabilities change the vulnerability status assign it to a Console user for investigation and set a verdict

Yes

Extended Security Posture Management Permissions

Misconfigurations Manage

Perform actions on misconfigurations change the misconfiguration status assign it to a Console user for investigation and set a verdict

Yes

Extended Security Posture Management Permissions

Vulnerabilities View Singularity Vulnerability Management Vulnerabilities

View vulnerabilities discovered by Vulnerability Management

Yes

Extended Security Posture Management Permissions

Misconfigurations View Identity Security Posture Management Misconfigurations

View misconfigurations discovered by ISPM

Yes

Extended Security Posture Management Permissions

Vulnerabilities View Generic Vulnerabilities

View vulnerabilities discovered by third party tools

Yes

Extended Security Posture Management Permissions

Misconfigurations View Generic Misconfigurations

View misconfigurations discovered by third party tools

Yes

Extended Security Posture Management Permissions

Vulnerabilities Manage Singularity Vulnerability Management Vulnerabilities

Perform actions on vulnerabilities discovered by Vulnerability Management

Yes

Extended Security Posture Management Permissions

Misconfigurations Manage Identity Security Posture Management Misconfigurations

Perform actions on misconfigurations discovered by ISPM

Yes

Extended Security Posture Management Permissions

Vulnerabilities Manage Generic Vulnerabilities

Perform actions on vulnerabilities discovered by third party tools

Yes

Extended Security Posture Management Permissions

Misconfigurations Manage Generic Misconfigurations

Perform actions on misconfigurations discovered by third party tools

Yes

Extended Security Posture Management Permissions

Vulnerabilities View CNS Vulnerabilities

View vulnerabilities discovered by CNS

Yes

Extended Security Posture Management Permissions

Misconfigurations View CNS Misconfigurations

View misconfigurations discovered by CNS

Yes

Extended Security Posture Management Permissions

Vulnerabilities Manage CNS Vulnerabilities

Perform actions on vulnerabilities discovered by CNS

Yes

Extended Security Posture Management Permissions

Misconfigurations Manage CNS Misconfigurations

Perform actions on misconfigurations discovered by CNS

Yes

Firewall Permissions

View

See Firewall Control Rules and Settings

Yes

Firewall Permissions

Manage Rules And Tags

Change Firewall Control Rules and Tags

Yes

Firewall Permissions

Modify Settings

Change Firewall Control Settings

Yes

Groups Permissions

View

See the group names and number of groups listed for a specific site

Yes

Groups Permissions

Edit

Edit the Group policy change Dynamic Group filters or Group Ranking and get a new Group token

