Use predefined roles to easily assign View and Edit permissions to Expander users.
Cortex Xpanse provides a set of predefined user roles that you can use to assign View and Edit permission to Cortex Xpanse users. Each predefined role extends a specific set of privileges to users. The permissions defined in the predefined roles cannot be changed, but you can save a predefined role as a new role and edit it as needed.
The following tables describe the permissions defined for each of the predefined roles. The tables are organized by section and component, which is how they are displayed in the Roles window at → → → .
Account Admin
The following table shows the permissions for the predefined role Account Admin.
Section | Component | Permissions | ||
---|---|---|---|---|
None | View | View/Edit | ||
Dashboards & Reports | Dashboards | - | - | |
Reports | - | - | ||
Incident Response | Alerts & Incidents | - | - | |
Query Center | - | - | ||
Personal Query Library | - | - | ||
Playbooks | - | - | ||
Remediation Path Rules | - | - | ||
Attack Surface Rules | - | - | ||
Vulnerability Testing | - | - | ||
Assets | Network Configuration | - | - | |
Asset Inventory | - | - | ||
Business Unit Overrides | - | - | ||
Websites | - | - | ||
Marketplace | Browse | - | - | |
Configurations | Auditing | - | - | |
Alert Notifications | - | - | ||
General Configuration | - | -- | ||
Group Management | - | - | ||
Public API | - | - | ||
Incident Properties | - | - | ||
Integrations | - | - |
Analyst
The following table shows the permissions for the predefined role Analyst.
Section | Component | Permissions | ||
---|---|---|---|---|
None | View | View/Edit | ||
Dashboards & Reports | Dashboards | - | - | |
Reports | - | - | ||
Incident Response | Alerts & Incidents | - | - | |
Query Center | - | - | ||
Personal Query Library | - | - | ||
Playbooks | - | - | ||
Remediation Path Rules | - | - | ||
Attack Surface Rules | - | - | ||
Vulnerability Testing | - | - | ||
Assets | Network Configuration | - | - | |
Asset Inventory | - | - | ||
Business Unit Overrides | - | - | ||
Websites | - | - | ||
Marketplace | Browse | - | - | |
Configurations | Auditing | - | - | |
Alert Notifications | - | - | ||
General Configuration | - | - | ||
Group Management | -- | - | ||
Public API | - | - | ||
Incident Properties | - | - | ||
Integrations | - | - |
Group Manager
The following table shows the permissions for the predefined role Group Manager.
Section | Component | Permissions | ||
---|---|---|---|---|
None | View | View/Edit | ||
Dashboards & Reports | Dashboards | - | - | |
Reports | - | - | ||
Incident Response | Alerts & Incidents | - | - | |
Query Center | - | - | ||
Personal Query Library | - | - | ||
Playbooks | - | - | ||
Remediation Path Rules | - | - | ||
Attack Surface Rules | - | - | ||
Vulnerability Testing | - | - | ||
Assets | Network Configuration | -- | - | |
Asset Inventory | - | - | ||
Business Unit Overrides | - | - | ||
Websites | - | - | ||
Marketplace | Browse | - | - | |
Configurations | Auditing | - | - | |
Alert Notifications | - | - | ||
General Configuration | - | - | ||
Group Management | - | - | ||
Public API | - | - | ||
Incident Properties | - | - | ||
Integrations | - | - |
Instance Administrator
The following table shows the permissions for the predefined role Instance Administrator.
Note
Users with the Instance Administrator role (or custom roles that give the same permissions as Instance Administrator) cannot be restricted using scope-based access control.
Section | Component | Permissions | ||
---|---|---|---|---|
None | View | View/Edit | ||
Dashboards & Reports | Dashboards | - | - | |
Reports | - | - | ||
Incident Response | Alerts & Incidents | - | - | |
Query Center | - | - | ||
Personal Query Library | - | - | ||
Playbooks | - | - | ||
Remediation Path Rules | - | - | ||
Attack Surface Rules | - | - | ||
Vulnerability Testing | - | - | ||
Assets | Network Configuration | -- | - | |
Asset Inventory | - | - | ||
Business Unit Overrides | - | - | ||
Websites | - | - | ||
Marketplace | Browse | - | - | |
Configurations | Auditing | - | - | |
Alert Notifications | - | - | ||
General Configuration | - | - | ||
Group Management | - | - | ||
Public API | - | - | ||
Incident Properties | - | - | ||
Integrations | - | - |
Privileged IT Admin
The following table shows the permissions for the predefined role Privileged IT Admin.
Section | Component | Permissions | ||
---|---|---|---|---|
None | View | View/Edit | ||
Dashboards & Reports | Dashboards | - | - | |
Reports | - | - | ||
Incident Response | Alerts and Incidents | - | - | |
Query Center | - | - | ||
Personal Query Library | - | - | ||
Playbooks | - | - | ||
Remediation Path Rules | - | - | ||
Attack Surface Rules | - | - | ||
Vulnerability Testing | - | - | ||
Assets | Network Configuration | - | - | |
Asset Inventory | -- | - | ||
Business Unit Overrides | - | - | ||
Websites | - | - | ||
Marketplace | Browse | - | - | |
Configurations | Auditing | - | - | |
Alert Notifications | - | - | ||
General Configuration | - | - | ||
Group Management | - | - | ||
Public API | - | - | ||
Incident Properties | - | - | ||
Integrations | - | - |
Security Engineer
The following table shows the permissions for the predefined role Security Engineer.
Section | Component | Permissions | ||
---|---|---|---|---|
None | View | View/Edit | ||
Dashboards & Reports | Dashboards | - | - | |
Reports | - | - | ||
Incident Response | Incidents and Alerts | - | - | |
Query Center | - | - | ||
Personal Query Library | - | - | ||
Playbooks | - | - | ||
Remediation Path Rules | - | -- | ||
Attack Surface Rules | - | - | ||
Vulnerability Testing | - | - | ||
Assets | Network Configuration | - | - | |
Asset Inventory | - | - | ||
Business Unit Overrides | - | - | ||
Websites | - | - | ||
Marketplace | Browse | - | - | |
Configurations | Auditing | - | - | |
Alert Notifications | - | - | ||
General Configuration | - | - | ||
Group Management | - | - | ||
Public API | - | - | ||
Incident Properties | - | - | ||
Integrations | - | - |
Viewer
The following table shows the permissions for the predefined role Viewer.
Section | Component | Permissions | ||
---|---|---|---|---|
None | View | View/Edit | ||
Dashboards & Reports | Dashboards | - | - | |
Reports | - | - | ||
Incident Response | Alerts and Incidents | - | - | |
Query Center | - | - | ||
Personal Query Library | - | - | ||
Playbooks | - | - | ||
Remediation Path Rules | - | - | ||
Attack Surface Rules | - | - | ||
Vulnerability Testing | - | - | ||
Assets | Network Configuration | - | - | |
Asset Inventory | - | - | ||
Business Unit Overrides | - | - | ||
Websites | - | - | ||
Marketplace | Browse | - | - | |
Configurations | Auditing | - | - | |
Alert Notifications | - | - | ||
General Configuration | - | - | ||
Group Management | - | - | ||
Public API | - | - | ||
Incident Properties | - | - | ||
Integrations | - | - |