# User Roles In AIR, the **Global Admin** has full control over managing **118 specific privileges**, allowing the creation of highly customized user roles. This granular access control ensures that each user or group has permissions tailored to their specific needs, such as handling evidence acquisition, interACT sessions, or audit log management. A useful feature within this setup is the **tooltips** provided alongside each privilege. These tooltips highlight any **dependencies** that may exist between privileges, helping administrators configure roles accurately without unintentionally restricting necessary functions. For example, an admin could create a role that enables a user to access interACT for remote evidence collection while restricting access to audit logs or system-wide settings. The tooltips ensure that admins are aware of any required privileges to avoid misconfigurations. This approach provides both flexibility and clarity, empowering admins to manage user roles effectively. ## Default Role Privileges The tables below show the default privileges assigned to each built-in role. These can be customized by creating new roles with specific privilege combinations. {% hint style="info" %} **Note:** Global Admin is not shown in these tables as this role has full access to all privileges by default. {% endhint %} {% hint style="success" %} **Download:** For offline reference or custom analysis, [download the complete privilege matrix as CSV](https://github.com/binalyze-kb/temp/blob/main/.gitbook/assets/Platform_roles_privileges.csv). {% endhint %} *** ## System Privileges ### Backup | Privilege | Org Admin | L1/L2 | L3/L4 | Maintenance | Responder | | --------------- | :-------: | :---: | :---: | :---------: | :-------: | | View Backup | ❌ | ❌ | ❌ | ✅ | ❌ | | Backup Now | ❌ | ❌ | ❌ | ✅ | ❌ | | Delete Backup | ❌ | ❌ | ❌ | ❌ | ❌ | | Download Backup | ❌ | ❌ | ❌ | ❌ | ❌ | ### License | Privilege | Org Admin | L1/L2 | L3/L4 | Maintenance | Responder | | ------------------ | :-------: | :---: | :---: | :---------: | :-------: | | View License Key | ❌ | ❌ | ❌ | ✅ | ❌ | | Update License Key | ❌ | ❌ | ❌ | ✅ | ❌ | ### Organizations | Privilege | Org Admin | L1/L2 | L3/L4 | Maintenance | Responder | | ------------------- | :-------: | :---: | :---: | :---------: | :-------: | | Create Organization | ❌ | ❌ | ❌ | ❌ | ❌ | | Delete Organization | ❌ | ❌ | ❌ | ❌ | ❌ | ### Settings | Privilege | Org Admin | L1/L2 | L3/L4 | Maintenance | Responder | | ------------- | :-------: | :---: | :---: | :---------: | :-------: | | Save Settings | ❌ | ❌ | ❌ | ✅ | ❌ | ### Others | Privilege | Org Admin | L1/L2 | L3/L4 | Maintenance | Responder | | -------------------- | :-------: | :---: | :---: | :---------: | :-------: | | Download Server Logs | ❌ | ❌ | ❌ | ❌ | ❌ | *** ## User Privileges ### Acquisition | Privilege | Org Admin | L1/L2 | L3/L4 | Maintenance | Responder | | -------------------------- | :-------: | :---: | :---: | :---------: | :-------: | | View Acquisition Profile | ✅ | ✅ | ✅ | ❌ | ✅ | | Create Acquisition Profile | ✅ | ✅ | ✅ | ❌ | ✅ | | Update Acquisition Profile | ✅ | ✅ | ✅ | ❌ | ✅ | | Delete Acquisition