Yes

Groups Permissions

Delete

Delete a group of endpoints

Yes

Groups Permissions

Create

Create a new group of endpoints

Yes

Groups Permissions

Move To Group

Move endpoint between groups required from version S 24.2.4

Yes

Hyperautomation Permissions

View

See the Hyperautomation page

Yes

Hyperautomation Permissions

Edit

Change Hyperautomation configuration

Yes

Local Upgrade Authorization Permissions

View

See the Site level authorization for local upgrades

Yes

Local Upgrade Authorization Permissions

Edit

Edit the Site level authorization for local upgrades

Yes

Locations Permissions

View

See configured endpoint Locations

Yes

Locations Permissions

Edit

Edit configured endpoint Locations

Yes

Locations Permissions

Delete

Delete configured endpoint Locations

Yes

Locations Permissions

Create

Create endpoint Locations

Yes

Metering Reports Permissions

View

See the Usage Metering dashboard and access the raw data via the powerQuery API

Yes

Mobile Alerts Permissions

View

See alerts for mobile endpoints

Yes

Mobile Alerts Permissions

Manage

Respond to alerts for mobile endpoints

Yes

Mobile Endpoints Permissions

View

See mobile endpoint details

Mobile Endpoints Permissions

Manage

Create and send invitations for mobile users

Mobile Integrations Permissions

View

See the MBM integrations menu

Yes

Mobile Integrations Permissions

Manage

Create and add an MDM integration

Yes

Mobile Policies Permissions

View

See the overall mobile endpoint policy

Yes

Mobile Policies Permissions

Manage

Change the options for the mobile endpoint policy

Yes

Mobile Risks Permissions

View

See risks for mobile endpoints

Yes

Mobile Risks Permissions

Manage

Mitigate and respond to risks for mobile endpoints

Yes

Network Quarantine Permissions

View

See Configurable Network Quarantine Rules and Settings

Yes

Network Quarantine Permissions

Manage Rules And Tags

Change Configurable Network Quarantine Rules and Tags

Yes

Network Quarantine Permissions

Modify Settings

Change Configurable Network Quarantine Settings

Yes

Unprotected Endpoints Discovery Permissions

View

See the Unprotected Endpoints page

Yes

Unprotected Endpoints Discovery Permissions

Edit

Change Unprotected Endpoints Discovery configuration

Yes

Unprotected Endpoints Discovery Permissions

View Cloud

See Cloud Rogues

Yes

Network Discovery Permissions

View

See the Network Discovery Previously Ranger page

Yes

Network Discovery Permissions

Manage Credentials

Create change and delete Sentinel Deploy Credentials

No

Network Discovery Permissions

Edit

Edit a network to scan or change Network Discovery Previously Ranger settings

Yes

Network Discovery Permissions

Deploy

Deploy Agents on remote unsecured endpoints in your network

Yes

Notification Settings Permissions

View

See Settings Notifications

Yes

Notification Settings Permissions

Edit

Change the settings of notifications

Yes

Notification Settings Permissions

Delete

Remove email or syslog settings for notifications

Yes

Notification Settings Permissions

Create

Add email or syslog settings for notifications

Yes

Policy Enforcement Status Permissions

View

See the status of the enforced Identity Endpoint Protection Policies

Yes

Policy Enforcement Status Permissions

Edit

Change the Identity Policy Enforcement Status

Yes

Policy Override Permissions

View

See the Policy Override page

Yes

Policy Override Permissions

Edit

Edit a policy override

Yes

Policy Override Permissions

Delete

Remove as policy override

Yes

Policy Override Permissions

Create

Add a policy override

Yes

Purple AI Notebooks Permissions

View

Required to view shared Notebooks

Yes

Purple AI Notebooks Permissions

Manage

Required to create and share Notebooks

Yes

RemoteOps Permissions

View

See the Remote Ops page

Yes

RemoteOps Permissions

View Output

See the Remote Ops output

Yes

RemoteOps Permissions

Upload

Upload a custom script

Yes

RemoteOps Permissions

Edit

Edit Custom script configuration

Yes

RemoteOps Permissions

Delete

Delete a custom script

Yes

RemoteOps Permissions

View Scheduled Tasks

See RemoteOps and RemoteOps Forensics scheduled tasks

Yes

RemoteOps Permissions

Data Export Configuration View Destination Results

View RemoteOps script and forensics results in Skylight

Yes

RemoteOps Permissions

Data Export Configuration View Destination Credentials

View the list of created Data Export profiles

Yes

RemoteOps Permissions

Data Export Configuration Manage Destination Credentials

Create edit and delete Data Export profiles

Yes

RemoteOps Permissions

Run Scripts Run Data Collection Script

Run Data Collection scripts

Yes

RemoteOps Permissions

Run Scripts Run Artifact Collection Script

Run Artifact Collection Scripts

Yes

RemoteOps Permissions

Run Scripts Run Action Script

Run Action Scripts

Yes

RemoteOps Permissions

Run Scripts Review Pending Executions

View approve or decline pending scripts

Yes

RemoteOps Permissions

Run Scripts Manage Guardrails

Configure Remote Ops Guardrails

Yes

RemoteOps Permissions

Schedule Actions Update Scheduled Tasks

Edit when RemoteOps scripts and RemoteOps Forensics collections are scheduled to run

