Detailed Role Permissions

When deciding whether to use default team roles or create a custom role, it can be helpful to review the RBAC permissions that Sysdig grants to the default roles.

This page provides a detailed outline of the permissions granted to the various default roles in Secure and Monitor.

Sysdig Monitor System Roles

Admin

CategoryItemPermissionDescription
INTERNAL_UNCATEGORIZEDsecure.accessOTHERN/A
Posturecompliance.policies.adminOTHER_MUTATORN/A
INTERNAL_UNCATEGORIZEDcustomer.adminOTHER_MUTATORN/A
INTERNAL_UNCATEGORIZEDteam-admin.insightOTHERN/A
INTERNAL_ADMINonboarding.adminOTHER_MUTATORN/A
Integrationspromcat.integrations.manageMANAGEChange monitoring integration type or status
INTERNAL_SERVICEactive-secure-compliance-users-admin.readREADN/A
INTERNAL_SERVICEactive-secure-overview-users-admin.readREADN/A
INTERNAL_ADMINinactive-users-admin.readREADN/A
INTERNAL_SERVICEmetrics-data-admin.readREADN/A
Reportsreports.manageMANAGEChange monitoring reports
Posturesecure.onboarding.adminOTHER_MUTATORN/A
Posturesecure.todo.adminOTHER_MUTATORN/A
INTERNAL_ADMINsystem-admin.editEDITN/A
INTERNAL_ADMINsystem-admin.readREADN/A
Explore / Metricsagent.cli.agent_internal_diagnosticsREADUse Agent Console commands which access internal diagnostics of the agent
Explore / Metricsagent.cli.agent_network_calls_to_remote_podsEXECUse Agent Console commands which make network calls to remote pods and endpoints
Explore / Metricsagent.cli.agent_statusREADUse Agent Console commands which access agent status
Explore / Metricsagent.cli.viewVIEWUse Agent Console commands
Explore / Metricsagent.cli.view_configurationVIEWUse Agent Console commands to view the configuration of the agent which does not contain sensitive information like passwords
Explore / Metricsagent.cli.view_sensitive_configurationVIEWUse Agent Console commands to view the configuration of the agent which does contain sensitive information like passwords. There are currently zero commands that implement this permission
Settingssso.configEDITN/A
INTERNAL_ADMINsso-system.configEDITN/A
Settingscustomer-admin-users.createCREATECreate new customer admin users
ROLE_MANAGEMENTcustom-team-roles.createCREATEN/A
Settingsteams.createCREATEN/A
Settingsusers.createCREATEInvite new users
ROLE_MANAGEMENTcustom-team-roles.deleteDELETEN/A
Settingsteams.deleteDELETEN/A
Settingsaccess-keys.editEDITN/A
Settingssso-active.editEDITN/A
Policiessecure.admission-controller.editEDITN/A
Scanning (Legacy)agentscanning.config.editEDITN/A
Settingsapi-token.editEDITReset users API token in scope of a team
Settingsaws-settings.editEDITN/A
Settingsbeacon-configuration.editEDITN/A
Posturesecure.benchmark.results.editEDITN/A
Settingscertman.editEDITN/A
Costscost-advisor.editEDITChange Cost Advisor pricing
Costscost-reports.editEDITChange cost reports
USERSuser-deactivation-configuration.editEDITModify user deactivation configuration
Data Access Settingsdatastream.editEDITN/A
INTERNAL_SERVICEdata-api-settings.editEDITN/A
INTERNAL_SERVICEdata-throttling-settings.editEDITN/A
Settingsdowntimes.editEDITN/A
Settingsevents-forwarder.editEDITN/A
Integrationsfile-storage-config.editEDITN/A
Settingsglobal.notification-channels.editEDITN/A
Settingsglobal.service-accounts.editEDITN/A
Settingsglobal-service-account-notification-settings.editEDITN/A
Data Access Settingsgroupings.editEDITCreate and edit custom groupings
Settingsgroup-mappings.editEDITModify mapping of users IDP groups to Sysdig teams/roles
Settingsip-filters.editEDITModify IP filter configuration
Settingslogin-banner.editEDITN/A
Settingsmemberships.editEDITInvite other users to the teams
Settingsmemberships-roles.editEDITModify team members roles
Network Securitynetsec.editEDITN/A
Get Startedonboarding.editEDITN/A
INTERNAL_ADMINservice.platform-alerts-settings.editEDITEdit platform alerts settings
Policiespolicy-tuner.editEDITN/A
Integrationspromcat.integrations.editEDITChange monitoring integration type or status
Integrationsproviders.editEDITN/A
Scanning (Legacy)scanning.retention.editEDITN/A
Scanning (Legacy)secure.images.editEDITN/A
Settingssecure-settings.editEDITModify Sysdig Secure configuration
Settingsservice-account.editEDITModify service accounts in scope of a team
Settingsservice-account-notification-settings.editEDITN/A
Settingsservice-account-role.editEDITChange service account roles
Settingssubscription.editEDITN/A
Settingssysdig-storage.editEDITN/A
INTERNAL_ADMINsystem-falco.editEDITN/A
Settingsteams.editEDITN/A
Settingsteam-agent-cli-settings.editEDITToggle access to agent console for a team
Settingsteam-capture-settings.editEDITToggle access to captures for a team
Settingsteam-rapid-response-settings.editEDITN/A
Integrationsthird-party-integrations.editEDITN/A
Ticketingticketing-customer-settings.editEDITEdit ticketing customer settings
UI Settingsui-customer-settings.editEDITN/A
UI Settingsui-inactivity-settings.editEDITN/A
UI Settingsui-settings.editEDITN/A
UI Settingsui-user-app-settings.editEDITN/A
Settingsusers.editEDITN/A
Settingsuser-list.editEDITN/A
USERSuser-password.editEDITN/A
USERSuser-profile.editEDITN/A
INTERNAL_UNCATEGORIZEDdev-task.execEXECN/A
INTERNAL_UNCATEGORIZEDes-query.execEXECN/A
Captures / Investigatesecure.rapid-response.execEXECUse rapid response
INTERNAL_ADMINprotobuf.exportOTHER_MUTATORN/A
INTERNAL_ADMINimpersonate.editEDITN/A
Data Access Settingsingest.prwsOTHERN/A
Data Access Settingsingest.prws.controlledOTHERN/A
Captures / Investigatesecure.rapid-response.killKILLN/A
INTERNAL_SERVICEmetrics-descriptors.manageMANAGEN/A
INTERNAL_UNCATEGORIZEDquartz-jobs.manageMANAGEN/A
Settingssecure.risk-spotlight-integration-tokens.manageMANAGEManage risk spotlight integration tokens from the UI
Settingsaccess-keys.readREADN/A
Scanning (Legacy)agentscanning.config.readREADN/A
Settingsagent-installation.readREADGet agent access key (required for agent installation)
Settingsagreement.readREADN/A
Settingsapi-token.readREADAccess users API token in scope of a team
INTERNAL_UNCATEGORIZEDaudit-trail-events.readREADN/A
Settingsaws-settings.readREADAccess AWS settings
Settingsazure-settings.readREADN/A
Settingsbeacon-configuration.readREADN/A
Settingscertman.readREADN/A
Settingscloud.accounts.readREADAccess cloud accounts
Costscost-advisor.readREADAccess Cost Advisor
INTERNAL_SERVICEcost-digest.readREADRead cost digest enabled customers
Costscost-explorer.readREADAccess Cost Explorer
Costscost-reports.readREADAccess cost reports
INTERNAL_SERVICEcustomer-by-accesskey.readREADN/A
Settingscustomer-plan.readREADN/A
Settingscustomer-teams.readREADAccess and list teams data
USERSuser-deactivation-configuration.readREADAccess user deactivation configuration
Eventscustom-events.readREADAccess the infrastructure and other events created by Sysdig Agent or Sysdig API
ROLE_MANAGEMENTcustom-team-roles.readREADN/A
Dashboardsdashboard-metrics-data.readREADN/A
Data Access Settingsdatastream.readREADAccess data stream configuration
INTERNAL_SERVICEdata-api-settings.readREADN/A
INTERNAL_SERVICEdata-throttling-settings.readREADN/A
Settingsdowntimes.readREADList alert downtimes for the customer
Settingsevents-forwarder.readREADAccess event forwarding configuration
Explore / Metricsexplore.readREADMetric querying with Explore
INTERNAL_UNCATEGORIZEDexternal-links.readREADN/A
Integrationsfile-storage-config.readREADN/A
Settingsglobal.service-accounts.readREADN/A
Settingsglobal-service-account-notification-settings.readREADN/A
Data Access Settingsgroupings.readREADAccess default and custom groupings
Settingsgroup-mappings.readREADAccess mapping of users IDP groups to Sysdig teams/roles
Integrationshelmsrenderer.readREADAccess Helm-renderer component
Data Access Settingshistory-data.readREADN/A
INTERNAL_UNCATEGORIZEDimpersonate.readREADN/A
Integrationsinfrastructure.readREADView discovered infrastructure
Integrationsintegrations.readREADView discovered workload integrations
Settingsip-filters.readREADAccess IP Filter configuration
Advisorkubernetes-api-commands.readREADKubernetes API feature
Advisorlive-logs.viewVIEWAccess Live Logs feature
Settingslogin-banner.readREADN/A
Data Access Settingsmds.read-metadataREADN/A
Settingsmemberships.readREADAccess team members
Data Access Settingsmetadata-defaults.readREADN/A
Data Access Settingsmetrics-data.readREADAccess metrics data
Data Access Settingsmetrics-descriptors.readREADAccess metrics descriptors
Get Startedonboarding.readREADN/A
Advisoroverviews.readREADAccess Advisor
Settingspayment-details.readREADN/A
ROLE_MANAGEMENTpermissions.readREADN/A
INTERNAL_ADMINservice.platform-alerts-settings.readREADRead platform alerts settings
Integrationspromcat.integrations.readREADAccess monitoring integration type or status
Data Access Settingspromql-metadata.readREADAccess Prometheus metrics and labels
Integrationsproviders.readREADN/A
Scanning (Legacy)scanning.readREADRead scan results
Scanning (Legacy)scanning.retention.readREADN/A
Get Startedsecure.onboarding.readREADN/A
Settingssecure-settings.readREADN/A
Settingsservice-account.readREADAccess service accounts in scope of a team
Settingsservice-account-notification-settings.readREADN/A
Integrationsspotlight.readREADAccess spotlight
Settingssubscription.readREADAccess customer subscription details
Settingssysdig-storage.readREADView Sysdig storage configuration
INTERNAL_UNCATEGORIZEDteams.readREADN/A
Settingsteam-agent-cli-settings.readREADSee the agent console access settings for a team
Settingsteam-capture-settings.readREADSee the capture settings for a team
Settingsteam-rapid-response-settings.readREADN/A
INTERNAL_UNCATEGORIZEDteam-search.readREADN/A
Integrationsthird-party-integrations.readREADN/A
Ticketingticketing-customer-settings.readREADRead ticketing customer settings
UI Settingsui-customer-settings.readREADN/A
UI Settingsui-inactivity-settings.readREADN/A
UI Settingsui-settings.readREADN/A
UI Settingsui-user-app-settings.readREADN/A
Settingsusers.readREADAccess existing users data
Settingsuser-list.readREADSee the list of users for a customer
USERSuser-profile.readREADN/A
Captures / Investigatesecure.rapid-response.sessions.read.allREADN/A
Settingsagreement.signSIGNN/A
INTERNAL_UNCATEGORIZEDsystem-support.editEDITN/A
INTERNAL_ADMINagent-availability.toggleTOGGLEN/A
INTERNAL_UNCATEGORIZEDtrack.eventOTHER_MUTATORN/A
ROLE_MANAGEMENTcustom-team-roles.updateUPDATEN/A
Sagesage.execEXECSysdig Sage chat
Integrationspromcat.integrations.validateVALIDATEChange monitoring integration status to Pending Metrics

