Permissions for administrator roles
The following tables list out the default permissions for system-defined roles within the management console. Permissions in bold have child permissions that are only available after the main permission is selected.
The data that zone managers can view in the console is limited to the zones that they manage.
Dashboard
These permissions provide access to the dashboard page and cannot be disabled. The information displayed on the dashboard is determined by the role and permissions assigned to the administrator role.
Permission | Administrator | Zone Manager | User | Read-Only |
---|---|---|---|---|
Device protection | √ | √ | √ | √ |
Endpoint Detection Response
These permissions allow you to manage
CylanceOPTICS
features.Permission | Administrator | Zone Manager | User | Read-Only |
---|---|---|---|---|
View detections | √ | √ | √ | |
Edit detections | √ | √ | ||
Delete detections | √ | √ | ||
View, create InstaQuery | √ | √ | √ | |
Delete InstaQuery | √ | √ | ||
View, create advanced query | √ | √ | √ | |
Create shared template | √ | √ | ||
Delete shared template | √ | |||
Delete shared snapshots | √ | |||
Delete shared export query | √ | |||
Create scheduled query | √ | √ | ||
Edit shared scheduled query | √ | |||
Delete shared scheduled query | √ | |||
View, create focus data | √ | √ | √ | |
View package deploy | √ | √ | ||
Create package deploy | √ | |||
Update package deploy | √ | |||
Delete package deploy | √ | |||
View playbook results | √ | √ | ||
Delete playbook results | √ | |||
View package | √ | √ | ||
Create package | √ | |||
Delete package | √ | |||
View playbook | √ | √ | ||
Create, edit playbook | √ | |||
Delete playbook | √ | |||
View ruleset* | √ | √ | ||
Edit ruleset* | √ | |||
Delete ruleset | √ | |||
View rules | √ | √ | ||
Create, edit custom rule | √ | |||
Delete custom rule | √ | |||
View exceptions | √ | √ | ||
Create, edit exceptions | √ | |||
Delete exceptions | √ | |||
View lockdown configuration | √ | √ | ||
Create, Edit lockdown configuration | √ | |||
Delete lockdown configuration | √ |
*To view a rule set, you require an administrator role with the View ruleset and Edit ruleset permissions.
Users and Devices
These permissions control what you can do with users and devices in the management console. You have to have global list permissions to global quarantine or add a threat to the safe list from these pages.
Permission | Administrator | Zone Manager | User | Read-Only |
---|---|---|---|---|
View users and groups | √ | √ | ||
Create users and groups | √ | |||
Edit users and groups | √ | |||
Delete users and groups | √ | |||
View mobile devices | √ | √ | ||
Delete mobile devices | √ | |||
View devices | √ | √ | √ | √ |
Edit devices | √ | √ | ||
Delete devices | √ | |||
Run background scan | √ | |||
Lock CylanceOPTICS device | √ | |||
Unlock CylanceOPTICS device | √ | |||
Execute remote response | √ | |||
Allow file download | √ | |||
View device policies | √ | √ | √ | |
Create device policies | √ | |||
Edit device policies | √ | |||
Delete device policies | √ | |||
View Zones | √ | √ | √ | √ |
Create zones | √ | |||
Edit zones | √ | √ | ||
Delete zones | √ |
Threat Protection
These permissions provide access to the protection menu,
CylancePROTECT Mobile
alerts, and vulnerabilities.Permission | Administrator | Zone Manager | User | Read-Only |
---|---|---|---|---|
View threat protection | √ | √ | √ | √ |
Edit Protect Mobile events | √ | |||
View Protect Mobile policies | √ | √ | ||
Create Protect Mobile policies | √ | |||
Edit Protect Mobile policies | √ | |||
Delete Protect Mobile policies | √ |
Network
These permissions allow you to manage network protection settings, including network access control,
CylanceGATEWAY
settings, and CylanceGATEWAY
alerts and events.Permission | Administrator | Zone Manager | User | Read-Only |
---|---|---|---|---|
View Gateway service policies | √ | √ | ||
Create Gateway service policies | √ | |||
