☰

🌙☀

Subscribe to the Taegis™ XDR Documentation RSS Feed at .

Learn more about RSS readers or RSS browser extensions.

Taegis Docs Home
About XDR
Get Started
- Get Started with XDR
- Top 5 Tasks
Integrate with XDR
- Integration Overview
- Data Source Integration Definitions
- All Available Integrations
- Add Data Collectors
- Add Endpoint Agents
- Forward Data to XDR
- Create Custom Parsers
  - Overview
  - Syntax
  - Repeating Fields
  - Overriding and Extending Global Parsers
  - Supported Schemas
  - All Schemas
    - Antivirus
    - Auth
    - CloudAudit
    - DHCP
    - DNS
    - Email
    - Encrypt
    - FileMod
    - HTTP
    - Management Event
    - Netflow
    - NIDS
    - Process
    - Registry
    - Thirdparty
    - Types
Manage Integrations
Alerts, Events, and Investigations
- Alerts
- Events
- Investigations
- CyberChef
Dashboards
Search and Reports
- Search
- Reports
Automation
- Automation Overview
- Supported Playbooks
- Supported Connectors
- Playbooks
- Connectors
- Automation Authoring
  - Building Connector Definitions
  - Building Playbook Templates
  - Common Expression Language (CEL)
Threat Intelligence, Hunting, and Detection
- Threat Intelligence
- Threat Hunting
  - Hunting with Jupyter Notebooks
- Detectors
- Adversary Software Coverage
  - Adversary Software Coverage
  - Frequently Asked Questions
XDR Admin
- Your Account
- Tenant Settings
APIs, SDK, and Magic
- Using XDR GraphQL APIs
- API Authentication
- XDR Python SDK
- Taegis Magic Jupyter Integration
  - Overview
- Alerts API
  - Using the Alerts API
  - Alerts GraphQL API
- Assets API
- Audits API
  - Using the Audits API
  - Audits GraphQL API
- Automations APIs
- Bring Your Own Threat Intelligence API
  - Using the BYOTI API
  - BYOTI GraphQL API
- Collector APIs
- Investigations API
  - Using the Investigations API
  - Investigations GraphQL API
- Threat Intelligence API
  - Using the Threat Intelligence API
  - Threat Intelligence GraphQL API
- Using the Users GraphQL API
- Using the Tenants GraphQL API
- Using the Countermeasures API
- Using the File Upload API
Secureworks Products, Services, and Policies
- Managed iSensor
- ManagedXDR
- ManagedXDR Elite
  - Service Description
  - Onboarding Guide
- ManagedXDR for OT
- ManagedXDR Enhanced
  - Service Description
  - Onboarding Guide
- ManagedXDR–Managed iSensor Add-on
- Secureworks Professional Services
- Legal

Custom Roles

By default, there are four Secureworks-managed user roles set across all customer tenants that cannot be changed; the permissions for each role are the same in all tenants:

Tenant Administrator
Tenant Analyst
Tenant Auditor
Tenant Responder

Custom Roles allows you to create and manage roles using the categories and permissions detailed in User Roles to tailor access for your tenant users to your needs.

Custom Roles and Tenant Types ⫘

Tenant Administrators for tenants that are direct customers of Secureworks can create custom roles that can only be used within their tenant and that are not available for use in other tenants.
Secureworks MSSP Partners can create custom roles in their parent, or partner, tenant to assign to their support users. Partner users assigned with a custom role have those role restrictions applied against any of the partner's customer tenants that the user can access.
MSSP Partners' customers do not have visibility of the custom roles set at the partner tenant level and are not able to assign any of their users to those custom roles.

Access Custom Roles ⫘

Access to create and edit custom roles is restricted to Tenant Administrators only, while other Secureworks-managed roles can view the custom roles but not edit them.

Secureworks-managed roles can be viewed and copied but can't be edited.

To view, create, and edit custom roles:

From the Secureworks® Taegis™ XDR left-hand side navigation, select Tenant Settings → Roles & Permissions.
Roles & Permissions displays.

Roles & Permissions

View Roles ⫘

The Roles table can be customized and filtered to refine the view with the following controls.

Roles Table

Select All to apply no filter and view all roles.
Select Managed to see only the four Secureworks-managed roles.
Select Custom to see only customer-created tenant roles.
Type a short string in the search field to filter roles based on the Role Name.

Add a New Custom Role ⫘

To create a new custom role for your tenant, follow these steps:

Select Add Custom Role from the top right of Roles & Permissions. The Add Custom Role form displays.
From the Summary section, enter a custom role name and description of the role purpose; for example, the type of user that would be assigned the role.

Add Custom Role

Clone an Existing Role ⫘

(Optional) From the Clone Permissions From dropdown menu, select an existing role to be cloned as a base definition of access rights for the new custom role. Once selected, the permissions of the cloned role are applied to the new role.

Clone an Existing Role

Define Custom Role ⫘

From the Permissions section, filter the categories if needed using the search field and then select a category from the left. Toggle the permissions for each category on or off from the right.

Define Custom Role

Note

Some permissions can't be toggled off. For more information, see Permission Exceptions.

Save Custom Role ⫘

Once all permissions have been set as desired, select Save Custom Role and a confirmation message displays to confirm the successful creation of the new custom role.

Assign Custom Role to a User ⫘

From Tenant Settings → Users on the XDR left-hand side navigation, the new custom role is now available to select when inviting a new user or editing a user role.

Edit a Custom Role ⫘

From the Tenant Settings → Roles & Permissions page in XDR, select the Edit Role pencil icon from the Actions column for the desired custom role. The Edit Custom Role form displays.

Edit Custom Role

Edit the role summary or permissions as needed, and then select Save Custom Role.

Delete a Custom Role ⫘

Note

Custom roles cannot be deleted if there are users assigned to the role. See Edit User Roles to reassign their role first.

From the Tenant Settings → Roles & Permissions page in XDR, select the Delete Role trash icon from the Actions column for the desired custom role.

Delete Custom Role

If there are users assigned to the custom role, a message displays informing you to reassign their role first. See Edit User Roles.

Delete Custom Role Warning

Once there are no more users assigned to the custom role, a message displays informing you the action cannot be undone. Confirm your action by selecting Confirm Delete.

Delete Custom Role Confirmation

View and Compare Permissions ⫘

View and Compare Permissions

From Roles & Permissions, select the Permissions tab from the top left. The Permissions table displays currently configured roles on the left and their assigned permissions on the right.
Select up to 10 roles you wish to compare using the checkboxes on the left.
The columns on the right reflect the selected roles and allow quick comparison of permissions.

Note

Role permissions can only be viewed from this tab. To edit a role, see Edit a Custom Role.

Permission Exceptions ⫘

The following permissions are required to remain enabled in custom roles to ensure that access and utilization of the role remains consistent:

View Alerts
Search Alerts
View Investigations
Read Preferences
Read Users

There are also checks that occur when permissions are applied to a custom role. For example, a warning displays if a write permission is enabled without the corresponding read permission being enabled, which may restrict access to a certain feature.

Permissions Warning

Custom Roles

Custom Roles and Tenant Types ⫘

Access Custom Roles ⫘

View Roles ⫘

Add a New Custom Role ⫘

Clone an Existing Role ⫘

Define Custom Role ⫘

Save Custom Role ⫘

Assign Custom Role to a User ⫘

Edit a Custom Role ⫘

Delete a Custom Role ⫘

View and Compare Permissions ⫘

Permission Exceptions ⫘

On this page: