Manage Asset Roles for Users - Learn how to edit the user lists assigned to asset roles. - Administrator Guide - Cortex XDR - Cortex - Security Operations

Included Users: Displays all the users Cortex XDR automatically detects as having this asset role, as well as any users you have manually added.

Excluded Users: Displays the users that were manually removed from the asset role.

Exclude a User: Right-click a user in the included list and select Exclude User. The user moves to the Excluded list, which overrides future automatic detections and ensures they are not added back to the role. By default, Cortex XDRalso removes the user from the parent asset roles.

Advanced Exclusion Settings: To remove a user from a child asset role but leave them in any parent asset roles, click Advanced Exclusion Settings and select Don't Exclude next to the name of the parent role.

Manually Add Users: Click Add User to manually assign a role. To add users one by one, click Add New and type the usernames using the exact Netbios\samAccount format. To add users in bulk, click Import from File and upload a structured CSV.

Delete vs. Exclude: If you right-click and select Delete User on a manually added user, the user is removed from the included list. If the system automatically detects the user acting in that role in the future, they appear in the included list again. To permanently prevent them from being associated with the role, you must use the Exclude action.