CB Response: Why are Global Administrators unable to be assigned to a team?
book
Article ID: 289583
calendar_today
Updated On:
Products
Carbon Black EDR (formerly Cb Response)
Issue/Introduction
Why are Global Administrators (On-premises) and Administrators (Cloud) unable to be assigned to a team?
Environment
CB Response Server: Version 6.3.0 and higher
Resolution
The Global Administrator (On-premises) or Administrator (cloud) has access to all functionality for all computers in all sensor groups. Due to the power of the Administrator role it cannot be placed into a specific team as that user would still retain the ability to access all functionalities across the other teams established.
One of the driving factors of enhancing the role permissions within the CB Response server was to:
A) Reduce the amount of Global/Administrators required because of the power of that permission set B) Allow for more granular permission controls over regular users i.e. limit their access to specific sensor groups and or functionalities e.g. Live Response
Additional Information
The new Analyst role is similar to a Global/Administrator but only within the confines of the team that Analyst user is a part of. For example the Analyst role can have the following permissions set within their respective team:
Analyst – This role allows the user to monitor and respond to suspicious or malicious activity on endpoints in Sensor Groups for which it has the role. Analysts can be given additional, enhanced privileges on a per-user basis so that they are allowed to use special features: Live Response, isolation, hash banning, toggling tamper detection, and uninstalling the sensor.