Sysdig Monitor Team Roles

Standard User

CategoryItemPermissionDescription
Advisor
Manage access to Advisor
AdvisorREADAccess Advisor
Kubernetes APIREADKubernetes API feature
Live LogsVIEWAccess Live Logs feature
Alerts
Manage access to Alerts
Alert EventsEDITAcknowledge an event triggered by an alert in the events feed in scope of a team
Alert EventsREADAccess the events generated by triggered alerts in scope of a team
AlertsEDITModify alerts in scope of a team
AlertsREADAccess the alerts in scope of a team
Captures / Investigate
Manage access to Captures / Investigate
CapturesEDITModify captures
CapturesREADAccess captures
CapturesVIEWView captures in the UI
Dashboards
Manage access to dashboards
Dashboard Metrics DataREADN/A
DashboardsEDITModify dashboards in scope of a team
DashboardsREADAccess dashboards in scope of a team
Data Access Settings
Manage access to Data Settings
DatastreamREADAccess data stream configuration
GroupingsEDITCreate and edit custom groupings
GroupingsREADAccess default and custom groupings
Metrics DataREADAccess metrics data
Metrics DescriptorsREADAccess metrics descriptors
PromQL MetadataREADAccess Prometheus metrics and labels
Events
Manage access to Events
Custom EventsEDITAcknowledge the infrastructure and other events created by Sysdig Agent or Sysdig API
Custom EventsREADAccess the infrastructure and other events created by Sysdig Agent or Sysdig API
Explore / Metrics
Manage access to Explore / Metrics
Agent ConsoleVIEWUse Agent Console commands
Agent Console - Agent StatusREADUse Agent Console commands which access agent status
Agent Console - ConfigurationVIEWUse Agent Console commands to view the configuration of the agent which does not contain sensitive information like passwords
Agent Console - Network CallsEXECUse Agent Console commands which make network calls to remote pods and endpoints
IntegrationsCustom IntegrationsEDITModify custom integrations in spotlight
Custom IntegrationsREADAccess custom integrations in spotlight
Helm RendererREADAccess Helm-renderer component
InfrastructureREADView discovered infrastructure
IntegrationsREADView discovered workload integrations
Monitoring IntegrationsEDITChange monitoring integration type or status
Monitoring IntegrationsREADAccess monitoring integration type or status
Monitoring IntegrationsVALIDATEChange monitoring integration status to Pending Metrics
ProvidersREADN/A
SpotlightREADAccess spotlight
SettingsAgent InstallationREADGet agent access key (required for agent installation)
Alert DowntimesREADList alert downtimes for the customer
API Access TokenEDITReset users API token in scope of a team
API Access TokenREADAccess users API token in scope of a team
API Access TokenVIEWView your API token
AWS SettingsREADAccess AWS settings
Events ForwarderREADAccess event forwarding configuration
Global Notification ChannelsREADAccess global notification channels
Notification ChannelsREADAccess notification channels in scope of a team
Service AccountsREADAccess service accounts in scope of a team
SubscriptionsREADAccess customer subscription details
Sysdig StorageREADView Sysdig storage configuration