Edit Gateway service policies | √ | |||
Delete Gateway service policies | √ | |||
View network access controls | √ | √ | ||
Edit network access controls | √ | |||
View Gateway settings | √ | √ | ||
Create Gateway settings | √ | |||
Edit Gateway settings | √ | |||
Delete Gateway settings | √ | |||
View Gateway reporting events | √ | √ | ||
View Gateway alerts and events | √ | √ |
Avert
These permissions allow you to manage
CylanceAVERT
features.Permission | Administrator | Zone Manager | User | Read-Only |
---|---|---|---|---|
View Avert settings | √ | √ | ||
Edit Avert settings | √ | |||
View Avert device identifier | √ | √ | ||
View Avert risk scores | √ | √ | ||
View Avert device events | √ | √ | ||
View Avert policies | √ | √ | ||
Create Avert policies | √ | |||
Edit Avert policies | √ | |||
Delete Avert policies | √ | |||
View Avert sensitive file summary | √ | |||
View Avert file content | √ | |||
Delete Avert files | √ |
Common
These permissions allow administrators to manage tenant-level settings that affect multiple features in the
Cylance Endpoint Security
solution, including EMM providers and directories, enrollment for mobile devices and CylanceGATEWAY
, and adaptive risk options and events. For directory connections, you can create Microsoft Entra ID
active directories (AD) only.Permission | Administrator | Zone Manager | User | Read-Only |
---|---|---|---|---|
View EMM connections | √ | √ | ||
Create EMM connections | √ | |||
Edit EMM connections | √ | |||
Delete EMM connections | √ | |||
View directory connections | √ | √ | ||
Create directory connections | √ | |||
Edit directory connections | √ | |||
Delete directory connections | √ | |||
View on-prem directory connector | √ | √ | ||
Create on-prem directory connector | √ | |||
Edit on-prem directory connector | √ | |||
Delete on-prem directory connector | √ | |||
View authentication controls | √ | √ | ||
Create authenticators | √ | |||
Edit authenticators | √ | |||
Delete authenticators | √ | |||
View enrollment policies | √ | √ | ||
Create enrollment policies | √ | |||
Edit enrollment policies | √ | |||
Delete enrollment policies | √ | |||
View adaptive risk policies | √ | √ | ||
Create adaptive risk policies | √ | |||
Edit adaptive risk policies | √ | |||
Delete adaptive risk policies | √ | |||
View adaptive risk settings | √ | √ | ||
Create adaptive risk settings | √ | |||
Edit adaptive risk settings | √ | |||
Delete adaptive risk settings | √ | |||
View alerts | √ | √ | ||
Edit alerts | √ | |||
Delete alerts | √ |
Logging
These permissions allow you to view reports and the audit log.
Permission | Administrator | Zone Manager | User | Read-Only |
---|---|---|---|---|
View reports | √ | √ | ||
View audit log | √ | √ |
Settings
These permissions allow you to manage management console settings. User management permissions and role management permissions are associated. If a user is assigned a role with user management permissions selected, the user will also have access to role management functionality.
Permission | Administrator | Zone Manager | User | Read-Only |
---|---|---|---|---|
Application | √ | √ | √ | |
Token Management | √ | |||
Installer Download | √ | √ | ||
Uninstall Password Management | √ | |||
Support Login | √ | |||
Syslog/SIEM | √ | |||
Custom Authentication | √ | |||
Threat Data Report | √ | |||
User Management | √ | |||
View Global List | √ | √ | √ | |
Create Global List | √ | |||
Edit Global List | √ | |||
Delete Global List | √ | |||
View Agent Update Settings | √ | √ | ||
Create Agent Update Settings | √ | |||
Edit Agent Update Settings | √ | |||
Delete Agent Settings | √ | |||
Certificates | √ | √ | √ | |
Integrations | √ | |||
View device lifecycle settings | √ | √ | ||
Create device lifecycle settings | √ | |||
Edit device lifecycle settings | √ | |||
Delete device lifecycle settings | √ | |||
View activation settings | √ | √ | ||
Edit activation settings | √ |