Just Published! Threat Report: Exposing Malware in Linux-Based Multi-Cloud Environments | Download Now

CB Response: Why are Global Administrators unable to be assigned to a team?

CB Response: Why are Global Administrators unable to be assigned to a team?

Environment

  • CB Response Server: Version 6.3.0 and higher

Question

Why are Global Administrators (On-premises) and Administrators (Cloud) unable to be assigned to a team?

Answer

  • The Global Administrator (On-premises) or Administrator (cloud) has access to all functionality for all computers in all sensor groups. Due to the power of the Administrator role it cannot be placed into a specific team as that user would still retain the ability to access all functionalities across the other teams established.
  • One of the driving factors of enhancing the role permissions within the CB Response server was to:
    • A) Reduce the amount of Global/Administrators required because of the power of that permission set 
      B) Allow for more granular permission controls over regular users i.e. limit their access to specific sensor groups and or functionalities e.g. Live Response 

Additional Notes

  • The new Analyst role is similar to a Global/Administrator but only within the confines of the team that Analyst user is a part of. For example the Analyst role can have the following permissions set within their respective team: 
    • Analyst – This role allows the user to monitor and respond to suspicious or malicious activity on endpoints in Sensor Groups for which it has the role. Analysts can be given additional, enhanced privileges on a per-user basis so that they are allowed to use special features: Live Response, isolation, hash banning, toggling tamper detection, and uninstalling the sensor. 

Related Content


Labels (1)
Tags (2)
Was this article helpful? Yes No
No ratings
Article Information
Author:
Creation Date:
‎04-05-2019
Views:
218
Contributors