Learn more about the predefined user role called Privileged Security Admin.
Triage and investigate issues and cases, and respond to and edit profiles and policies. The most powerful security role. Everything Security Admin has, plus Live Terminal, file operations, script execution, playbook editing, device control editing, host firewall editing, audit, alert notifications, broker management, etc.
Tip
Assign to senior security administrators or CISO-designated security leads who need unrestricted security operations capabilities. They handle the most critical incidents requiring Live Terminal access, manage the full detection and response stack, configure broker infrastructure, and oversee audit trails. The only capabilities reserved above this role are user/role management (Access Management) and application hub management, which require Account/Instance Administrator.
To quickly see exactly which pages and actions a role allows, click on the role name, which opens a read-only view of all checked permissions. For more information about the permissions, see Role permissions by components.