View Only

CategoryItemPermissionDescription
Advisor
Manage access to Advisor
AdvisorREADAccess Advisor
Kubernetes APIREADKubernetes API feature
Live LogsVIEWAccess Live Logs feature
Alerts
Manage access to Alerts
Alert EventsREADAccess the events generated by triggered alerts in scope of a team
AlertsREADAccess the alerts in scope of a team
Captures / Investigate
Manage access to Captures / Investigate
CapturesREADAccess captures
CapturesVIEWView captures in the UI
Dashboards
Manage access to dashboards
Dashboard Metrics DataREADN/A
DashboardsREADAccess dashboards in scope of a team
Data Access Settings
Manage access to Data Settings
DatastreamREADAccess data stream configuration
GroupingsEDITCreate and edit custom groupings
GroupingsREADAccess default and custom groupings
Metrics DataREADAccess metrics data
Metrics DescriptorsREADAccess metrics descriptors
PromQL MetadataREADAccess Prometheus metrics and labels
Events
Manage access to Events
Custom EventsREADAccess the infrastructure and other events created by Sysdig Agent or Sysdig API
Explore / Metrics
Manage access to Explore / Metrics
Agent ConsoleVIEWUse Agent Console commands
Agent Console - Agent StatusREADUse Agent Console commands which access agent status
Agent Console - ConfigurationVIEWUse Agent Console commands to view the configuration of the agent which does not contain sensitive information like passwords
Agent Console - Network CallsEXECUse Agent Console commands which make network calls to remote pods and endpoints
ExploreREADMetric querying with Explore
IntegrationsCustom IntegrationsREADAccess custom integrations in spotlight
File Storage ConfigREADN/A
Helm RendererREADAccess Helm-renderer component
InfrastructureREADView discovered infrastructure
IntegrationsREADView discovered workload integrations
Monitoring IntegrationsREADAccess monitoring integration type or status
Monitoring IntegrationsVALIDATEChange monitoring integration status to Pending Metrics
ProvidersREADN/A
SpotlightREADAccess spotlight
SettingsAgent InstallationREADGet agent access key (required for agent installation)
Alert DowntimesREADList alert downtimes for the user.
API Access TokenREADAccess users API token in scope of a team
API Access TokenVIEWView your API token
AWS SettingsREADAccess AWS settings
Events ForwarderREADAccess event forwarding configuration
Global Notification ChannelsREADAccess global notification channels
Notification ChannelsREADAccess notification channels in scope of a team
Service AccountsREADAccess service accounts in scope of a team
SubscriptionsREADAccess customer subscription details
Sysdig StorageREADView Sysdig storage configuration

Team Manager

CategoryItemPermissiondescription
AdvisorAdvisorREADAccess Advisor
Kubernetes APIREADKubernetes API feature
Live LogsVIEWAccess Live Logs feature
AlertsAlert EventsEDITAcknowledge an event triggered by an alert in the events feed in scope of a team
Alert EventsREADAccess the events generated by triggered alerts in scope of a team
AlertsEDITModify alerts in scope of a team
AlertsREADAccess the alerts in scope of a team
Captures / InvestigateCapturesEDITModify captures
CapturesREADAccess captures
CapturesVIEWView captures in the UI
DashboardsDashboard Metrics DataREADN/A
DashboardsEDITModify dashboards in scope of a team
DashboardsREADAccess dashboards in scope of a team
Data Access SettingsGroupingsEDITCreate and edit custom groupings
GroupingsREADAccess default and custom groupings
Metrics DataREADAccess metrics data
Metrics DescriptorsREADAccess metrics descriptors
PromQL MetadataREADAccess Prometheus metrics and labels
EventsCustom EventsEDITAcknowledge the infrastructure and other events created by Sysdig Agent or Sysdig API
Custom EventsREADAccess the infrastructure and other events created by Sysdig Agent or Sysdig API
Explore / MetricsAgent ConsoleVIEWUse Agent Console commands
Agent Console - Agent StatusREADUse Agent Console commands which access agent status
Agent Console - ConfigurationVIEWUse Agent Console commands to view the configuration of the agent which does not contain sensitive information like passwords
Agent Console - Network CallsEXECUse Agent Console commands which make network calls to remote pods and endpoints
ExploreEDITN/A
ExploreREADMetric querying with Explore
Shared Groupings with TeamTOGGLEShare metrics grouping with the team
IntegrationsCustom IntegrationsEDITModify custom integrations in spotlight
Custom IntegrationsREADAccess custom integrations in spotlight
Helm RendererREADAccess Helm-renderer component
InfrastructureREADView discovered infrastructure
IntegrationsREADView discovered workload integrations
Monitoring IntegrationsEDITChange monitoring integration type or status
Monitoring IntegrationsREADAccess monitoring integration type or status
Monitoring IntegrationsVALIDATEChange monitoring integration status to Pending Metrics
ProvidersREADN/A
SpotlightREADAccess spotlight
SettingsAgent InstallationREADGet agent access key (required for agent installation)
Alert DowntimesREADList alert downtimes for the customer
API Access TokenEDITReset users API token in scope of a team
API Access TokenREADAccess users API token in scope of a team
API Access TokenVIEWView your API token
AWS SettingsREADAccess AWS settings
Events ForwarderREADAccess event forwarding configuration
Global Notification ChannelsREADAccess global notification channels
Notification ChannelsEDITModify notification channels in scope of a team
Notification ChannelsREADAccess notification channels in scope of a team
Service AccountsEDITModify service accounts in scope of a team
Service AccountsREADAccess service accounts in scope of a team
SubscriptionsREADAccess customer subscription details
Sysdig StorageREADView Sysdig storage configuration
TeamsMANAGEModify team settings without the ability to modify team membership for users