Profile | ✅ | ❌ | ✅ | ❌ | ✅ | ### Auditlog | Privilege | Org Admin | L1/L2 | L3/L4 | Maintenance | Responder | | ------------- | :-------: | :---: | :---: | :---------: | :-------: | | View Auditlog | ✅ | ❌ | ❌ | ❌ | ❌ | ### Auto Asset Tags | Privilege | Org Admin | L1/L2 | L3/L4 | Maintenance | Responder | | ------------------------------ | :-------: | :---: | :---: | :---------: | :-------: | | Create Auto Asset Tag | ✅ | ❌ | ❌ | ❌ | ✅ | | Update Auto Asset Tag | ✅ | ❌ | ❌ | ❌ | ✅ | | View Auto Asset Tag | ✅ | ❌ | ❌ | ❌ | ✅ | | Delete Auto Asset Tag | ✅ | ❌ | ❌ | ❌ | ✅ | | Assign Auto Asset Tagging Task | ✅ | ❌ | ❌ | ❌ | ✅ | ### Automation Hub | Privilege | Org Admin | L1/L2 | L3/L4 | Maintenance | Responder | | --------------------- | :-------: | :---: | :---: | :---------: | :-------: | | View Automation Hub | ✅ | ✅ | ✅ | ❌ | ✅ | | Manage Automation Hub | ✅ | ❌ | ✅ | ❌ | ✅ | ### Case | Privilege | Org Admin | L1/L2 | L3/L4 | Maintenance | Responder | | ------------------ | :-------: | :---: | :---: | :---------: | :-------: | | View Case | ✅ | ✅ | ✅ | ❌ | ✅ | | Create Case | ✅ | ✅ | ✅ | ❌ | ✅ | | Manage Case | ✅ | ✅ | ✅ | ❌ | ✅ | | Update Case Status | ✅ | ✅ | ✅ | ❌ | ❌ | | Change Owner Case | ✅ | ✅ | ✅ | ❌ | ✅ | ### Cloud Acquisition Profile | Privilege | Org Admin | L1/L2 | L3/L4 | Maintenance | Responder | | -------------------------------- | :-------: | :---: | :---: | :---------: | :-------: | | View Cloud Acquisition Profile | ❌ | ❌ | ❌ | ❌ | ❌ | | Create Cloud Acquisition Profile | ❌ | ❌ | ❌ | ❌ | ❌ | | Update Cloud Acquisition Profile | ❌ | ❌ | ❌ | ❌ | ❌ | | Delete Cloud Acquisition Profile | ❌ | ❌ | ❌ | ❌ | ❌ | ### Cloud Asset Account | Privilege | Org Admin | L1/L2 | L3/L4 | Maintenance | Responder | | -------------------------- | :-------: | :---: | :---: | :---------: | :-------: | | View Cloud Asset Account | ❌ | ❌ | ❌ | ❌ | ❌ | | Create Cloud Asset Account | ❌ | ❌ | ❌ | ❌ | ❌ | | Delete Cloud Asset Account | ❌ | ❌ | ❌ | ❌ | ❌ | | Sync Cloud Asset Account | ❌ | ❌ | ❌ | ❌ | ❌ | ### Cloud Forensics | Privilege | Org Admin | L1/L2 | L3/L4 | Maintenance | Responder | | ------------------------- | :-------: | :---: | :---: | :---------: | :-------: | | Manage Cloud Account | ✅ | ❌ | ❌ | ❌ | ✅ | | Deploy Responder to Cloud | ✅ | ❌ | ❌ | ❌ | ✅ | ### Asset | Privilege | Org Admin | L1/L2 | L3/L4 | Maintenance | Responder | | ----------------------------- | :-------: | :---: | :---: | :---------: | :-------: | | Create Asset | ✅ | ❌ | ✅ | ❌ | ✅ | | Edit Asset Label | ✅ | ❌ | ❌ | ❌ | ✅ | | Delete Asset | ✅ | ❌ | ❌ | ✅ | ✅ | | View Asset | ✅ | ✅ | ✅ | ✅ | ✅ | | Sync LDAP | ✅ | ❌ | ❌ | ✅ | ✅ | | Download Asset Logs | ✅ | ❌ | ❌ | ✅ | ✅ | | Import Off-Network Asset | ✅ | ❌ | ✅ | ❌ | ✅ | | Import PPC to Existing Asset | ✅ | ❌ | ✅ | ❌ | ✅ | | Update Asset Connection Route | ✅ | ❌ | ✅ | ✅ | ✅ | | Update Asset Maintenance Mode | ❌ | ❌ | ❌ | ❌ | ❌ | ### Asset Tag | Privilege | Org Admin | L1/L2 | L3/L4 | Maintenance | Responder | | ---------------------- | :-------: | :---: | :---: | :---------: | :-------: | | Create Asset Tag | ✅ | ✅ | ✅ | ✅ | ✅ | | Update Asset Tags | ✅ | ❌ | ❌ | ✅ | ✅ | | Delete