Related Topics

TDR User Roles and Permissions

In your Threat Detection and Response account, user roles determine what information a user can see, and what actions a user can complete. If a user account has more than one user role, the user has the privileges from all of the assigned roles. All configuration tasks must be performed by a user with the Administrator or Operator user role.


A user assigned the Administrator role can manage user accounts and global Host Sensor settings. A user with the Administrator role has limited visibility into the status of the system, but cannot see the Dashboard or information about current incidents.

Administrators can:

  • Manage user accounts and user roles
  • Change their own user roles
  • Change Host Sensor settings
  • See the CYBERCON level
  • See the status of Firebox and Host Sensor licenses
  • Generate and schedule reports
  • See the Audit Log


A user assigned the Operator role can complete most actions, but cannot manage user accounts or change global Host Sensor settings.

Operators can:

  • Change the CYBERCON level
  • See the Dashboard
  • Take action on incidents and indicators
  • Add policies and exclusions
  • Generate and schedule reports
  • Set up AD Helper, Host Sensors, and Fireboxes
  • See information about hosts and network events
  • See domain and group information
  • Add signature overrides
  • See the Audit Log


A user assigned the Analyst user role can see most of the same status information as an Operator, but has less ability to make changes.

Analysts can:

  • See the Dashboard and CYBERCON level
  • See incidents, indicators, policies, and exclusions
  • Generate and schedule reports
  • See information about hosts, network events, and groups


A user assigned the Observer role can see the same information as an Analyst, except for policies and exclusions.

Observers can:

  • See the Dashboard and CYBERCON level
  • See incidents and indicators
  • Generate and schedule reports
  • See information about network events

Service Provider User Roles

Service Provider accounts manage multiple customer accounts. Users in a Service Provider account can have the Administrator (SP) and Operator (SP) user roles. For more information, see TDR Service Provider Accounts.

See Also

TDR Account Types

Give Us Feedback     Get Support     All Product Documentation     Technical Search