Advanced User

CategoryItemPermissionDescription
AdvisorAdvisorREADAccess Advisor
Kubernetes APIREADKubernetes API feature
Live LogsVIEWAccess Live Logs feature
AlertsAlert EventsEDITAcknowledge an event triggered by an alert in the events feed in scope of a team
Alert EventsREADAccess the events generated by triggered alerts in scope of a team
AlertsEDITModify alerts in scope of a team
AlertsREADAccess the alerts in scope of a team
Captures / InvestigateCapturesEDITModify captures
CapturesREADAccess captures
CapturesVIEWView captures in the UI
DashboardsDashboard Metrics DataREADN/A
DashboardsEDITModify dashboards in scope of a team
DashboardsREADAccess dashboards in scope of a team
Data SettingsGroupingsEDITCreate and edit custom groupings
GroupingsREADAccess default and custom groupings
Metrics DataREADAccess metrics data
Metrics DescriptorsREADAccess metrics descriptors
PromQL MetadataREADAccess Prometheus metrics and labels
EventsCustom EventsEDITAcknowledge the infrastructure and other events created by Sysdig Agent or Sysdig API
Custom EventsREADAccess the infrastructure and other events created by Sysdig Agent or Sysdig API
Explore / MetricsAgent ConsoleVIEWUse Agent Console commands
Agent Console - Agent StatusREADUse Agent Console commands which access agent status
Agent Console - ConfigurationVIEWUse Agent Console commands to view the configuration of the agent which does not contain sensitive information like passwords
Agent Console - Network CallsEXECUse Agent Console commands which make network calls to remote pods and endpoints
ExploreEDITN/A
ExploreREADMetric querying with Explore
Shared Groupings with TeamTOGGLEShare metrics grouping with the team
IntegrationsCustom IntegrationsEDITModify custom integrations in spotlight
Custom IntegrationsREADAccess custom integrations in spotlight
Helm RendererREADAccess Helm-renderer component
InfrastructureREADView discovered infrastructure
IntegrationsREADView discovered workload integrations
Monitoring IntegrationsEDITChange monitoring integration type or status
Monitoring IntegrationsREADAccess monitoring integration type or status
Monitoring IntegrationsVALIDATEChange monitoring integration status to Pending Metrics
ProvidersREADN/A
SpotlightREADAccess spotlight
SettingsAgent InstallationREADGet agent access key (required for agent installation)
Alert DowntimesREADList alert downtimes for the customer
API Access TokenEDITReset users API token in scope of a team
API Access TokenREADAccess users API token in scope of a team
API Access TokenVIEWView your API token
AWS SettingsREADAccess AWS settings
Events ForwarderREADAccess event forwarding configuration
Global Notification ChannelsREADAccess global notification channels
Notification ChannelsEDITModify notification channels in scope of a team
Notification ChannelsREADAccess notification channels in scope of a team
Service AccountsREADAccess service accounts in scope of a team
SubscriptionsREADAccess customer subscription details
Sysdig StorageREADView Sysdig storage configuration

