Team: Huntress EDR
Environment: Portal, Dashboard
Summary: How to set Huntress User Roles.
Setting Huntress User Permissions
Account-Level
Organization-Level
For information on adding or managing users, see this article: Managing Huntress Users.
If you have larger customers who need their own reporting integration but still require your expertise (co-managed IT, for example), you can view this page to learn more about the process of becoming a Huntress Reseller.
Account-Level
NOTE: Account-Level Admins/Users can access any organizations listed under the account
Account-Level Admin
Admins have full access to modify everything across Huntress and can view/modify billing information.
Account-Level Security Engineer
Security Engineers can perform most security functions, such as host isolation or assisted remediation, but cannot view/edit billing.
Security Engineers cannot:
- Create/Modify/Delete Account-Level users
- Create/Modify/Delete Organizations
- View/change billing information (including invoices and contracts)
- Manage integration settings
- Regenerate an account key
Security Engineers can:
- Approve/Reject Assisted Remediation
- Manually isolate or de-isolate hosts
- Download the Huntress installer (and view the account key)
- Manage Incident Reports
- Do bulk Managed AV actions such as quick/full scan, update or change audit/enforce mode
- Add/remove exclusions
- Change global preferences such as SAML SSO or manage Host Isolation settings
- Act on an Escalation (Resend Report or Resolve)
- Bulk move or remove agents across organizations
- Change Account-Level AV policy
- Change Organization-Level AV policy
- Access Security Awareness Training via the SAT icon in the dashboard
Account-Level User
The User role is similar to the Security Engineer role but has less access overall. These are the differences:
Users cannot:
- Manually isolate or de-isolate hosts
- Add/remove exclusions
- Manage Incident Reports
- Manage Escalations
- Change global preferences such as SAML SSO or manage Host Isolation settings
-
Perform managed AV actions
- Do any bulk Managed AV actions such as quick/full scan, update or change audit/enforce mode
- Change Managed AV configuration on either account, org or single machine scope
- Force a Managed AV scan on a single target
- Access Security Awareness Training via the SAT icon in the dashboard
Users can:
-
Create/Modify/Delete Organizations
- This is the only access that Users have that Security Engineers do not. We are considering removing this capability from the User role in the future.
Finance
- Limited to Billing and Invoices areas ONLY
- View Past Invoices
- View breakdown of agents per organization in an invoice
- View payment receipts
- Update Payment Info
- Update Billing Info
Marketing
Marketing users can only access the Partner Enablement Service (PES).
Read-Only
Read-only users can see everything as a User can, but cannot modify/delete/add anything across the Huntress Dashboard.
Organization-Level
NOTE: Organization-Level Admins/Security Engineers/Users cannot view or access Escalations or any other organization.
ANOTHER NOTE: Account-Level Admins/Security Engineers are ultimately responsible for responding to Escalations.
Return to Account-Level Admin / Security Engineer
Skip to Organization-Level Admin / Security Engineer
Organization-Level User
Organization-Level users can see most things throughout their Huntress Organization.
Users can:
- View/Download Reports
- View investigations (within their Org(s))
- Uninstall individual Agents
- View Binaries/Autoruns/Collected Files/Canaries/External Recon
- Reject Assisted Remediation
Users cannot:
- View or access any other organization
- View Escalations
- Download the Huntress installer (or view account key)
- Modify/add user
- Modify/add integrations
- Bulk remove agents across organizations
- View/change billing information (including invoices)
- Receive alert emails about new Incident Reports
- Change global preferences
- Change Managed AV configuration on either account, org or single machine scope
- Do any bulk Managed AV actions such as quick/full scan, update or change audit/enforce mode
- Add/remove exclusions
- Manually isolate hosts
- Manually deisolate hosts
- Approve Assisted Remediation
- Access Security Awareness Training via the SAT icon in the dashboard
Organization-Level Admin / Security Engineer
An Organization-Level Admin / Security Engineer has the same restrictions as Organization-Level Users, except they can perform the following actions:
- Approve Assisted Remediation
- Bulk and single resolve Incident Reports
- Add other organization-level users
- Add/remove exclusions
- Change Managed AV configuration
- Perform bulk Managed AV actions
- Push the Huntress System Extension to compatible macOS devices
Organization-Level Security Engineers currently have the same permissions as Organization-Level Admins. We are evaluating whether or not the Organization-Level Security Engineer is necessary, and if so, what we should limit on it as compared to Organization-Level Admins. We are always receptive to feedback on feedback.huntress.com!
Read-Only
Read-only users can see everything a User can but cannot modify/delete/add anything within the Organization.
Comments
0 comments
Please sign in to leave a comment.