Add a custom role

You can add custom roles if you're a Super Admin.

Custom roles are based on the predefined roles. You can restrict the access for a custom role to a specific product. You can also create a role that allows an administrator to have full access to one product and read-only access to a second product.

Restriction If a role doesn't have access to both Endpoint Protection and Server Protection (in some cases Encryption as well), the shared settings are read-only.

The shared settings are:

  • Tamper protection
  • Allowed applications
  • Website management
  • Proxy configuration
  • Blocked item
  • Bandwidth usage (Encryption access required)
  • HTTPS updating
  • DLP rules
  • Manage content control list
  • Reject network connections
  • EDR threat analysis center

To create a custom role:

  1. In Settings, on the Role Management page, select Add role.
  2. Give the custom role a name and a description.
  3. Select the Base role you want to use as the basis for the custom role.
    For example, if you choose Help Desk as the Base role, administrators with the custom role have Help Desk permissions.
  4. Choose the product and access type you want the role to have.
    For example, you create a custom role called Endpoint Help Desk. This custom role uses Read-only as its Base role and Endpoint Protection as its selected product with an access type of Help Desk.

    This custom role allows any administrators assigned to this role to access Endpoint Protection with Help Desk permissions.

    1. Choose more than one product, if required.

      You can choose different access types for different products.

      For example, you can create a custom role with Help Desk access permissions for Endpoint Protection and Read-only access for Mobile. You can set the permissions for all other products to None. This means that the custom role only has access to Endpoint Protection with Help Desk permissions and Mobile with Read-only permissions.
  5. Choose the additional access and management options for the custom role.
    • Enable access to logs & reports.
    • Enable policy management (add, edit, and delete).
    • Enable policy assignment to users, device, etc.. (turn policies on and off; and add users, user groups, devices and device groups to existing policies).
    • Start Live Response sessions on computers (connect to a computer to investigate and remediate possible security issues). This option is available only if you've chosen the Endpoint Protection product with the Full or Help Desk access type.
    • Start Live Response sessions on servers (connect to a server to investigate and remediate possible security issues). This option is available only if you've chosen the Server Protection product with the Full or Help Desk access type.
    • Manage Live Response settings for computers (turn on Live Response for computers and exclude specific computers from Live Response). This option is available only if you've chosen the Endpoint Protection product with the Full access type.
    • Manage Live Response settings for servers (turn on Live Response for servers and exclude specific servers from Live Response). This option is available only if you've chosen the Server Protection product with the Full access type.
    For example, this allows a Super Admin to add logs & reports access to a Read-only or Help Desk role. You can also use these options to reduce the permissions for an Admin role. For example, you could prevent the custom role from managing policies.
    Note These additional options only apply to the selected products for the custom role.

    Apart from the Live Response options, all options are the same for all products and access types for the custom role.

  6. Select Save.

You can now assign this role to administrators.