Permissions of Default Administrator Roles

These tables list the default permissions for system-defined roles within the management console. Permissions in bold have child permissions that are only available after the main permission is selected.

The data that zone managers can view in the console is limited to the zones that they manage.

Dashboard

These permissions provide access to the dashboard page and cannot be disabled. The information displayed on the dashboard is determined by the role and permissions assigned to the administrator role.


Permission	Administrator	Zone Manager	User	Read-Only
Dashboard	√	√	√	√

Endpoint Detection Response

These permissions allow you to manage Aurora Focus features.


Permission	Administrator	Zone Manager	Read-Only
View detections	√	√	√
Edit detections	√
Delete detections	√
View, create InstaQuery	√	√	√
Delete InstaQuery	√
View, create advanced query	√	√	√
Create shared template	√
Delete shared template	√
Delete shared snapshots	√
Delete shared export query	√
Create scheduled query	√
Edit shared scheduled query	√
Delete shared scheduled query	√
View, create focus data	√	√	√
View package deploy	√		√
Create package deploy	√
Update package deploy	√
Delete package deploy	√
View playbook results	√	√	√
Delete playbook results	√
View package	√		√
Create package	√
Delete package	√
View playbook	√		√
Create, edit playbook	√
Delete playbook	√
View ruleset*	√
Edit ruleset	√
Delete ruleset	√
View rules	√
Create, edit custom rule	√
Delete custom rule	√
View exceptions	√
Create, edit exceptions	√
Delete exceptions	√
View lockdown configuration	√
Create, Edit lockdown configuration	√
Delete lockdown configuration	√

*To view a rule set, you require an administrator role with the View ruleset and Edit ruleset permissions.

Users and Devices

These permissions control what you can do with users and devices in the management console. You have to have global list permissions to global quarantine or add a threat to the safe list from these pages.


Permission	Administrator	Zone Manager	User	Read-Only
View users and groups	√			√
Create users and groups	√
Edit users and groups	√
Delete users and groups	√
View mobile devices	√			√
Delete mobile devices	√
View devices	√	√	√	√
Edit devices	√
Delete devices	√
Lock Optics device	√
Unlock Optics device	√	√
Execute remote response	√
Allow file download	√
View device policies	√	√		√
Create device policies	√
Edit device policies	√
Delete device policies	√
View zones	√	√	√	√
Create zones	√
Edit zones	√
Delete zones	√

Threat Protection

These permissions provide access to the protection menu, Aurora Protect Mobile alerts, and vulnerabilities.


Permission	Administrator	Zone Manager	User	Read-Only
View, create, edit, delete Persona	√		√	√
View threat protection	√	√	√	√
Edit Protect Mobile events	√
View Protect Mobile policies	√			√
Create Protect Mobile policies	√
Edit Protect Mobile policies	√
Delete Protect Mobile policies	√

Network

These permissions allow you to manage network protection settings, including network access control, Gateway settings, and Gateway alerts and events.


Permission	Administrator	Read-Only
View Gateway service policies	√	√
Create Gateway service policies	√
Edit Gateway service policies	√
Delete Gateway service policies	√
View network access controls	√	√
Edit network access controls	√
View Gateway settings	√	√
Create Gateway settings	√
Edit Gateway settings	√
Delete Gateway settings	√
View Gateway reporting events	√	√
View Gateway alerts and events	√	√

Avert

These permissions allow you to manage CylanceAVERT features.


Permission	Administrator	Read-Only
View Avert settings	√	√
Edit Avert settings	√
View Avert device identifier	√	√
View Avert risk scores	√	√
View Avert device events	√	√
View Avert policies	√	√
Create Avert policies	√
Edit Avert policies	√
Delete Avert policies	√
View Avert sensitive file summary	√
View Avert file content	√
Delete Avert files	√

Common

These permissions allow administrators to manage tenant-level settings that affect multiple features in the Aurora Endpoint Security solution, including EMM providers and directories, enrollment for mobile devices and Gateway, and adaptive risk options and events. For directory connections, you can create Microsoft Entra ID active directories (AD) only.


Permission	Administrator	Read-Only
View EMM connections	√	√
Create EMM connections	√
Edit EMM connections	√
Delete EMM connections	√
View directory connections	√	√
Create directory connections	√
Edit directory connections	√
Delete directory connections	√
View on-prem directory connector	√	√
Create on-prem directory connector	√
Edit on-prem directory connector	√
Delete on-prem directory connector	√
View authentication controls	√	√
Create authentication controls	√
Edit authentication controls	√
Delete authentication controls	√
View enrollment policies	√	√
Create enrollment policies	√
Edit enrollment policies	√
Delete enrollment policies	√
View adaptive risk policies	√	√
Create adaptive risk policies	√
Edit adaptive risk policies	√
Delete adaptive risk policies	√
View adaptive risk settings	√	√
Create adaptive risk settings	√
Edit adaptive risk settings	√
Delete adaptive risk settings	√
View OneAlert Events	√	√
Edit OneAlert Events	√
Delete OneAlert Events	√

Logging

These permissions allow you to view reports and the audit log.


Permission	Administrator	Zone Manager	User	Read-Only
View reports	√			√
View audit log	√

Settings

These permissions allow you to manage management console settings. User management permissions and role management permissions are associated. If a user is assigned a role with user management permissions selected, the user will also have access to role management functionality.


Permission	Administrator	Zone Manager	Read-Only
Application	√	√	√
Installation Token management	√
Installer Download	√	√
Invitation URL	√
Uninstall Password Management	√
Support Login	√
Syslog/SIEM	√
Custom Authentication	√
Threat Data Report	√
User Management	√	√
View Global List	√	√	√
Create Global List	√
Edit Global List	√
Delete Global List	√
View Agent Update Settings	√		√
Create Agent Update Settings	√
Edit Agent Update Settings	√
Delete Agent Update Settings	√
Certificates	√	√	√
Integrations	√		√
View device lifecycle settings	√		√
Create device lifecycle settings	√
Edit device lifecycle settings	√
Delete device lifecycle settings	√
View activation settings	√		√
Edit activation settings	√

Aurora Endpoint Security