CB Response: Why are Global Administrators unable to be assigned to a team?
CB Response Server: Version 6.3.0 and higher
Why are Global Administrators (On-premises) and Administrators (Cloud) unable to be assigned to a team?
The Global Administrator (On-premises) or Administrator (cloud) has access to all functionality for all computers in all sensor groups. Due to the power of the Administrator role it cannot be placed into a specific team as that user would still retain the ability to access all functionalities across the other teams established.
One of the driving factors of enhancing the role permissions within the CB Response server was to:
A) Reduce the amount of Global/Administrators required because of the power of that permission set B) Allow for more granular permission controls over regular users i.e. limit their access to specific sensor groups and or functionalities e.g. Live Response
The new Analyst role is similar to a Global/Administrator but only within the confines of the team that Analyst user is a part of. For example the Analyst role can have the following permissions set within their respective team:
Analyst – This role allows the user to monitor and respond to suspicious or malicious activity on endpoints in Sensor Groups for which it has the role. Analysts can be given additional, enhanced privileges on a per-user basis so that they are allowed to use special features: Live Response, isolation, hash banning, toggling tamper detection, and uninstalling the sensor.