🌙
 

Subscribe to the Taegis™ XDR Documentation RSS Feed at .

Learn more about RSS readers or RSS browser extensions.

User Roles

user management


What are the available roles and how should I assign them?

Note

Secureworks recommends you assign users the least-privileged role that allows them to perform their work in order to limit unnecessary access.

Tip

You can now create and manage custom roles using the categories and permissions detailed below to tailor access for your tenant users to your needs. For more information, see Custom Roles.

Administrator

Administrators are the most powerful users in Secureworks® Taegis™ XDR. They can access and use all features of the application, as well as manage users and security telemetry, such as integrations and CTU™ Countermeasures.

Organizational roles well suited to the Administrator role include:

Analyst

Analysts are primarily responsible for investigating alerts, searching for threats, and recommending response actions. Analysts cannot manage users. Secureworks anticipates that most users would be assigned the Analyst role.

Organizational roles well suited to the Analyst role include:

Responder

Like an Analyst, Responders can investigate alerts and search for threats, but they also have the ability to take response actions on a defined set of assets within the tenant.

Organizational roles well suited to the Responder role include:

Auditor

Auditors have the most limited access within Secureworks® Taegis™ XDR, as they have read-only access to the application. They can create searches and reports but cannot make changes to the data or their sources.

Organizational roles well suited to the Auditor role include:

User Role Permissions

Agent

Agent Tenant Admin Tenant Analyst Tenant Responder Tenant Auditor
Block yes no no no
Download an agent yes no no no
Isolate agents at a tenant level yes yes yes no
Issue reconnect yes no no no
View agent properties and status yes yes yes yes
Assign/remove a tag for a agent yes yes yes no
Uninstall yes no no no
Update agent properties yes no no no

Agent Config

AgentConfig Tenant Admin Tenant Analyst Tenant Responder Tenant Auditor
Create new agent configurations yes no no no
Delete existing agent configurations yes no no no
Read agent configurations yes yes yes yes
Update yes no no no

Agent Group

AgentGroup Tenant Admin Tenant Analyst Tenant Responder Tenant Auditor
Create new agent groups yes no no no
Delete agent groups yes no no no
View agent group properties and status yes yes yes yes
Update agents group assignments and agent group metadata. yes no no no

Alert

Alert Tenant Admin Tenant Analyst Tenant Responder Tenant Auditor
View an alert yes yes yes yes
Edit an alert yes yes yes no

Archive Configuration

ArchiveConfiguration Tenant Admin Tenant Analyst Tenant Responder Tenant Auditor
Create an archive configuration yes no no no
Delete an archive configuration yes no no no
View an archive configuration yes yes yes yes

Asset

Asset Tenant Admin Tenant Analyst Tenant Responder Tenant Auditor
Create asset tags yes yes yes no
Delete assets yes no yes no
Delete asset tags yes yes yes no
Update assets yes no no no
Isolate and integrate agents yes yes yes no
Update asset tags yes yes yes no

Audit

Audit Tenant Admin Tenant Analyst Tenant Responder Tenant Auditor
View self-created audit logs yes yes yes no
View tenant audit logs with partner user/email info redaction yes yes no yes

Client

Client Tenant Admin Tenant Analyst Tenant Responder Tenant Auditor
Create clients yes yes no no
Delete clients yes yes no no
View clients yes yes yes yes
Update clients yes yes no no

Collector

Collector Tenant Admin Tenant Analyst Tenant Responder Tenant Auditor
Create a collector yes no no no
Remove a collector yes no no no
Download collector files yes no no no
Download collector endpoint credentials yes no no no
Read collector properties yes yes yes yes
Configure a collector yes no no no

Comments

Comments Tenant Admin Tenant Analyst Tenant Responder Tenant Auditor
Create comments yes yes yes no
Delete comments yes yes yes no
Read comments yes yes yes yes
Update comments yes yes yes no

Contracted Endpoints

ContractedEndpoints Tenant Admin Tenant Analyst Tenant Responder Tenant Auditor
Read contracted endpoints infomation yes yes yes yes

Counter Measures

CounterMeasures Tenant Admin Tenant Analyst Tenant Responder Tenant Auditor
Download counter measures yes yes yes no
View counter measures yes yes yes yes

Data Source

DataSource Tenant Admin Tenant Analyst Tenant Responder Tenant Auditor
View data sources yes yes no yes
Tag a data sources yes yes no no

Detection Rules

DetectionRules Tenant Admin Tenant Analyst Tenant Responder Tenant Auditor
Create a detection rule yes yes no no
Remove a detection rule yes yes no no
Permanently remove a detection rule yes no no no
Read detection rules yes yes yes yes
Update a detection rule yes yes no no

Enterprise SSO Connection

Enterprise SSO Connection Tenant Admin Tenant Analyst Tenant Responder Tenant Auditor
Create enterprise sso connections yes no no no
Delete enterprise sso connections yes no no no
Read enterprise sso connections yes yes no yes
Update enterprise sso connections yes no no no

Entity Graph

EntityGraph Tenant Admin Tenant Analyst Tenant Responder Tenant Auditor
Read schema of properties in entity graph yes yes yes yes
Write, delete, and update schema of properties in entity graph yes yes yes no

File

File Tenant Admin Tenant Analyst Tenant Responder Tenant Auditor
Download a file yes yes yes yes
Read a file yes yes yes yes

Integration

Integration Tenant Admin Tenant Analyst Tenant Responder Tenant Auditor
Create an integration yes no no no
Remove an existing integration yes no no no
Download an integration yes no no no
View an integration properties and status yes yes yes yes
Update an integration yes no no no

