Detailed Role Permissions
When deciding whether to use default team roles or create a custom role, it can be helpful to review the RBAC permissions that Sysdig grants to the default roles.
This page provides a detailed outline of the permissions granted to the various default roles in Secure and Monitor.
Sysdig Monitor System Roles
Admin
Category | Item | Permission | Description |
---|---|---|---|
INTERNAL_UNCATEGORIZED | secure.access | OTHER | N/A |
Posture | compliance.policies.admin | OTHER_MUTATOR | N/A |
INTERNAL_UNCATEGORIZED | customer.admin | OTHER_MUTATOR | N/A |
INTERNAL_UNCATEGORIZED | team-admin.insight | OTHER | N/A |
INTERNAL_ADMIN | onboarding.admin | OTHER_MUTATOR | N/A |
Integrations | promcat.integrations.manage | MANAGE | Change monitoring integration type or status |
INTERNAL_SERVICE | active-secure-compliance-users-admin.read | READ | N/A |
INTERNAL_SERVICE | active-secure-overview-users-admin.read | READ | N/A |
INTERNAL_ADMIN | inactive-users-admin.read | READ | N/A |
INTERNAL_SERVICE | metrics-data-admin.read | READ | N/A |
Reports | reports.manage | MANAGE | Change monitoring reports |
Posture | secure.onboarding.admin | OTHER_MUTATOR | N/A |
Posture | secure.todo.admin | OTHER_MUTATOR | N/A |
INTERNAL_ADMIN | system-admin.edit | EDIT | N/A |
INTERNAL_ADMIN | system-admin.read | READ | N/A |
Explore / Metrics | agent.cli.agent_internal_diagnostics | READ | Use Agent Console commands which access internal diagnostics of the agent |
Explore / Metrics | agent.cli.agent_network_calls_to_remote_pods | EXEC | Use Agent Console commands which make network calls to remote pods and endpoints |
Explore / Metrics | agent.cli.agent_status | READ | Use Agent Console commands which access agent status |
Explore / Metrics | agent.cli.view | VIEW | Use Agent Console commands |
Explore / Metrics | agent.cli.view_configuration | VIEW | Use Agent Console commands to view the configuration of the agent which does not contain sensitive information like passwords |
Explore / Metrics | agent.cli.view_sensitive_configuration | VIEW | Use Agent Console commands to view the configuration of the agent which does contain sensitive information like passwords. There are currently zero commands that implement this permission |
Settings | sso.config | EDIT | N/A |
INTERNAL_ADMIN | sso-system.config | EDIT | N/A |
Settings | customer-admin-users.create | CREATE | Create new customer admin users |
ROLE_MANAGEMENT | custom-team-roles.create | CREATE | N/A |
Settings | teams.create | CREATE | N/A |
Settings | users.create | CREATE | Invite new users |
ROLE_MANAGEMENT | custom-team-roles.delete | DELETE | N/A |
Settings | teams.delete | DELETE | N/A |
Settings | access-keys.edit | EDIT | N/A |
Settings | sso-active.edit | EDIT | N/A |
Policies | secure.admission-controller.edit | EDIT | N/A |
Scanning (Legacy) | agentscanning.config.edit | EDIT | N/A |
Settings | api-token.edit | EDIT | Reset users API token in scope of a team |
Settings | aws-settings.edit | EDIT | N/A |
Settings | beacon-configuration.edit | EDIT | N/A |
Posture | secure.benchmark.results.edit | EDIT | N/A |
Settings | certman.edit | EDIT | N/A |
Costs | cost-advisor.edit | EDIT | Change Cost Advisor pricing |
Costs | cost-reports.edit | EDIT | Change cost reports |
USERS | user-deactivation-configuration.edit | EDIT | Modify user deactivation configuration |
Data Access Settings | datastream.edit | EDIT | N/A |
INTERNAL_SERVICE | data-api-settings.edit | EDIT | N/A |
INTERNAL_SERVICE | data-throttling-settings.edit | EDIT | N/A |
Settings | downtimes.edit | EDIT | N/A |
Settings | events-forwarder.edit | EDIT | N/A |
Integrations | file-storage-config.edit | EDIT | N/A |
Settings | global.notification-channels.edit | EDIT | N/A |
Settings | global.service-accounts.edit | EDIT | N/A |
Settings | global-service-account-notification-settings.edit | EDIT | N/A |
Data Access Settings | groupings.edit | EDIT | Create and edit custom groupings |
Settings | group-mappings.edit | EDIT | Modify mapping of users IDP groups to Sysdig teams/roles |
Settings | ip-filters.edit | EDIT | Modify IP filter configuration |
Settings | login-banner.edit | EDIT | N/A |
Settings | memberships.edit | EDIT | Invite other users to the teams |