Sysdig Secure System Roles

Admin

CategoryItemPermissionDescription
INTERNAL_UNCATEGORIZEDsecure.accessOTHERN/A
Posturecompliance.policies.adminOTHER_MUTATORN/A
INTERNAL_UNCATEGORIZEDcustomer.adminOTHER_MUTATORN/A
INTERNAL_UNCATEGORIZEDteam-admin.insightOTHERN/A
INTERNAL_ADMINonboarding.adminOTHER_MUTATORN/A
Integrationspromcat.integrations.manageMANAGEChange monitoring integration type or status
INTERNAL_SERVICEactive-secure-compliance-users-admin.readREADN/A
INTERNAL_SERVICEactive-secure-overview-users-admin.readREADN/A
INTERNAL_ADMINinactive-users-admin.readREADN/A
INTERNAL_SERVICEmetrics-data-admin.readREADN/A
Reportsreports.manageMANAGEChange monitoring reports
Posturesecure.onboarding.adminOTHER_MUTATORN/A
Posturesecure.todo.adminOTHER_MUTATORN/A
INTERNAL_ADMINsystem-admin.editEDITN/A
INTERNAL_ADMINsystem-admin.readREADN/A
Explore / Metricsagent.cli.agent_internal_diagnosticsREADUse Agent Console commands which access internal diagnostics of the agent
Explore / Metricsagent.cli.agent_network_calls_to_remote_podsEXECUse Agent Console commands which make network calls to remote pods and endpoints
Explore / Metricsagent.cli.agent_statusREADUse Agent Console commands which access agent status
Explore / Metricsagent.cli.viewVIEWUse Agent Console commands
Explore / Metricsagent.cli.view_configurationVIEWUse Agent Console commands to view the configuration of the agent which does not contain sensitive information like passwords
Explore / Metricsagent.cli.view_sensitive_configurationVIEWUse Agent Console commands to view the configuration of the agent which does contain sensitive information like passwords. There are currently zero commands that implement this permission
Settingssso.configEDITN/A
INTERNAL_ADMINsso-system.configEDITN/A
Settingscustomer-admin-users.createCREATECreate new customer admin users
ROLE_MANAGEMENTcustom-team-roles.createCREATEN/A
Settingsteams.createCREATEN/A
Settingsusers.createCREATEInvite new users
ROLE_MANAGEMENTcustom-team-roles.deleteDELETEN/A
Settingsteams.deleteDELETEN/A
Settingsaccess-keys.editEDITN/A
Settingssso-active.editEDITN/A
Policiessecure.admission-controller.editEDITN/A
Scanning (Legacy)agentscanning.config.editEDITN/A
Settingsapi-token.editEDITReset users API token in scope of a team
Settingsaws-settings.editEDITN/A
Settingsbeacon-configuration.editEDITN/A
Posturesecure.benchmark.results.editEDITN/A
Settingscertman.editEDITN/A
Costscost-advisor.editEDITChange Cost Advisor pricing
Costscost-reports.editEDITChange cost reports
USERSuser-deactivation-configuration.editEDITModify user deactivation configuration
Data Access Settingsdatastream.editEDITN/A
INTERNAL_SERVICEdata-api-settings.editEDITN/A
INTERNAL_SERVICEdata-throttling-settings.editEDITN/A
Settingsdowntimes.editEDITN/A
Settingsevents-forwarder.editEDITN/A
Integrationsfile-storage-config.editEDITN/A
Settingsglobal.notification-channels.editEDITN/A
Settingsglobal.service-accounts.editEDITN/A
Settingsglobal-service-account-notification-settings.editEDITN/A
Data Access Settingsgroupings.editEDITCreate and edit custom groupings
Settingsgroup-mappings.editEDITModify mapping of users IDP groups to Sysdig teams/roles
Settingsip-filters.editEDITModify IP filter configuration
Settingslogin-banner.editEDITN/A
Settingsmemberships.editEDITInvite other users to the teams
Settingsmemberships-roles.editEDITModify team members roles
Network Securitynetsec.editEDITN/A
Get Startedonboarding.editEDITN/A
INTERNAL_ADMINservice.platform-alerts-settings.editEDITEdit platform alerts settings
Policiespolicy-tuner.editEDITN/A
Integrationspromcat.integrations.editEDITChange monitoring integration type or status
Integrationsproviders.editEDITN/A
Scanning (Legacy)scanning.retention.editEDITN/A
Scanning (Legacy)secure.images.editEDITN/A
Settingssecure-settings.editEDITModify Sysdig Secure configuration
Settingsservice-account.editEDITModify service accounts in scope of a team
Settingsservice-account-notification-settings.editEDITN/A
Settingsservice-account-role.editEDITChange service account roles
Settingssubscription.editEDITN/A
Settingssysdig-storage.editEDITN/A
INTERNAL_ADMINsystem-falco.editEDITN/A
Settingsteams.editEDITN/A
Settingsteam-agent-cli-settings.editEDITToggle access to agent console for a team
Settingsteam-capture-settings.editEDITToggle access to captures for a team
Settingsteam-rapid-response-settings.editEDITN/A
Integrationsthird-party-integrations.editEDITN/A
Ticketingticketing-customer-settings.editEDITEdit ticketing customer settings
UI Settingsui-customer-settings.editEDITN/A
UI Settingsui-inactivity-settings.editEDITN/A
UI Settingsui-settings.editEDITN/A
UI Settingsui-user-app-settings.editEDITN/A
Settingsusers.editEDITN/A
Settingsuser-list.editEDITN/A
USERSuser-password.editEDITN/A
USERSuser-profile.editEDITN/A
INTERNAL_UNCATEGORIZEDdev-task.execEXECN/A
INTERNAL_UNCATEGORIZEDes-query.execEXECN/A
Captures / Investigatesecure.rapid-response.execEXECUse rapid response
INTERNAL_ADMINprotobuf.exportOTHER_MUTATORN/A
INTERNAL_ADMINimpersonate.editEDITN/A
Data Access Settingsingest.prwsOTHERN/A
Data Access Settingsingest.prws.controlledOTHERN/A
Captures / Investigatesecure.rapid-response.killKILLN/A
INTERNAL_SERVICEmetrics-descriptors.manageMANAGEN/A
INTERNAL_UNCATEGORIZEDquartz-jobs.manageMANAGEN/A
Settingssecure.risk-spotlight-integration-tokens.manageMANAGEManage risk spotlight integration tokens from the UI
Settingsaccess-keys.readREADN/A
Scanning (Legacy)agentscanning.config.readREADN/A
Settingsagent-installation.readREADGet agent access key (required for agent installation)
Settingsagreement.readREADN/A
Settingsapi-token.readREADAccess users API token in scope of a team
INTERNAL_UNCATEGORIZEDaudit-trail-events.readREADN/A
Settingsaws-settings.readREADAccess AWS settings
Settingsazure-settings.readREADN/A
Settingsbeacon-configuration.readREADN/A
Settingscertman.readREADN/A
Settingscloud.accounts.readREADAccess cloud accounts
Costscost-advisor.readREADAccess Cost Advisor
INTERNAL_SERVICEcost-digest.readREADRead cost digest enabled customers
Costscost-explorer.readREADAccess Cost Explorer
Costscost-reports.readREADAccess cost reports
INTERNAL_SERVICEcustomer-by-accesskey.readREADN/A
Settingscustomer-plan.readREADN/A
Settingscustomer-teams.readREADAccess and list teams data
USERSuser-deactivation-configuration.readREADAccess user deactivation configuration
Eventscustom-events.readREADAccess the infrastructure and other events created by Sysdig Agent or Sysdig API
ROLE_MANAGEMENTcustom-team-roles.readREADN/A
Dashboardsdashboard-metrics-data.readREADN/A
Data Access Settingsdatastream.readREADAccess data stream configuration
INTERNAL_SERVICEdata-api-settings.readREADN/A
INTERNAL_SERVICEdata-throttling-settings.readREADN/A
Settingsdowntimes.readREADList alert downtimes for the customer
Settingsevents-forwarder.readREADAccess event forwarding configuration
Explore / Metricsexplore.readREADMetric querying with Explore
INTERNAL_UNCATEGORIZEDexternal-links.readREADN/A
Integrationsfile-storage-config.readREADN/A
Settingsglobal.service-accounts.readREADN/A
Settingsglobal-service-account-notification-settings.readREADN/A
Data Access Settingsgroupings.readREADAccess default and custom groupings
Settingsgroup-mappings.readREADAccess mapping of users IDP groups to Sysdig teams/roles
Integrationshelmsrenderer.readREADAccess Helm-renderer component
Data Access Settingshistory-data.readREADN/A
INTERNAL_UNCATEGORIZEDimpersonate.readREADN/A
Integrationsinfrastructure.readREADView discovered infrastructure
Integrationsintegrations.readREADView discovered workload integrations
Settingsip-filters.readREADAccess IP Filter configuration
Advisorkubernetes-api-commands.readREADKubernetes API feature
Advisorlive-logs.viewVIEWAccess Live Logs feature
Settingslogin-banner.readREADN/A
Data Access Settingsmds.read-metadataREADN/A
Settingsmemberships.readREADAccess team members
Data Access Settingsmetadata-defaults.readREADN/A
Data Access Settingsmetrics-data.readREADAccess metrics data
Data Access Settingsmetrics-descriptors.readREADAccess metrics descriptors
Get Startedonboarding.readREADN/A
Advisoroverviews.readREADAccess Advisor
Settingspayment-details.readREADN/A
ROLE_MANAGEMENTpermissions.readREADN/A
INTERNAL_ADMINservice.platform-alerts-settings.readREADRead platform alerts settings
Integrationspromcat.integrations.readREADAccess monitoring integration type or status
Data Access Settingspromql-metadata.readREADAccess Prometheus metrics and labels
Integrationsproviders.readREADN/A
Scanning (Legacy)scanning.readREADRead scan results
Scanning (Legacy)scanning.retention.readREADN/A
Get Startedsecure.onboarding.readREADN/A
Settingssecure-settings.readREADN/A
Settingsservice-account.readREADAccess service accounts in scope of a team
Settingsservice-account-notification-settings.readREADN/A
Integrationsspotlight.readREADAccess spotlight
Settingssubscription.readREADAccess customer subscription details
Settingssysdig-storage.readREADView Sysdig storage configuration
INTERNAL_UNCATEGORIZEDteams.readREADN/A
Settingsteam-agent-cli-settings.readREADSee the agent console access settings for a team
Settingsteam-capture-settings.readREADSee the capture settings for a team
Settingsteam-rapid-response-settings.readREADN/A
INTERNAL_UNCATEGORIZEDteam-search.readREADN/A
Integrationsthird-party-integrations.readREADN/A
Ticketingticketing-customer-settings.readREADRead ticketing customer settings
UI Settingsui-customer-settings.readREADN/A
UI Settingsui-inactivity-settings.readREADN/A
UI Settingsui-settings.readREADN/A
UI Settingsui-user-app-settings.readREADN/A
Settingsusers.readREADAccess existing users data
Settingsuser-list.readREADSee the list of users for a customer
USERSuser-profile.readREADN/A
Captures / Investigatesecure.rapid-response.sessions.read.allREADN/A
Settingsagreement.signSIGNN/A
INTERNAL_UNCATEGORIZEDsystem-support.editEDITN/A
INTERNAL_ADMINagent-availability.toggleTOGGLEN/A
INTERNAL_UNCATEGORIZEDtrack.eventOTHER_MUTATORN/A
ROLE_MANAGEMENTcustom-team-roles.updateUPDATEN/A
Sagesage.execEXECSysdig Sage chat
Integrationspromcat.integrations.validateVALIDATEChange monitoring integration status to Pending Metrics

