Skip Navigation

Permissions for administrator roles

The following tables list out the default permissions for system-defined roles within the management console. Permissions in bold have child permissions that are only available after the main permission is selected.
The data that zone managers can view in the console is limited to the zones that they manage.

Dashboard

These permissions provide access to the dashboard page and cannot be disabled. The information displayed on the dashboard is determined by the role and permissions assigned to the administrator role.
Permission
Administrator
Zone Manager
User
Read-Only
Device protection

Endpoint Detection Response

These permissions allow you to manage
CylanceOPTICS
features.
Permission
Administrator
Zone Manager
User
Read-Only
View detections
Edit detections
Delete detections
View, create InstaQuery
Delete InstaQuery
View, create advanced query
Create shared template
Delete shared template
Delete shared snapshots
Delete shared export query
Create scheduled query
Edit shared scheduled query
Delete shared scheduled query
View, create focus data
View package deploy
Create package deploy
Update package deploy
Delete package deploy
View playbook results
Delete playbook results
View package
Create package
Delete package
View playbook
Create, edit playbook
Delete playbook
View ruleset*
Edit ruleset*
Delete ruleset
View rules
Create, edit custom rule
Delete custom rule
View exceptions
Create, edit exceptions
Delete exceptions
View lockdown configuration
Create, Edit lockdown configuration
Delete lockdown configuration
*To view a rule set, you require an administrator role with the View ruleset and Edit ruleset permissions.

Users and Devices

These permissions control what you can do with users and devices in the management console. You have to have global list permissions to global quarantine or add a threat to the safe list from these pages.
Permission
Administrator
Zone Manager
User
Read-Only
View users and groups
Create users and groups
Edit users and groups
Delete users and groups
View mobile devices
Delete mobile devices
View devices
Edit devices
Delete devices
Run background scan
Lock
CylanceOPTICS
device
Unlock
CylanceOPTICS
device
Execute remote response
Allow file download
View device policies
Create device policies
Edit device policies
Delete device policies
View Zones
Create zones
Edit zones
Delete zones

Threat Protection

These permissions provide access to the protection menu,
CylancePROTECT Mobile
alerts, and vulnerabilities.
Permission
Administrator
Zone Manager
User
Read-Only
View threat protection
Edit Protect Mobile events
View Protect Mobile policies
Create Protect Mobile policies
Edit Protect Mobile policies
Delete Protect Mobile policies

Network

These permissions allow you to manage network protection settings, including network access control,
CylanceGATEWAY
settings, and
CylanceGATEWAY
alerts and events.
Permission
Administrator
Zone Manager
User
Read-Only
View Gateway service policies
Create Gateway service policies
Edit Gateway service policies
Delete Gateway service policies
View network access controls
Edit network access controls
View Gateway settings
Create Gateway settings
Edit Gateway settings
Delete Gateway settings
View Gateway reporting events
View Gateway alerts and events

Avert

These permissions allow you to manage
CylanceAVERT
features.
Permission
Administrator
Zone Manager
User
Read-Only
View Avert settings
Edit Avert settings
View Avert device identifier
View Avert risk scores
View Avert device events
View Avert policies
Create Avert policies
Edit Avert policies
Delete Avert policies
View Avert sensitive file summary
View Avert file content
Delete Avert files

Common

These permissions allow administrators to manage tenant-level settings that affect multiple features in the
Cylance Endpoint Security
solution, including EMM providers and directories, enrollment for mobile devices and
CylanceGATEWAY
, and adaptive risk options and events. For directory connections, you can create
Microsoft Entra ID
active directories (AD) only.
Permission
Administrator
Zone Manager
User
Read-Only
View EMM connections
Create EMM connections
Edit EMM connections
Delete EMM connections
View directory connections
Create directory connections
Edit directory connections
Delete directory connections
View on-prem directory connector
Create on-prem directory connector
Edit on-prem directory connector
Delete on-prem directory connector
View authentication controls
Create authenticators
Edit authenticators
Delete authenticators
View enrollment policies
Create enrollment policies
Edit enrollment policies
Delete enrollment policies
View adaptive risk policies
Create adaptive risk policies
Edit adaptive risk policies
Delete adaptive risk policies
View adaptive risk settings
Create adaptive risk settings
Edit adaptive risk settings
Delete adaptive risk settings
View alerts
Edit alerts
Delete alerts

Logging

These permissions allow you to view reports and the audit log.
Permission
Administrator
Zone Manager
User
Read-Only
View reports
View audit log

Settings

These permissions allow you to manage management console settings. User management permissions and role management permissions are associated. If a user is assigned a role with user management permissions selected, the user will also have access to role management functionality.
Permission
Administrator
Zone Manager
User
Read-Only
Application
Token Management
Installer Download
Uninstall Password Management
Support Login
Syslog/SIEM
Custom Authentication
Threat Data Report
User Management
View Global List
Create Global List
Edit Global List
Delete Global List
View Agent Update Settings
Create Agent Update Settings
Edit Agent Update Settings
Delete Agent Settings
Certificates
Integrations
View device lifecycle settings
Create device lifecycle settings
Edit device lifecycle settings
Delete device lifecycle settings
View activation settings
Edit activation settings