Settings | memberships-roles.edit | EDIT | Modify team members roles |
Network Security | netsec.edit | EDIT | N/A |
Get Started | onboarding.edit | EDIT | N/A |
INTERNAL_ADMIN | service.platform-alerts-settings.edit | EDIT | Edit platform alerts settings |
Policies | policy-tuner.edit | EDIT | N/A |
Integrations | promcat.integrations.edit | EDIT | Change monitoring integration type or status |
Integrations | providers.edit | EDIT | N/A |
Scanning (Legacy) | scanning.retention.edit | EDIT | N/A |
Scanning (Legacy) | secure.images.edit | EDIT | N/A |
Settings | secure-settings.edit | EDIT | Modify Sysdig Secure configuration |
Settings | service-account.edit | EDIT | Modify service accounts in scope of a team |
Settings | service-account-notification-settings.edit | EDIT | N/A |
Settings | service-account-role.edit | EDIT | Change service account roles |
Settings | subscription.edit | EDIT | N/A |
Settings | sysdig-storage.edit | EDIT | N/A |
INTERNAL_ADMIN | system-falco.edit | EDIT | N/A |
Settings | teams.edit | EDIT | N/A |
Settings | team-agent-cli-settings.edit | EDIT | Toggle access to agent console for a team |
Settings | team-capture-settings.edit | EDIT | Toggle access to captures for a team |
Settings | team-rapid-response-settings.edit | EDIT | N/A |
Integrations | third-party-integrations.edit | EDIT | N/A |
Ticketing | ticketing-customer-settings.edit | EDIT | Edit ticketing customer settings |
UI Settings | ui-customer-settings.edit | EDIT | N/A |
UI Settings | ui-inactivity-settings.edit | EDIT | N/A |
UI Settings | ui-settings.edit | EDIT | N/A |
UI Settings | ui-user-app-settings.edit | EDIT | N/A |
Settings | users.edit | EDIT | N/A |
Settings | user-list.edit | EDIT | N/A |
USERS | user-password.edit | EDIT | N/A |
USERS | user-profile.edit | EDIT | N/A |
INTERNAL_UNCATEGORIZED | dev-task.exec | EXEC | N/A |
INTERNAL_UNCATEGORIZED | es-query.exec | EXEC | N/A |
Captures / Investigate | secure.rapid-response.exec | EXEC | Use rapid response |
INTERNAL_ADMIN | protobuf.export | OTHER_MUTATOR | N/A |
INTERNAL_ADMIN | impersonate.edit | EDIT | N/A |
Data Access Settings | ingest.prws | OTHER | N/A |
Data Access Settings | ingest.prws.controlled | OTHER | N/A |
Captures / Investigate | secure.rapid-response.kill | KILL | N/A |
INTERNAL_SERVICE | metrics-descriptors.manage | MANAGE | N/A |
INTERNAL_UNCATEGORIZED | quartz-jobs.manage | MANAGE | N/A |
Settings | secure.risk-spotlight-integration-tokens.manage | MANAGE | Manage risk spotlight integration tokens from the UI |
Settings | access-keys.read | READ | N/A |
Scanning (Legacy) | agentscanning.config.read | READ | N/A |
Settings | agent-installation.read | READ | Get agent access key (required for agent installation) |
Settings | agreement.read | READ | N/A |
Settings | api-token.read | READ | Access users API token in scope of a team |
INTERNAL_UNCATEGORIZED | audit-trail-events.read | READ | N/A |
Settings | aws-settings.read | READ | Access AWS settings |
Settings | azure-settings.read | READ | N/A |
Settings | beacon-configuration.read | READ | N/A |
Settings | certman.read | READ | N/A |
Settings | cloud.accounts.read | READ | Access cloud accounts |
Costs | cost-advisor.read | READ | Access Cost Advisor |
INTERNAL_SERVICE | cost-digest.read | READ | Read cost digest enabled customers |
Costs | cost-explorer.read | READ | Access Cost Explorer |
Costs | cost-reports.read | READ | Access cost reports |
INTERNAL_SERVICE | customer-by-accesskey.read | READ | N/A |
Settings | customer-plan.read | READ | N/A |
Settings | customer-teams.read | READ | Access and list teams data |
USERS | user-deactivation-configuration.read | READ | Access user deactivation configuration |
Events | custom-events.read | READ | Access the infrastructure and other events created by Sysdig Agent or Sysdig API |
ROLE_MANAGEMENT | custom-team-roles.read | READ | N/A |
Dashboards | dashboard-metrics-data.read | READ | N/A |
Data Access Settings | datastream.read | READ | Access data stream configuration |
INTERNAL_SERVICE | data-api-settings.read | READ | N/A |
INTERNAL_SERVICE | data-throttling-settings.read | READ | N/A |
Settings | downtimes.read | READ | List alert downtimes for the customer |
Settings | events-forwarder.read | READ | Access event forwarding configuration |