Sysdig Secure Team Roles

Standard User

CategoryItemPermissionDescription
AdvisorKubernetes APIREADKubernetes API feature
Live LogsVIEWAccess Live Logs feature
AlertsAlertsREADAccess the alerts in scope of a team
Captures / InvestigateCapturesREADAccess captures
CapturesVIEWView captures in the UI
Data Access SettingsGroupingsEDITCreate and edit custom groupings
GroupingsREADAccess default and custom groupings
Metrics DataREADAccess metrics data
Metrics DescriptorsREADAccess metrics descriptors
EventsCustom EventsREADAccess the infrastructure and other events created by Sysdig Agent or Sysdig API
Policy EventsREADAccess policy events
Explore / MetricsAgent ConsoleVIEWUse Agent Console commands
Agent Console - Agent StatusREADUse Agent Console commands which access agent status
Agent Console - ConfigurationVIEWUse Agent Console commands to view the configuration of the agent which does not contain sensitive information like passwords
Agent Console - Network CallsEXECUse Agent Console commands which make network calls to remote pods and endpoints
ExploreREADMetric querying with Explore
Shared Groupings with TeamTOGGLEShare metrics grouping with the team
IntegrationsHelm RendererREADAccess Helm-renderer component
InfrastructureREADView discovered infrastructure
Monitoring IntegrationsREADAccess monitoring integration type or status
ProvidersREADN/A
PoliciesPosture PoliciesREADView Posture policies
Posture ControlsREADView Posture Controls
ZonesREADView Zones that are assigned to current team
PostureComplianceREADAccess Compliance results
Risk AcceptanceREADAccess to Posture Risk Acceptance management page
Legacy Benchmark TasksEDITCreate and modify scheduled Legacy benchmark and compliance tasks
Legacy Benchmark TasksREADAccess scheduled Legacy benchmark tasks
Legacy BenchmarksREADAccess Legacy benchmark results
Legacy ComplianceREADAccess Legacy Compliance tasks and reports
RiskRisksREADRead Risks
Scanning (legacy)Image ImportEDITImport scanning images
ScanningREADRead scan results
Scanning AlertsREADAccess scanning alerts
Scanning Image ResultsCREATECreate scanning events
Scanning Image ResultsREADList scanning images
Scanning RuntimeEDITQuery runtime containers API
Scanning Scheduled ReportsREADView and download existing reports
Scanning Trusted ImagesREADAccess the trusted images list
Scanning Untrusted ImagesREADAccess the untrusted images list
Scanning Vulnerability ExceptionsREADAccess vulnerability exceptions
SettingsAgent InstallationREADGet agent access key (required for agent installation)
API Access TokenEDITReset users API token in scope of a team
API Access TokenREADAccess users API token in scope of a team
API Access TokenVIEWView your API token
AWS SettingsREADAccess AWS settings
Cloud AccountsREADAccess cloud accounts
Global Notification ChannelsREADAccess global notification channels
IACREADAccess IAC results
Notification ChannelsREADAccess notification channels in scope of a team
Service AccountsREADAccess service accounts in scope of a team
SubscriptionsREADAccess customer subscription details
Sysdig Secure SettingsEDITModify Sysdig Secure configuration
Sysdig StorageREADView Sysdig storage configuration
Vulnerability ManagementScan ResultsREADView scan results on the Pipeline, Runtime, and Registry UI. Retrieve SBOM results from the SBOM API.
ReportingREADView and download scan reports
PolicyREADView policy details
Risk AcceptanceREADView Exceptions
Registry CredentialsREADView registry credentials

Service Manager

CategoryItemPermissionDescription
AdvisorKubernetes APIREADKubernetes API feature
Live LogsVIEWAccess Live Logs feature
AlertsAlertsREADAccess the alerts in scope of a team
Captures / InvestigateCapturesREADAccess captures
CapturesVIEWView captures in the UI
Data Access SettingsGroupingsEDITCreate and edit custom groupings
GroupingsREADAccess default and custom groupings
Metrics DataREADAccess metrics data
Metrics DescriptorsREADAccess metrics descriptors
EventsCustom EventsREADAccess the infrastructure and other events created by Sysdig Agent or Sysdig API
Policy EventsREADAccess policy events
Explore / MetricsAgent ConsoleVIEWUse Agent Console commands
Agent Console - Agent StatusREADUse Agent Console commands which access agent status
Agent Console - ConfigurationVIEWUse Agent Console commands to view the configuration of the agent which does not contain sensitive information like passwords
Agent Console - Network CallsEXECUse Agent Console commands which make network calls to remote pods and endpoints
ExploreREADMetric querying with Explore
Shared Groupings with TeamTOGGLEShare metrics grouping with the team
IntegrationsHelm RendererREADAccess Helm-renderer component
InfrastructureREADView discovered infrastructure
Monitoring IntegrationsREADAccess monitoring integration type or status
ProvidersREADN/A
PoliciesPosture PoliciesREADView Posture policies
Posture ControlsREADView Posture Controls
ZonesREADView Zones that are assigned to current team
PostureComplianceREADAccess Compliance results
Risk AcceptanceREADAccess to Posture Risk Acceptance management page
Legacy Benchmark TasksEDITCreate and modify scheduled Legacy benchmark and compliance tasks
Legacy Benchmark TasksREADAccess scheduled Legacy benchmark tasks
Legacy BenchmarksREADAccess Legacy benchmark results
Legacy ComplianceREADAccess Legacy Compliance tasks and reports
RiskRisksREADRead Risks
Scanning (Legacy)Image ImportEDITImport scanning images
ScanningEXECExecute backend scanning
ScanningREADRead scan results
ScanningWRITEModify scanning alerts and registry credentials
Scanning AlertsEDITModify scanning alerts
Scanning AlertsREADAccess scanning alerts
ScanningScanning Image ResultsCREATECreate scanning events
Scanning Image ResultsREADList scanning images
Scanning Policy AssignmentsREADAccess policy mappings
Scanning RuntimeEDITQuery runtime containers API
Scanning Scheduled ReportsREADView and download existing reports
Scanning Trusted ImagesREADAccess the trusted images list
Scanning Untrusted ImagesREADAccess the untrusted images list
Scanning Vulnerability ExceptionsREADAccess vulnerability exceptions
SettingsAgent InstallationREADGet agent access key (required for agent installation)
API Access TokenEDITReset users API token in scope of a team
API Access TokenREADAccess users API token in scope of a team
API Access TokenVIEWView your API token
AWS SettingsREADAccess AWS settings
Cloud AccountsREADAccess cloud accounts
Global Notification ChannelsREADAccess global notification channels
IACREADAccess IAC results
Notification ChannelsEDITModify notification channels in scope of a team
Notification ChannelsREADAccess notification channels in scope of a team
Service AccountsREADAccess service accounts in scope of a team
SubscriptionsREADAccess customer subscription details
Sysdig Secure SettingsEDITModify Sysdig Secure configuration
Sysdig StorageREADView Sysdig storage configuration
Team MembershipEDITInvite other users to the teams
Team MembershipREADAccess team members
Team Membership RolesEDITModify team members roles
TeamsMANAGEModify team settings without the ability to modify team membership for users
TeamsREADN/A
UsersREADAccess existing users data
Vulnerability ManagementScan ResultsREADView scan results on the Pipeline, Runtime, and Registry UI. Retrieve SBOM results from the SBOM API.
ReportingREADView and download scan reports
ReportingWRITECreate, modify, and delete reports
PolicyREADView policy details
PolicyWRITECreate, edit, and delete policies
Risk AcceptanceREADView Exceptions
CLI ExecutionEXECAbility to run CLI Scanner
Scan NowEXECAbility to instantly scan using Scan Now
Registry CredentialsREADView registry credentials
Registry CredentialsWRITEAdd registry credentials
Registry ScannerEXECAbility to run Registry Scanner