Yes

RemoteOps Permissions

Schedule Actions Delete Scheduled Tasks

Remove RemoteOps and RemoteOps Forensics scheduled tasks

Yes

RemoteOps Permissions

Schedule Actions Create Scheduled Tasks

Add new RemoteOps and RemoteOps Forensics scheduled tasks

Yes

RemoteOps Permissions

Cancel Scripts Cancel Data Collection Script

Stop a Data Collection Script

Yes

RemoteOps Permissions

Cancel Scripts Cancel Artifact Collection Script

Stop an Artifact Collection Script

Yes

RemoteOps Permissions

Cancel Scripts Cancel Action Script

Stop an Action Script

Yes

RemoteOps Permissions

Schedule Actions View Scheduled Tasks

See RemoteOps and RemoteOps Forensics scheduled tasks

Yes

Remote Ops Forensics Permissions

View

View all RemoteOps Forensics profiles

Yes

Remote Ops Forensics Permissions

Run Forensics Collection

Run RemoteOps Forensics Profiles and view Data Export Profiles

Yes

Remote Ops Forensics Permissions

View Output

View the output after a RemoteOps Forensics Profile is run

Yes

Remote Ops Forensics Permissions

Manage Destinations

View create or edit Data Export Configuration Profiles or set one as the default

Yes

Remote Ops Forensics Permissions

Edit

Change the properties of Forensics Profiles

Yes

Remote Ops Forensics Permissions

Delete

Delete Forensics Profiles

Yes

Remote Ops Forensics Permissions

Create

Create Forensics Profiles

Yes

Remote Ops Forensics Permissions

Cancel Collection Task

Cancel a forensic data collection task Can only be done if the status of the task is Pending

Yes

Remote Ops Settings Permissions

View

View RemoteOps Settings

Yes

Remote Ops Settings Permissions

View Remote Ops Password

View the default password

Yes

Remote Ops Settings Permissions

Edit Remote Ops Password

Reset revert and configure a default password

Yes

Reports Permissions

View

See the Reports page

Yes

Reports Permissions

Edit

Edit a report

Yes

Reports Permissions

Delete

Delete a report

Yes

Reports Permissions

Create

Generate a report or report schedule

Yes

Roles Permissions

View

See the Roles page

Yes

Roles Permissions

Edit

Edit Role permissions

No

Roles Permissions

Delete

Delete a Role

No

Roles Permissions

Create

Create a custom Role

No

STAR Custom Rules Permissions

View

See the STAR Custom Rules page

Yes

STAR Custom Rules Permissions

Manage

Change STAR Custom Rules

Yes

STAR Rule Alerts Permissions

View

See the Custom Alerts page

Yes

STAR Rule Alerts Permissions

Update Incident Status

Change the Incident Status of Alerts

Yes

STAR Rule Alerts Permissions

Update Analyst Verdict

Change the Analyst Verdict of Alerts

Yes

Service Users Permissions

View

See Service Users

Yes

Service Users Permissions

Edit

Edit Service Users

No

Service Users Permissions

Delete

Delete Service Users

No

Service Users Permissions

Create

Create Service Users

No

Singularity Marketplace Permissions

View

See the Singularity Marketplace page

No

Singularity Marketplace Permissions

Manage

Change Singularity Marketplace integrations

No

Sites Permissions

View

See the Sites page

Yes

Sites Permissions

Edit

Edit the properties of a site

No

Sites Permissions

Delete

Delete a site

No

Sites Permissions

Create

Add a site

No

SDL Alerts Permissions

View

View Alerts in the console

Yes

SDL Alerts Permissions

Manage

Create edit and delete Alerts in the console

Yes

SDL API Keys Permissions

View

View API keys

Yes

SDL API Keys Permissions

Manage

Add and delete API keys User must have Global or Account scope of access

Yes

SDL Configuration Files Permissions

View

See configuration files of SDL objects such as alerts dashboards saved searches and automatic lookups Users with a Site scope have limited access

Yes

SDL Configuration Files Permissions

Manage

Save edit and delete configuration files Users with a Site scope have limited access

Yes

SDL Cost Management Permissions

View

This feature is coming soon

Yes

SDL Cost Management Permissions

Manage

This feature is coming soon

Yes

SDL Dashboards Permissions

View

View Dashboards

Yes

SDL Dashboards Permissions

Manage

Create edit and delete Dashboards

Yes

SDL Data Permissions

View

Prerequisite to use Event Search for EDR or XDR

Yes

SDL Data Permissions

View Xdr

Use the XDR view of Event Search

Yes

SDL Data Permissions

View Edr

Use the EDR view of Event Search

Yes

SDL Ingestion API Permissions

View

User must have both View and Manage permissions to ingest events using APIs

Yes

SDL Ingestion API Permissions

Manage

User must have both View and Manage permissions to ingest events using APIs User must have Global or Account scope of access

Yes

SDL Long Range Query Permissions

View

Users with this permission can run long term queries for over one year in Event Search This requires a separate license

Yes

SDL Log Processing Permissions

View

View Log Processing Filters

Yes

SDL Log Processing Permissions

Manage

Create edit and delete Log Processing Filters

Yes

SDL Monitors Permissions

View

View Monitor files User must have Global or Account scope of access and select an Account scope