Explore / Metrics | explore.read | READ | Metric querying with Explore |
INTERNAL_UNCATEGORIZED | external-links.read | READ | N/A |
Integrations | file-storage-config.read | READ | N/A |
Settings | global.service-accounts.read | READ | N/A |
Settings | global-service-account-notification-settings.read | READ | N/A |
Data Access Settings | groupings.read | READ | Access default and custom groupings |
Settings | group-mappings.read | READ | Access mapping of users IDP groups to Sysdig teams/roles |
Integrations | helmsrenderer.read | READ | Access Helm-renderer component |
Data Access Settings | history-data.read | READ | N/A |
INTERNAL_UNCATEGORIZED | impersonate.read | READ | N/A |
Integrations | infrastructure.read | READ | View discovered infrastructure |
Integrations | integrations.read | READ | View discovered workload integrations |
Settings | ip-filters.read | READ | Access IP Filter configuration |
Advisor | kubernetes-api-commands.read | READ | Kubernetes API feature |
Advisor | live-logs.view | VIEW | Access Live Logs feature |
Settings | login-banner.read | READ | N/A |
Data Access Settings | mds.read-metadata | READ | N/A |
Settings | memberships.read | READ | Access team members |
Data Access Settings | metadata-defaults.read | READ | N/A |
Data Access Settings | metrics-data.read | READ | Access metrics data |
Data Access Settings | metrics-descriptors.read | READ | Access metrics descriptors |
Get Started | onboarding.read | READ | N/A |
Advisor | overviews.read | READ | Access Advisor |
Settings | payment-details.read | READ | N/A |
ROLE_MANAGEMENT | permissions.read | READ | N/A |
INTERNAL_ADMIN | service.platform-alerts-settings.read | READ | Read platform alerts settings |
Integrations | promcat.integrations.read | READ | Access monitoring integration type or status |
Data Access Settings | promql-metadata.read | READ | Access Prometheus metrics and labels |
Integrations | providers.read | READ | N/A |
Scanning (Legacy) | scanning.read | READ | Read scan results |
Scanning (Legacy) | scanning.retention.read | READ | N/A |
Get Started | secure.onboarding.read | READ | N/A |
Settings | secure-settings.read | READ | N/A |
Settings | service-account.read | READ | Access service accounts in scope of a team |
Settings | service-account-notification-settings.read | READ | N/A |
Integrations | spotlight.read | READ | Access spotlight |
Settings | subscription.read | READ | Access customer subscription details |
Settings | sysdig-storage.read | READ | View Sysdig storage configuration |
INTERNAL_UNCATEGORIZED | teams.read | READ | N/A |
Settings | team-agent-cli-settings.read | READ | See the agent console access settings for a team |
Settings | team-capture-settings.read | READ | See the capture settings for a team |
Settings | team-rapid-response-settings.read | READ | N/A |
INTERNAL_UNCATEGORIZED | team-search.read | READ | N/A |
Integrations | third-party-integrations.read | READ | N/A |
Ticketing | ticketing-customer-settings.read | READ | Read ticketing customer settings |
UI Settings | ui-customer-settings.read | READ | N/A |
UI Settings | ui-inactivity-settings.read | READ | N/A |
UI Settings | ui-settings.read | READ | N/A |
UI Settings | ui-user-app-settings.read | READ | N/A |
Settings | users.read | READ | Access existing users data |
Settings | user-list.read | READ | See the list of users for a customer |
USERS | user-profile.read | READ | N/A |
Captures / Investigate | secure.rapid-response.sessions.read.all | READ | N/A |
Settings | agreement.sign | SIGN | N/A |
INTERNAL_UNCATEGORIZED | system-support.edit | EDIT | N/A |
INTERNAL_ADMIN | agent-availability.toggle | TOGGLE | N/A |
INTERNAL_UNCATEGORIZED | track.event | OTHER_MUTATOR | N/A |
ROLE_MANAGEMENT | custom-team-roles.update | UPDATE | N/A |
Sage | sage.exec | EXEC | Sysdig Sage chat |
Integrations | promcat.integrations.validate | VALIDATE | Change monitoring integration status to Pending Metrics |
Sysdig Monitor Team Roles
Standard User
Category | Item | Permission | Description |
---|---|---|---|
Advisor Manage access to Advisor | Advisor | READ | Access Advisor |
Kubernetes API | READ | Kubernetes API feature | |
Live Logs | VIEW | Access Live Logs feature | |
