Default User Roles | Trend Micro Service Central

Views:

Apex Central provides default user roles that you can assign to user accounts. User roles define which areas of the Apex Central web console a user can access and control. Although you can add access rights to a default user role, you cannot remove any of the predefined access rights from a default user role.

Note:

Only the <Root> account created during installation, or user accounts that have been assigned the Administrator or Administrator and DLP Compliance Officer user role, can create new user accounts and assign user roles.

For more information about adding or editing custom user roles, see the following topics:

The following table describes the default roles available on the User Roles screen.

Role	Description
Administrator_and_DLP Compliance_Officer	Can perform all actions on all menu items Can monitor, review, and investigate DLP incidents triggered by any Active Directory user
Administrator	Can perform all actions on all menu items Cannot monitor, review, or investigate DLP incidents triggered by any Active Directory user
DLP_Compliance_Officer	Can perform all actions on the Dashboard Can monitor, review, and investigate DLP incidents triggered by any Active Directory user Note: This user role is only available to Active Directory users or groups.
DLP_Incident_Reviewer	Can perform all actions on the Dashboard Can only monitor, review, and investigate DLP incidents triggered by Active Directory users that report to the DLP Incident Reviewer Note: This user role is only available to Active Directory users or groups. For more information, see the following topics: Reporting Lines Adding a User Account
Operator	Can perform all actions on all the Dashboard and Directories menu items Can perform log queries, view reports generated and sent by other users, and update user account information Can only view information on the Policy Management screen Cannot monitor, review, or investigate DLP incidents triggered by any Active Directory user
Power_User	Can perform all actions on all the Dashboard and Directories menu items Can perform log queries, maintain logs, and generate and maintain reports Can only view information on the Policy Management screen Cannot monitor, review, or investigate DLP incidents triggered by any Active Directory user
Read-only_User	Can view information on all menu items and update user account information Can perform all actions on the Dashboard Can perform log queries, generate reports, create custom report templates, search directories, and create and use custom tags/filters to manage the User/Endpoint Directory tree Cannot view reports generated by other users
SSO_User	Can perform all actions on all menu items Cannot monitor, review, or investigate DLP incidents triggered by any Active Directory user Note: This user role is hidden by default.
Threat_Investigator	Can investigate security threat incidents on managed endpoints/servers

Note:

The Operator and Power User roles in previous versions do not have permissions to perform actions on Policy Management menu items. After upgrading to this version, these two roles will have read-only permissions, which cannot be changed.