Yes

SDL Monitors Permissions

Manage

Create edit and delete Monitor files User must have Global or Account scope of access

Yes

SDL Parsers Permissions

View

View Log Parsers The Manage Logs permission is required to enable this permission

Yes

SDL Parsers Permissions

Manage

Create edit and delete Log Parsers User must have Global or Account scope of access The Manage Logs permission is required

Yes

SDL Query API Permissions

View

Query data using the Query APIs User must have Global or Account scope of access This permission automatically enables RemoteOps View Activity View

Yes

SDL Secrets Permissions

View

View the Secrets page

Yes

SDL Secrets Permissions

Manage

View and create Secrets for use in SDL monitors and alert webhooks

Yes

SDL Search Permissions

View

Access to all Deep Visibility pages A prerequisite to access to all Skylight pages Skylight EDR and XDR event search require the SDL Data permission

Yes

SDL Search Permissions

File Fetch

Get files from Deep Visibility or Skylight

Yes

SDL Search Permissions

Edit

Edit shared and saved queries

Yes

SDL Search Permissions

Delete

Delete shared and saved queries

Yes

SDL Search Permissions

Create

Create shared and saved queries

Yes

SDL Usage Permissions

View

View the Usage page User must have Global or Account scope of access

Yes

Task Management Permissions

View

See upgrade tasks

Yes

Threat Intelligence Permissions

View

See IoCs connected to an account

Yes

Threat Intelligence Permissions

Manage

Create edit see or delete IoCs connected to an account

Yes

Threat Services Integrations Permissions

View

See the Threat Services Integrations page

Yes

Threat Services Integrations Permissions

Manage

Configure selected third party Applications and authorize MDR Response Actions taken via these integrations

Yes

Threat Services Permissions

View

See the Overview and Escalation Contacts pages of Threat Services

Yes

Threat Services Permissions

Manage

Edit escalation contact information

Yes

Unified Alerts Permissions

STAR Alerts View

See STAR alerts

Yes

Unified Alerts Permissions

STAR Alerts Manage

Run actions on STAR alerts

Yes

Unified Alerts Permissions

Mobile Alerts View

See Mobile alerts

Yes

Unified Alerts Permissions

Mobile Alerts Manage

Run actions on Mobile alerts

Yes

Unified Alerts Permissions

Identity Alerts View

See Identity alerts

Yes

Unified Alerts Permissions

Identity Alerts Manage

Run actions on Identity alerts

Yes

Unified Alerts Permissions

Generic Alerts View

See all alerts ingested via Singularity Marketplace

Yes

Unified Alerts Permissions

Generic Alerts Manage

Run actions on alerts ingested via Singularity Marketplace

Yes

Unified Alerts Permissions

Endpoint Alerts View

See Endpoint alerts

Yes

Unified Alerts Permissions

Endpoint Alerts Manage

Run actions on Endpoint alerts

Yes

Unified Alerts Permissions

Enrich

View third-party enrichment data for alerts Coming soon

Yes

Unified Asset Inventory Permissions

View

See and use the Asset Inventory view and Graph Explorer

Yes

Unified Asset Inventory Permissions

Edit

Run actions on assets permissions for the specific surface or activity are also required

Yes

Unified Asset Inventory Permissions

Delete

Run actions on assets permissions for the specific surface or activity are also required

Yes

Unified Asset Inventory Permissions

Create

Run actions on assets permissions for the specific surface or activity are also required

Yes

Unified Asset Inventory Permissions

Assign Tags

Assign tags from the Inventory

Yes

Unified Asset Inventory Permissions

View Network Discovery Assets

See Assets found by Network Discovery in the Asset Inventory

Yes

Unified Asset Inventory Permissions

View Identity Assets

See Identity Assets in the Asset Inventory

Yes

Unified Asset Inventory Permissions

View Endpoint Assets

See endpoint Assets in the Asset Inventory

Yes

Unified Asset Inventory Permissions

View Cloud Assets

See Cloud Assets in the Asset Inventory

Yes

Unprotected Endpoints Permissions

View

See the Unprotected Endpoints page

Yes

Unprotected Endpoints Permissions

Edit

Change Unprotected Endpoints configuration

Yes

Upgrade Policy Permissions

View

See the Upgrade Policy view

Yes

Upgrade Policy Permissions

Edit

Edit an upgrade policy

No

Did this answer your question?