We are excited to announce the introduction of new roles designed to enhance the segregation of duties and permissions.
This functionality is currently scheduled to be released on Monday 30th June.
Who will get the roles?
Moving forward, new users who have access to Endpoint Protection (EPP) features will not automatically gain access to Extended Detection and Response (XDR) features. Instead, XDR and EPP capabilities can be allocated to separate user groups and combined as needed. Please see below for information about existing users as we introduce the new roles.
What do the various roles allow?
The minimum access level for XDR features includes the ability to view Broad Context Detections, without access to response actions or event searches. This access can be further expanded by combining roles that are specifically focused on the following three functional areas of XDR:
- Broad Context Detections
- Response
- Execute responses or
- List Responses or
- No access
- Event Search
I currently have an EPP role. What do I get as part of this new role introduction?
All existing EPP users at the time we introduce this change will be automatically granted access to XDR features in order to maintain backward compatibility:
User currently has | User will get |
|---|
Computers & mobiles: Full editing Servers: Full editing (epp:manage_all) | Event Search: Read-only Broad Context Detections: Full editing Response: Execute responses (elements:xdr-incident-full, elements:xdr-response-full, elements:xdr-event-search)
|
Computers & mobiles: Read-only Servers: Read-only (epp:readonly) | Event Search: Read-only Broad Context Detections: Read-only Response: List Responses (elements:xdr-incident-read, elements:xdr-response-read, elements:xdr-event-search)
|
Computers & mobiles: Full editing Servers: Read-only (epp:manage_computers_mobiles_only) | Event Search: Read-only Broad Context Detections: Full editing Response: Execute responses (elements:xdr-incident-full, elements:xdr-response-full, elements:xdr-event-search)
|
Computers & mobiles: Read-only Servers: Full editing (epp:manage_servers_only) | Event Search: Read-only Broad Context Detections: Full editing Response: Execute responses (elements:xdr-incident-full, elements:xdr-response-full, elements:xdr-event-search)
|
During migration period, new users assigned Endpoint Protection (EPP) roles will automatically receive XDR roles. However, once the migration is complete, newly created Endpoint Protection users will not have access to XDR features by default.