In your Threat Detection and Response account, Operator roles determine what information a user can see, and what actions a user can complete. The roles and permissions in TDR are managed as Operator roles in the WatchGuard Portal. All configuration tasks in TDR must be performed by an Operator with an Administrator or Analyst role.
TDR Operator roles are the same as WatchGuard Cloud roles. For information about WatchGuard Cloud Operator roles, see Manage WatchGuard Cloud Operators.
To manage user accounts or change operator roles, see Manage User Accounts in the WatchGuard Portal.
Subscriber Operator Roles
TDR Operators in a Subscriber account can have the Observer, Analyst, or Administrator roles.
Observer
An Operator assigned the Observer role has view permissions only for TDR.
Observers can:
- See the Dashboard and CYBERCON level
- See incidents and indicators
- See information about network events
Analyst
An Operator assigned the Analyst role can complete most actions but cannot manage Operator accounts.
Analysts can:
- Change the CYBERCON level
- See the Dashboard
- Take action on incidents and indicators
- Add policies and exclusions
- Generate and schedule reports
- Set up AD Helper, Host Sensors, and Fireboxes
- See information about hosts and network events
- See domain and group information
- Add signature overrides
- See the Audit Log
Administrator
A user assigned the Administrator role has the same permissions as an Analyst. In addition, Administrators can manage Operator accounts and reset features to default settings.
Administrators can:
- Manage Operator accounts and Operator roles
- Reset features to default settings
Service Provider Operator Roles
Service Provider accounts manage multiple customer accounts. TDR Operators in a Service Provider account can have the Owner, Sales, Helpdesk, and Auditor roles.
Owner
An Operator assigned the Owner role in a Service Provider account can assign Host Sensor licenses to managed customer accounts. Owners can also complete the same actions for a managed account as Administrators.
Owners:
- Assign Host Sensor licenses to managed accounts
- Configure the global Host Sensor settings in each managed account
- Manage all customer accounts with the same privileges as a user assigned the Administrator role
Sales
An Operator assigned the Sales role has read-only permission to configure services and Operators.
Helpdesk
An Operator assigned the Helpdesk role has the same permissions as an Analyst role for all accounts managed from the Service Provider account.
Auditor
An Operator assigned to the Auditor role has read-only permission throughout their Service Provider account.