Asset Tag | ✅ | ❌ | ❌ | ✅ | ✅ | | Delete All Asset Tags | ✅ | ❌ | ❌ | ✅ | ✅ | | Remove Tags from Asset | ✅ | ❌ | ❌ | ✅ | ✅ | | Add Tags to Assets | ✅ | ✅ | ✅ | ✅ | ✅ | ### Event Subscriptions | Privilege | Org Admin | L1/L2 | L3/L4 | Maintenance | Responder | | -------------------------- | :-------: | :---: | :---: | :---------: | :-------: | | Create Event Subscriptions | ✅ | ❌ | ❌ | ❌ | ✅ | | Update Event Subscriptions | ✅ | ❌ | ❌ | ❌ | ✅ | | View Event Subscriptions | ✅ | ❌ | ❌ | ❌ | ✅ | | Delete Event Subscriptions | ✅ | ❌ | ❌ | ❌ | ✅ | ### Evidence | Privilege | Org Admin | L1/L2 | L3/L4 | Maintenance | Responder | | -------------------------- | :-------: | :---: | :---: | :---------: | :-------: | | View Evidence Repository | ✅ | ✅ | ✅ | ✅ | ✅ | | Create Evidence Repository | ✅ | ❌ | ❌ | ✅ | ✅ | | Update Evidence Repository | ✅ | ❌ | ❌ | ✅ | ✅ | | Delete Evidence Repository | ✅ | ❌ | ❌ | ✅ | ✅ | | View Case Report | ✅ | ✅ | ✅ | ❌ | ✅ | ### Full Text Search Profile | Privilege | Org Admin | L1/L2 | L3/L4 | Maintenance | Responder | | ------------------------------- | :-------: | :---: | :---: | :---------: | :-------: | | View Full Text Search Profile | ✅ | ✅ | ✅ | ❌ | ✅ | | Create Full Text Search Profile | ✅ | ✅ | ✅ | ❌ | ✅ | | Update Full Text Search Profile | ✅ | ✅ | ✅ | ❌ | ✅ | | Delete Full Text Search Profile | ✅ | ❌ | ✅ | ❌ | ✅ | ### Disk Image Acquisition Profile | Privilege | Org Admin | L1/L2 | L3/L4 | Maintenance | Responder | | ------------------------------------- | :-------: | :---: | :---: | :---------: | :-------: | | View Disk Image Acquisition Profile | ❌ | ❌ | ❌ | ❌ | ❌ | | Create Disk Image Acquisition Profile | ❌ | ❌ | ❌ | ❌ | ❌ | | Update Disk Image Acquisition Profile | ❌ | ❌ | ❌ | ❌ | ❌ | | Delete Disk Image Acquisition Profile | ❌ | ❌ | ❌ | ❌ | ❌ | ### interACT Library | Privilege | Org Admin | L1/L2 | L3/L4 | Maintenance | Responder | | ----------------------- | :-------: | :---: | :---: | :---------: | :-------: | | View interACT Library | ✅ | ✅ | ✅ | ❌ | ✅ | | Modify interACT Library | ✅ | ❌ | ✅ | ❌ | ✅ | ### interACT Shell | Privilege | Org Admin | L1/L2 | L3/L4 | Maintenance | Responder | | ----------------- | :-------: | :---: | :---: | :---------: | :-------: | | Enumerate | ✅ | ✅ | ✅ | ❌ | ✅ | | Read Content | ✅ | ❌ | ✅ | ❌ | ✅ | | Write and Execute | ✅ | ❌ | ✅ | ❌ | ✅ | ### Notification | Privilege | Org Admin | L1/L2 | L3/L4 | Maintenance | Responder | | ----------------------------- | :-------: | :---: | :---: | :---------: | :-------: | | View Notification | ✅ | ✅ | ✅ | ✅ | ✅ | | Delete All Notifications | ✅ | ❌ | ❌ | ✅ | ✅ | | Mark All as Read Notification | ✅ | ✅ | ✅ | ✅ | ✅ | ### Organizations | Privilege | Org Admin | L1/L2 | L3/L4 | Maintenance | Responder | | ------------------- | :-------: | :---: | :---: | :---------: | :-------: | | View Organization | ✅ | ❌ | ❌ | ❌ | ❌ | | Update Organization | ✅ | ❌ | ❌ | ❌ | ❌ | ### Organizations Deployment Token | Privilege | Org Admin | L1/L2 | L3/L4 | Maintenance | Responder | | ----------------------- | :-------: | :---: | :---: | :---------: | :-------: | | Update Deployment Token | ✅ | ❌ | ❌ | ❌ | ❌ | ### Policy | Privilege | Org Admin | L1/L2 | L3/L4 | Maintenance | Responder | | --------------- | :-------: | :---: | :---: | :---------: | :-------: | | View Policy | ✅ | ✅ | ✅ | ✅ | ✅ | | Create Policy | ✅ | ❌ | ❌ | ✅ | ✅ | | Update Policy | ✅ | ❌ | ❌ | ✅ | ✅ | | Delete Policy | ✅ | ❌ | ❌ | ✅ | ✅ | | Override Policy | ✅ | ❌ | ✅ | ✅ | ✅ | ### Relay Server | Privilege | Org Admin | L1/L2 | L3/L4 | Maintenance | Responder | | ------------------- | :-------: | :---: | :---: | :---------: | :-------: | | Manage Relay Server | ✅ | ❌ | ❌ | ❌ | ✅ | ### Task | Privilege | Org Admin | L1/L2 | L3/L4 | Maintenance | Responder | | --------------------- | :-------: | :---: | :---: | :---------: | :-------: | | View Task | ✅ | ✅ | ✅ | ✅ | ✅ | | Delete Task | ✅ | ✅ | ✅ | ❌ | ✅ | | Cancel Task | ✅ | ✅ | ✅ | ❌ | ✅ | | Update Task | ✅ | ❌ | ❌ | ❌ | ✅ | | Schedule Task | ✅ | ❌ | ✅ | ❌ | ✅ | | Update Scheduled Task | ✅ | ❌ | ✅ | ❌ | ✅ | ### Task Assign | Privilege | Org Admin | L1/L2 | L3/L4 | Maintenance | Responder | | ---------------------------------- | :-------: | :---: | :---: | :---------: | :-------: | | Assign Hunt/Triage Task | ✅ | ✅ | ✅ | ❌ | ✅ | | Assign Acquire Evidence Task | ✅ | ✅ | ✅ | ❌ | ✅ | | Assign Full Text Search Task | ✅ | ❌ | ❌ | ❌ | ❌ | | Assign Disk Image Acquisition Task | ❌ | ❌ | ❌ | ❌ | ❌ | | Assign Reboot Task | ✅ | ❌ | ✅ | ✅ | ❌ | | Assign Shutdown Task | ✅ | ❌ | ❌ | ✅ | ❌ | | Assign Log Retrieval Task | ✅ | ❌ | ❌ | ✅ | ✅ | | Assign Version Update Task | ✅ | ❌ | ✅ | ✅ | ✅ | | Assign Isolation Task | ✅ | ❌ | ✅ | ✅ | ✅ | ### Task Assignment | Privilege | Org Admin | L1/L2 | L3/L4 | Maintenance | Responder | | ---------------------- | :-------: | :---: | :---: | :---------: | :-------: | | Delete Task Assignment | ✅ | ✅ | ✅ | ✅ | ✅ | | Cancel Task Assignment | ✅ | ✅ | ✅ | ✅ | ✅ | ### Hunt/Triage | Privilege | Org Admin | L1/L2 | L3/L4 | Maintenance | Responder | | ------------------ | :-------: | :---: | :---: | :---------: | :-------: | | View Hunt/Triage | ✅ | ✅ | ✅ | ❌ | ✅ | | Create Hunt/Triage | ✅ | ✅ | ✅ | ❌ | ✅ | | Update Hunt/Triage | ✅ | ✅ | ✅ | ❌ | ✅ | | Delete Hunt/Triage | ✅ | ✅ | ✅ | ❌ | ✅ | ### User | Privilege | Org Admin | L1/L2 | L3/L4 | Maintenance | Responder | | ----------- | :-------: | :---: | :---: | :---------: | :-------: | | View User | ✅ | ✅ | ✅ | ❌ | ✅ | | Create User | ✅ | ❌ | ❌ | ❌ | ❌ | | Delete User | ✅ | ❌ | ❌ | ❌ | ❌ | | Update User | ✅ | ❌ | ❌ | ❌ | ❌ | ### User Role | Privilege | Org Admin | L1/L2 | L3/L4 | Maintenance | Responder | | --------- | :-------: | :---: | :---: | :---------: | :-------: | | View Role | ✅ | ❌ | ❌ | ❌ | ❌ | ### Two Factor Authentication (2FA) | Privilege | Org Admin | L1/L2 | L3/L4 | Maintenance | Responder | | ------------------- | :-------: | :---: | :---: | :---------: | :-------: | | Update 2FA Settings | ✅ | ❌ | ❌ | ❌ | ❌ | ### Webhook | Privilege | Org Admin | L1/L2 | L3/L4 | Maintenance | Responder | | -------------- | :-------: | :---: | :---: | :---------: | :-------: | | View Webhook | ✅ | ❌ | ❌ | ❌ | ✅ | | Create Webhook | ✅ | ❌ | ❌ | ❌ | ✅ | | Update Webhook | ✅ | ❌ | ❌ | ❌ | ✅ | | Delete Webhook | ✅ | ❌ | ❌ | ❌ | ✅ |