Use predefined roles to easily assign View and Edit permissions to Expander users.
Cortex Xpanse provides a set of predefined user roles that you can use to assign View and Edit permission to Cortex Xpanse users. Each predefined role extends a specific set of privileges to users. The permissions defined in the predefined roles cannot be changed, but you can save a predefined role as a new role and edit it as needed.
The following tables describe the permissions defined for each of the predefined roles. The tables are organized by section and component, which is how they are displayed in the Roles window at → → → .
Account Admin
The following table shows the permissions for the predefined role Account Admin.
Section | Component | Permissions | ||
|---|---|---|---|---|
None | View | View/Edit | ||
Dashboards & Reports | Dashboards | - | - |
|
Reports | - | - |
| |
Incident Response | Alerts & Incidents | - | - |
|
Query Center | - | - |
| |
Personal Query Library | - | - |
| |
Playbooks | - | - |
| |
Remediation Path Rules | - | - |
| |
Attack Surface Rules | - | - |
| |
Assets | Network Configuration | - | - |
|
Asset Inventory | - | - |
| |
Business Unit Overrides | - | - |
| |
Websites | - |
| - | |
Marketplace | Browse | - | - |
|
Configurations | Auditing | - |
| - |
General Configuration | - | -- |
| |
Alert Notifications | - | - |
| |
Integrations | - | - |
| |
Public API | - | - |
| |
Analyst
The following table shows the permissions for the predefined role Analyst.
Section | Component | Permissions | ||
|---|---|---|---|---|
None | View | View/Edit | ||
Dashboards & Reports | Dashboards | - | - |
|
Reports | - | - |
| |
Incident Response | Alerts & Incidents | - | - |
|
Query Center | - | - |
| |
Personal Query Library | - | - |
| |
Playbooks | - | - |
| |
Remediation Path Rules | - | - |
| |
Attack Surface Rules | - | - |
| |
Assets | Network Configuration | - | - |
|
Asset Inventory | - | - |
| |
Business Unit Overrides |
| - | - | |
Websites | - |
| - | |
Marketplace | Browse | - | - |
|
Configurations | Auditing |
| - | - |
General Configuration | - |
| - | |
Alert Notifications |
| -- | - | |
Integrations | - | - |
| |
Public API | - |
| - | |
Instance Administrator
The following table shows the permissions for the predefined role Instance Administrator.
Note
Users with the Instance Administrator role (or custom roles that give the same permissions as Instance Administrator) cannot be restricted using scope-based access control.
Section | Component | Permissions | ||
|---|---|---|---|---|
None | View | View/Edit | ||
Dashboards & Reports | Dashboards | - | - |
|
Reports | - | - |
| |
Incident Response | Alerts & Incidents | - | - |
|
Query Center | - | - |
| |
Personal Query Library | - | - |
| |
Playbooks | - | - |
| |
Remediation Path Rules | - | - |
| |
Attack Surface Rules | - | - |
| |
Assets | Network Configuration | -- | - |
|
Asset Inventory | - | - |
| |
Business Unit Overrides | - | - |
| |
Websites | - |
| - | |
Marketplace | Browse | - | - |
|
Configurations | Auditing | - |
| - |
General Configuration | - | - |
| |
Alert Notifications | - | - |
| |
Integrations | - | - |
| |
Public API | - | - |
| |
Privileged IT Admin
The following table shows the permissions for the predefined role Privileged IT Admin.
Section | Component | Permissions | ||
|---|---|---|---|---|
None | View | View/Edit | ||
Dashboards & Reports | Dashboards |
| - | - |
Reports |
| - | - | |
Incident Response | Alerts and Incidents |
| - | - |
Query Center |
| - | - | |
Personal Query Library |
| - | - | |
Playbooks | - | - |
| |
Remediation Path Rules |
| - | - | |
Attack Surface Rules |
| - | - | |
Assets | Network Configuration |
| - | - |
Asset Inventory |
| -- | - | |
Business Unit Overrides |
| - | - | |
Websites |
| - | - | |
Marketplace | Browse | - | - |
|
Configurations | Auditing |
| - | - |
General Configuration | - | - |
| |
Alert Notifications |
| - | - | |
Integrations | - | - |
| |
Public API | - | - |
| |
Security Engineer
The following table shows the permissions for the predefined role Security Engineer.
Section | Component | Permissions | ||
|---|---|---|---|---|
None | View | View/Edit | ||
Dashboards & Reports | Dashboards | - | - |
|
Reports | - | - |
| |
Incident Response | Incidents and Alerts | - | - |
|
Query Center | - | - |
| |
Personal Query Library | - | - |
| |
Playbooks | - | - |
| |
Remediation Path Rules | - | -- |
| |
Attack Surface Rules | - | - |
| |
Assets | Network Confifiguration | - |
| - |
Asset Inventory | - |
| - | |
Business Unit Overrides |
| - | - | |
Websites | - |
| - | |
Marketplace | Browse | - |
| - |
Configurations | Auditing |
| - | - |
General Configuration | - |
| - | |
Alert Notifications |
| - | - | |
Integrations | - |
| - | |
Public API | - |
| - | |
Viewer
The following table shows the permissions for the predefined role Viewer.
Section | Component | Permissions | ||
|---|---|---|---|---|
None | View | View/Edit | ||
Dashboards & Reports | Dashboards | - |
| - |
Reports | - |
| - | |
Incident Response | Alerts and Incidents | - |
| - |
Query Center | - |
| - | |
Personal Query Library | - |
| - | |
Playbooks | - |
| - | |
Remediation Path Rules | - |
| - | |
Attack Surface Rules | - |
| - | |
Assets | Network Configuration | - |
| - |
Asset Inventory | - |
| - | |
Business Unit Overrides |
| - | - | |
Websites | - |
| - | |
Marketplace | Browse | - |
| - |
Configurations | Auditing | - |
| - |
General Configuration | - |
| - | |
Alert Notifications | - |
| - | |
Integrations | - |
| - | |
Public API | - |
| - | |