TDR Operator Roles and Permissions

In your Threat Detection and Response account, Operator roles determine what information an user can see, and what actions a user can complete. The roles and permissions in TDR are managed as Operator roles in the WatchGuard Portal. All configuration tasks in TDR must be performed by an Operator with an Administrator or Analyst role.

Old TDR Roles and New WatchGuard Cloud Roles

TDR roles are now the same as WatchGuard Cloud Operator roles. Roles and permissions are managed in the WatchGuard Portal. The roles are hierarchical, with the permissions of lower-level roles included in the higher-level roles. For example, Administrators have the same permissions as Analysts and Observers plus additional permissions. If a task requires an Analyst role, Administrators can also perform the task. The table below maps the old TDR user roles to the WatchGuard Cloud Operator roles.

Old TDR Role WatchGuard Cloud Role
Administrator Administrator
Operator Analyst
Analyst Observer
Observer Observer

For information about WatchGuard Cloud Operator roles, see About Operators.

To manage user accounts or change operator roles, see Manage User Accounts in the WatchGuard Portal.


An Operator assigned the Observer role has view permissions only for TDR.

Observers can:

  • See the Dashboard and CYBERCON level
  • See incidents and indicators
  • See information about network events


An Operator assigned the Analyst role can complete most actions but cannot manage Operator accounts.

Analysts can:

  • Change the CYBERCON level
  • See the Dashboard
  • Take action on incidents and indicators
  • Add policies and exclusions
  • Generate and schedule reports
  • Set up AD Helper, Host Sensors, and Fireboxes
  • See information about hosts and network events
  • See domain and group information
  • Add signature overrides
  • See the Audit Log


A user assigned the Administrator role has the same permissions as an Analyst. In addition, Administrators can manage Operator accounts and reset features to default settings.

Administrators can:

  • Manage Operator accounts and Operator roles
  • Reset features to default settings

Service Provider User Roles

Service Provider accounts manage multiple customer accounts. Operators in a Service Provider account can have the Owner and Helpdesk roles.

For more information, see TDR Service Provider Accounts.

See Also

TDR Account Types