View Only

CategoryItemPermissionDescription
AdvisorKubernetes APIREADKubernetes API feature
Live LogsVIEWAccess Live Logs feature
AlertsAlertsREADAccess the alerts in scope of a team
Captures / InvestigateActivity Audit CommandsREADAccess activity audit commands
CapturesREADAccess captures
CapturesVIEWView captures in the UI
Data Access SettingsGroupingsEDITCreate and edit custom groupings
GroupingsREADAccess default and custom groupings
Metrics DataREADAccess metrics data
Metrics DescriptorsREADAccess metrics descriptors
EventsCustom EventsREADAccess the infrastructure and other events created by Sysdig Agent or Sysdig API
Policy EventsREADAccess policy events
Explore / MetricsAgent ConsoleVIEWUse Agent Console commands
Agent Console - Agent StatusREADUse Agent Console commands which access agent status
Agent Console - ConfigurationVIEWUse Agent Console commands to view the configuration of the agent which does not contain sensitive information like passwords
Agent Console - Network CallsEXECUse Agent Console commands which make network calls to remote pods and endpoints
ExploreREADMetric querying with Explore
IntegrationsHelm RendererREADAccess Helm-renderer component
InfrastructureREADView discovered infrastructure
Monitoring IntegrationsREADAccess monitoring integration type or status
ProvidersREADN/A
Network SecurityNetwork SecurityREADAccess Kubernetes Network Security policy advisor
PoliciesPosture PoliciesREADView Posture policies
Posture ControlsREADView Posture Controls
ZonesREADView Zones that are assigned to current team
Image profilingREADView existing image profiles
PoliciesREADAccess policies
Policy AdvisorREADRead PSP advisor simulations
PostureComplianceREADAccess Compliance results
Risk AcceptanceREADAccess to Posture Risk Acceptance management page
Legacy Benchmark TasksEDITCreate and modify scheduled Legacy benchmark and compliance tasks
Legacy Benchmark TasksREADAccess scheduled Legacy benchmark tasks
Legacy BenchmarksREADAccess Legacy benchmark results
Legacy ComplianceREADAccess Legacy Compliance tasks and reports
Scanning (Legacy)ScanningREADRead scan results
Scanning AlertsREADAccess scanning alerts
Scanning Image ResultsREADList scanning images
Scanning PoliciesREADAccess security policies
Scanning Policy AssignmentsREADAccess policy mappings
Scanning Registry CredentialsREADList container registries
Scanning RuntimeEDITQuery runtime containers API
Scanning Scheduled ReportsREADView and download existing reports
Scanning Trusted ImagesREADAccess the trusted images list
Scanning Untrusted ImagesREADAccess the untrusted images list
Scanning Vulnerability ExceptionsREADAccess vulnerability exceptions
SettingsAgent InstallationREADGet agent access key (required for agent installation)
API Access TokenEDITReset users API token in scope of a team
API Access TokenREADAccess users API token in scope of a team
API Access TokenVIEWView your API token
AWS SettingsREADAccess AWS settings
Cloud AccountsREADAccess cloud accounts
Global Notification ChannelsREADAccess global notification channels
IACREADAccess IAC results
Notification ChannelsREADAccess notification channels in scope of a team
Service AccountsREADAccess service accounts in scope of a team
SubscriptionsREADAccess customer subscription details
Sysdig Secure SettingsEDITModify Sysdig Secure configuration
SettingsSysdig StorageREADView Sysdig storage configuration
Vulnerability ManagementScan ResultsREADView scan results on the Pipeline, Runtime, and Registry UI. Retrieve SBOM results from the SBOM API.
ReportingREADView and download scan reports
PolicyREADView policy details
Risk AcceptanceREADView Exceptions
Registry CredentialsREADView registry credentials

Team Manager

CategoryItemPermissionDescription
AdvisorKubernetes APIREADKubernetes API feature
Live LogsVIEWAccess Live Logs feature
AlertsAlertsEDITModify alerts in scope of a team
AlertsREADAccess the alerts in scope of a team
Captures / InvestigateActivity Audit CommandsREADAccess activity audit commands
CapturesEDITModify captures
CapturesREADAccess captures
CapturesVIEWView captures in the UI
Rapid ResponseEXECUse rapid response
Data Access SettingsDatastreamREADAccess data stream configuration
GroupingsEDITCreate and edit custom groupings
GroupingsREADAccess default and custom groupings
Metrics DataREADAccess metrics data
Metrics DescriptorsREADAccess metrics descriptors
EventsCustom EventsREADAccess the infrastructure and other events created by Sysdig Agent or Sysdig API
Policy EventsREADAccess policy events
Explore / MetricsAgent ConsoleVIEWUse Agent Console commands
Agent Console - Agent StatusREADUse Agent Console commands which access agent status
Agent Console - ConfigurationVIEWUse Agent Console commands to view the configuration of the agent which does not contain sensitive information like passwords
Agent Console - Network CallsEXECUse Agent Console commands which make network calls to remote pods and endpoints
ExploreEDITN/A
ExploreREADMetric querying with Explore
Shared Groupings with TeamTOGGLEShare metrics grouping with the team
IntegrationsHelm RendererREADAccess Helm-renderer component
InfrastructureREADView discovered infrastructure
Monitoring IntegrationsREADAccess monitoring integration type or status
ProvidersREADN/A
Network SecurityNetwork SecurityREADAccess Kubernetes Network Security policy advisor
PoliciesZonesEDITView and Edit All Zones
Posture PoliciesEDITView and Edit Posture policies
Posture ControlsEDITView and Edit Posture Controls
Image profilingEXECExecute image profiling
Image profilingREADView existing image profiles
Image profilingWRITEWrite image profiles
PoliciesEDITModify policies
PoliciesREADAccess policies
Policy AdvisorEXECExecute PSP advisor simulation
Policy AdvisorREADRead PSP advisor simulations
Policy AdvisorWRITECreate PSP advisor simulation
PostureComplianceREADAccess Compliance results
Risk AcceptanceEDITAccess and modify Posture Risk Acceptance
Open PREDITSetup Pull Requests from posture remediation panel
Legacy Benchmark TasksEDITAccess, Create and modify scheduled Legacy benchmark and compliance tasks
Legacy BenchmarksREADAccess Legacy benchmark results
Legacy ComplianceREADAccess Legacy Compliance tasks and reports
RiskRisksREADRead Risks
ScanningImage ImportEDITImport scanning images
ScanningEXECExecute backend scanning
ScanningREADRead scan results
ScanningWRITEModify scanning alerts and registry credentials
Scanning AlertsEDITModify scanning alerts
Scanning AlertsREADAccess scanning alerts
Scanning Image ResultsCREATECreate scanning events
Scanning Image ResultsREADList scanning images
Scanning PoliciesEDITModify security policies
Scanning PoliciesREADAccess security policies
Scanning Policy AssignmentsEDITCreate and modify policy mappings
Scanning Policy AssignmentsREADAccess policy mappings
Scanning Registry CredentialsEDITCreate and modify container registries configuration
Scanning Registry CredentialsREADList container registries
Scanning RuntimeEDITQuery runtime containers API
Scanning Scheduled ReportsEDITCreate and modify reports
Scanning Scheduled ReportsREADView and download existing reports
Scanning Trusted ImagesEDITModify the trusted images list
Scanning Trusted ImagesREADAccess the trusted images list
Scanning Untrusted ImagesEDITModify the untrusted images list
Scanning Untrusted ImagesREADAccess the untrusted images list
Scanning Vulnerability ExceptionsEDITEdit vulnerability exceptions
Scanning Vulnerability ExceptionsREADAccess vulnerability exceptions
SettingsAgent InstallationREADGet agent access key (required for agent installation)
API Access TokenEDITReset users API token in scope of a team
API Access TokenREADAccess users API token in scope of a team
API Access TokenVIEWView your API token
AWS SettingsREADAccess AWS settings
Cloud AccountsREADAccess cloud accounts
Global Notification ChannelsREADAccess global notification channels
IACREADAccess IAC results
Notification ChannelsEDITModify notification channels in scope of a team
Notification ChannelsREADAccess notification channels in scope of a team
Service AccountsEDITModify service accounts in scope of a team
Service AccountsREADAccess service accounts in scope of a team
SubscriptionsREADAccess customer subscription details
Sysdig Secure SettingsEDITModify Sysdig Secure configuration
Sysdig StorageREADView Sysdig storage configuration
TeamsMANAGEModify team settings without the ability to modify team membership for users
Vulnerability ManagementScan ResultsREADView scan results on the Pipeline, Runtime, and Registry UI. Retrieve SBOM results from the SBOM API.
ReportingREADView and download scan reports
ReportingWRITECreate, modify, and delete reports
PolicyREADView policy details
PolicyWRITECreate, edit, and delete policies
Risk AcceptanceREADView Exceptions
Risk AcceptanceWRITECreate, update, and delete Exceptions
CLI ExecutionEXECAbility to run CLI Scanner
Scan NowEXECAbility to instantly scan using Scan Now
Registry CredentialsREADView registry credentials
Registry CredentialsWRITEAdd registry credentials
Registry ScannerEXECAbility to run Registry Scanner

