Roles and Permissions in EDR

You can create users and then assign a role to it to grant access as per the role you define. Depending on the roles and permissions assigned, the user can perform actions like creating, editing, or deleting rules and actions.

The Administration application is used to create EDR users and assign roles and permissions. We have provided some pre-created user roles for EDR. You get the associated set of permissions, depending on the role assigned to you.

Users created before EDR version 1.1 will continue to have the same permissions.

Perform the following steps in the Administration application to view and access the EDR roles and permissions:

  1. Click Role Management
  2. Select the Role you want to perform an action. The following screenshot is an example of the Administrator role and the actions you can perform on this role:

    Edit Role in Role Management window.

  3. Select any of the options listed in the Actions menu to proceed. 
  • Manager- A user with the Manager role is considered a super-user and has all the available permissions. They have full privileges and access to all modules in the subscription. Only users with the Manager role can create other users and assign roles.

    The Manager user can customize the permissions for all the EDR role.

  • EDR User- By default, the EDR user role only has EDR UI Access permissions. So, the user can only see the User Activity tab under Responses.

    EDR User

  • EDR Analyst- By default, the EDR Analyst role has EDR UI Access permissions, Global Dashboard, and Alerting Permissions.

    EDR Analyst User

  • EDR Incident Responder and EDR Manager- By default, these roles have EDR UI Access permissions, Global Dashboard, Alerting Permissions, and Response Action Permissions. The following screenshot displays the default permissions for the EDR Manager role:

    EDR Manager User