Investigation

Investigation Tenant Admin Tenant Analyst Tenant Responder Tenant Auditor
Archive an investigation yes yes yes no
Assign an investigation to the tenant's "customer," ie to any user in the tenant yes yes no no
Assign an investigation to the tenant's "partner," ie to its parent tenant yes yes yes no
Create a new investigation yes yes yes no
Delete an investigation yes yes no no
Mention a tenant's "partner," ie its parent tenant, in a comment yes yes yes no
View an investigation yes yes yes yes
Search for an investigation yes yes yes yes
Update an investigation including adding comments, alerts and search results yes yes yes no

Notifications

Notifications Tenant Admin Tenant Analyst Tenant Responder Tenant Auditor
Create notifications yes yes yes no
Delete notifications yes yes yes no
Read notifications yes yes yes yes
Update notifications yes yes yes no

Orchestration Action

OrchestrationAction Tenant Admin Tenant Analyst Tenant Responder Tenant Auditor
Able trigger actions from investigations yes yes yes no
Lookup contextual information yes yes yes no
Trigger remediation response actions yes yes yes no

Orchestration Connection

OrchestrationConnection Tenant Admin Tenant Analyst Tenant Responder Tenant Auditor
Create an orchestration connection yes no no no
Remove an orchestration connection yes no no no
View an orchestration connection properties and status yes yes yes yes
Modify an orchestration connection yes no no no

Orchestration Connection Method

OrchestrationConnectionMethod Tenant Admin Tenant Analyst Tenant Responder Tenant Auditor
View an orchestration connection method properties and status yes yes yes yes

Orchestration Connector

OrchestrationConnector Tenant Admin Tenant Analyst Tenant Responder Tenant Auditor
Create an orchestration connector yes no no no
Remove an orchestration connector yes no no no
View an orchestration connector properties and status yes yes yes yes
Modify an orchestration connector yes no no no

Partner Tenant

PartnerTenant Tenant Admin Tenant Analyst Tenant Responder Tenant Auditor
Read partner tenant information (subscriptions, partner relationships) yes yes no yes
Update partner tenant information (subscriptions, partner relationships) yes no no no

Playbook

Playbook Tenant Admin Tenant Analyst Tenant Responder Tenant Auditor
Create a playbook yes no no no
Delete playbook properties yes no no no
Execute a playbook yes no no no
View playbook properties and results yes yes yes yes
Modify playbook properties yes no no no

Playbook Instance

PlaybookInstance Tenant Admin Tenant Analyst Tenant Responder Tenant Auditor
Create a playbook instance yes no no no
Delete a playbook instance yes no no no
Execute a playbook instance yes yes yes no
View a playbook instance properties, executions and results yes yes yes yes
Modify a playbook instance yes no no no

Report

Report Tenant Admin Tenant Analyst Tenant Responder Tenant Auditor
Create a report yes yes yes yes
Delete an existing report yes yes yes yes
View a report yes yes yes yes
View all reports within the tenant env if those reports are marked as 'share with admin' yes no no no
Edit an existing report yes yes yes yes
Search Tenant Admin Tenant Analyst Tenant Responder Tenant Auditor
Create and save a search yes yes yes yes
Remove an existing search yes no no no
View search results yes yes yes yes
Update and existing search yes yes yes yes

Tenant

Tenant Tenant Admin Tenant Analyst Tenant Responder Tenant Auditor
Create a tenant yes no no no
Read tenant properties yes yes yes yes
Update a tenant yes no no no

Tenant Preference

TenantPreference Tenant Admin Tenant Analyst Tenant Responder Tenant Auditor
Create a tenant preference yes no no no
Delete a tenant preference yes no no no
Read a tenant preference yes yes yes yes
Update a tenant preference yes no no no

Tenant Profile

TenantProfile Tenant Admin Tenant Analyst Tenant Responder Tenant Auditor
Create a tenant profile yes no no no
Read a tenant profile yes yes no no

Tenant Profile Cse Contact

TenantProfileCseContact Tenant Admin Tenant Analyst Tenant Responder Tenant Auditor
Create tenant profile cse contacts yes no no no
Remove tenant profile cse contacts yes no no no
Read tenant profile cse contacts yes yes no no
Update tenant profile cse contacts yes no no no

Tenant Profile Health Contact

TenantProfileHealthContact Tenant Admin Tenant Analyst Tenant Responder Tenant Auditor
Create tenant profile health contacts yes no no no
Remove tenant profile health contacts yes no no no
Read tenant profile health contacts yes yes no no
Update tenant profile health contacts yes no no no

Tenant Profile Network Info

TenantProfileNetworkInfo Tenant Admin Tenant Analyst Tenant Responder Tenant Auditor
Create tenant profile network information yes no no no
Remove tenant profile network information yes no no no
Read tenant profile network information yes yes no no
Update tenant profile network information yes no no no

Tenant Profile Network Range

TenantProfileNetworkRange Tenant Admin Tenant Analyst Tenant Responder Tenant Auditor
Create tenant profile network range yes no no no
Remove tenant profile network range yes no no no
Read tenant profile network range yes yes no no
Update tenant profile network range yes no no no

User

User Tenant Admin Tenant Analyst Tenant Responder Tenant Auditor
Invite a user to a tenant yes no no no
Create a pre registered user yes no no no
Deactivate a user yes no no no
Read a user yes yes yes yes
Update a user's properties including assigned access roles yes no no no

 

On this page: