Roles and permissions for Threat Investigator
You can control a user's access by assigning the user to a role. A role is a group that is used for assigning permissions to the members of the group. Permissions are the operations or capabilities that are defined for the role.
- At least read access to all the cases that you would like to investigate.
- At least read access to the data sources that should be queried for investigating the case.
- Data sources user role.
- Threat Intelligence Insights user role.
- Threat Investigator admin role.
With the Threat Investigator user role, you can view only the investigation results for cases that you can access. This access is managed by Case Management.