Advanced User

CategoryItemPermissionDescription
AdvisorKubernetes APIREADKubernetes API feature
Live LogsVIEWAccess Live Logs feature
AlertsAlertsEDITModify alerts in scope of a team
AlertsREADAccess the alerts in scope of a team
Captures / InvestigateActivity Audit CommandsREADAccess activity audit commands
CapturesEDITModify captures
CapturesREADAccess captures
CapturesVIEWView captures in the UI
Rapid ResponseEXECUse rapid response
Data Access SettingsDatastreamREADAccess data stream configuration
GroupingsEDITCreate and edit custom groupings
GroupingsREADAccess default and custom groupings
Metrics DataREADAccess metrics data
Metrics DescriptorsREADAccess metrics descriptors
EventsCustom EventsREADAccess the infrastructure and other events created by Sysdig Agent or Sysdig API
Policy EventsREADAccess policy events
Explore / MetricsAgent ConsoleVIEWUse Agent Console commands
Agent Console - Agent StatusREADUse Agent Console commands which access agent status
Agent Console - ConfigurationVIEWUse Agent Console commands to view the configuration of the agent which does not contain sensitive information like passwords
Agent Console - Network CallsEXECUse Agent Console commands which make network calls to remote pods and endpoints
ExploreEDITN/A
ExploreREADMetric querying with Explore
Shared Groupings with TeamTOGGLEShare metrics grouping with the team
IntegrationsHelm RendererREADAccess Helm-renderer component
InfrastructureREADView discovered infrastructure
Monitoring IntegrationsREADAccess monitoring integration type or status
ProvidersREADN/A
Network SecurityNetwork SecurityREADAccess Kubernetes Network Security policy advisor
PoliciesZonesEDITView and Edit All Zones
Posture PoliciesEDITView and Edit Posture policies
Posture ControlsEDITView and Edit Posture Controls
Image profilingEXECExecute image profiling
Image profilingREADView existing image profiles
Image profilingWRITEWrite image profiles
PoliciesEDITModify policies
PoliciesREADAccess policies
Policy AdvisorEXECExecute PSP advisor simulation
Policy AdvisorREADRead PSP advisor simulations
Policy AdvisorWRITECreate PSP advisor simulation
ComplianceREADAccess Compliance results
Risk AcceptanceEDITAccess and modify Posture Risk Acceptance
PostureOpen PREDITSetup Pull Requests from posture remediation panel
Legacy Benchmark TasksEDITAccess, Create and modify scheduled Legacy benchmark and compliance tasks
Legacy BenchmarksREADAccess Legacy benchmark results
Legacy ComplianceREADAccess Legacy Compliance tasks and reports
RiskRisksREADRead Risks
Scanning (Legacy)Image ImportEDITImport scanning images
ScanningEXECExecute backend scanning
ScanningREADRead scan results
ScanningWRITEModify scanning alerts and registry credentials
Scanning AlertsEDITModify scanning alerts
Scanning AlertsREADAccess scanning alerts
Scanning Image ResultsCREATECreate scanning events
Scanning Image ResultsREADList scanning images
Scanning PoliciesEDITModify security policies
Scanning PoliciesREADAccess security policies
Scanning Policy AssignmentsEDITCreate and modify policy mappings
Scanning Policy AssignmentsREADAccess policy mappings
Scanning Registry CredentialsEDITCreate and modify container registries configuration
Scanning Registry CredentialsREADList container registries
Scanning RuntimeEDITQuery runtime containers API
Scanning Scheduled ReportsEDITCreate and modify reports
Scanning Scheduled ReportsREADView and download existing reports
Scanning Trusted ImagesEDITModify the trusted images list
Scanning Trusted ImagesREADAccess the trusted images list
Scanning Untrusted ImagesEDITModify the untrusted images list
Scanning Untrusted ImagesREADAccess the untrusted images list
Scanning Vulnerability ExceptionsEDITEdit vulnerability exceptions
Scanning Vulnerability ExceptionsREADAccess vulnerability exceptions
SettingsAgent InstallationREADGet agent access key (required for agent installation)
API Access TokenEDITReset users API token in scope of a team
API Access TokenREADAccess users API token in scope of a team
API Access TokenVIEWView your API token
AWS SettingsREADAccess AWS settings
Cloud AccountsREADAccess cloud accounts
Global Notification ChannelsREADAccess global notification channels
IACREADAccess IAC results
Notification ChannelsEDITModify notification channels in scope of a team
Notification ChannelsREADAccess notification channels in scope of a team
Service AccountsREADAccess service accounts in scope of a team
SubscriptionsREADAccess customer subscription details
Sysdig Secure SettingsEDITModify Sysdig Secure configuration
Sysdig StorageREADView Sysdig storage configuration
Vulnerability ManagementScan ResultsREADView scan results on the Pipeline, Runtime, and Registry UI. Retrieve SBOM results from the SBOM API.
ReportingREADView and download scan reports
ReportingWRITECreate, modify, and delete reports
PolicyREADView policy details
PolicyWRITECreate, edit, and delete policies
Risk AcceptanceREADView Exceptions
Risk AcceptanceWRITECreate, update, and delete Exceptions
CLI ExecutionEXECAbility to run CLI Scanner
Scan NowEXECAbility to instantly scan using Scan Now
Registry CredentialsREADView registry credentials
Registry CredentialsWRITEAdd registry credentials
Registry ScannerEXECAbility to run Registry Scanner