Learn more about the Cortex XDR predefined user role called Scoped Endpoint Admin.
Can only access product areas that support endpoint Scoped-Based Access Control (SBAC) - Agent Administration, Action Center, Response, Dashboards, and Reports.
Scoped Agent Admin is designed for SBAC. All permissions are limited to the endpoint scope assigned to the user. The role focuses on response actions and agent management within that scope, with no access to investigation, detections, or settings.
Tip
Assign to regional IT admins, site-specific endpoint managers, or MSSP analysts who should only manage and respond to endpoints within a specific scope (for example, a geographic region, business unit, or customer). SBAC ensures they cannot see or act on endpoints outside their assigned scope.
To quickly see exactly which pages and actions a role allows, click on the role name, which opens a read-only view of all checked permissions. For more information about the permissions, see Role permissions by components.