Learn more about the Cortex XSIAM predefined user role called Viewer.
Provides broad read-only access across almost all areas, such as dashboards, policies, endpoints, configurations, and audit, but has no edit permissions, including edit, respond, or configure.
Tip
Assign to stakeholders, managers, auditors, or compliance officers who need visibility into the security posture and operations but should never modify anything. Also useful for new SOC team members during onboarding who need to observe before being granted active permissions.
To quickly see exactly which pages and actions a role allows, click on the role name, which opens a read-only view of all checked permissions. For more information about the permissions, see Role permissions by components.