Alerts Manage access to Alerts | Alert Events | EDIT | Acknowledge an event triggered by an alert in the events feed in scope of a team |
Alert Events | READ | Access the events generated by triggered alerts in scope of a team | |
Alerts | EDIT | Modify alerts in scope of a team | |
Alerts | READ | Access the alerts in scope of a team | |
Captures / Investigate Manage access to Captures / Investigate | Captures | EDIT | Modify captures |
Captures | READ | Access captures | |
Captures | VIEW | View captures in the UI | |
Dashboards Manage access to dashboards | Dashboard Metrics Data | READ | N/A |
Dashboards | EDIT | Modify dashboards in scope of a team | |
Dashboards | READ | Access dashboards in scope of a team | |
Data Access Settings Manage access to Data Settings | Datastream | READ | Access data stream configuration |
Groupings | EDIT | Create and edit custom groupings | |
Groupings | READ | Access default and custom groupings | |
Metrics Data | READ | Access metrics data | |
Metrics Descriptors | READ | Access metrics descriptors | |
PromQL Metadata | READ | Access Prometheus metrics and labels | |
Events Manage access to Events | Custom Events | EDIT | Acknowledge the infrastructure and other events created by Sysdig Agent or Sysdig API |
Custom Events | READ | Access the infrastructure and other events created by Sysdig Agent or Sysdig API | |
Explore / Metrics Manage access to Explore / Metrics | Agent Console | VIEW | Use Agent Console commands |
Agent Console - Agent Status | READ | Use Agent Console commands which access agent status | |
Agent Console - Configuration | VIEW | Use Agent Console commands to view the configuration of the agent which does not contain sensitive information like passwords | |
Agent Console - Network Calls | EXEC | Use Agent Console commands which make network calls to remote pods and endpoints | |
Integrations | Custom Integrations | EDIT | Modify custom integrations in spotlight |
Custom Integrations | READ | Access custom integrations in spotlight | |
Helm Renderer | READ | Access Helm-renderer component | |
Infrastructure | READ | View discovered infrastructure | |
Integrations | READ | View discovered workload integrations | |
Monitoring Integrations | EDIT | Change monitoring integration type or status | |
Monitoring Integrations | READ | Access monitoring integration type or status | |
Monitoring Integrations | VALIDATE | Change monitoring integration status to Pending Metrics | |
Providers | READ | N/A | |
Spotlight | READ | Access spotlight | |
Settings | Agent Installation | READ | Get agent access key (required for agent installation) |
Alert Downtimes | READ | List alert downtimes for the customer | |
API Access Token | EDIT | Reset users API token in scope of a team | |
API Access Token | READ | Access users API token in scope of a team | |
API Access Token | VIEW | View your API token | |
AWS Settings | READ | Access AWS settings | |
Events Forwarder | READ | Access event forwarding configuration | |
Global Notification Channels | READ | Access global notification channels | |
Notification Channels | READ | Access notification channels in scope of a team | |
Service Accounts | READ | Access service accounts in scope of a team | |
Subscriptions | READ | Access customer subscription details | |
Sysdig Storage | READ | View Sysdig storage configuration |
View Only
Category | Item | Permission | Description |
---|---|---|---|
Advisor Manage access to Advisor | Advisor | READ | Access Advisor |
Kubernetes API | READ | Kubernetes API feature | |
Live Logs | VIEW | Access Live Logs feature | |
Alerts Manage access to Alerts | Alert Events | READ | Access the events generated by triggered alerts in scope of a team |
Alerts | READ | Access the alerts in scope of a team | |
Captures / Investigate Manage access to Captures / Investigate | Captures | READ | Access captures |
Captures | VIEW | View captures in the UI | |
Dashboards Manage access to dashboards | Dashboard Metrics Data | READ | N/A |
Dashboards | READ | Access dashboards in scope of a team | |
Data Access Settings Manage access to Data Settings | Datastream | READ | Access data stream configuration |
Groupings | EDIT | Create and edit custom groupings | |
Groupings | READ | Access default and custom groupings | |
Metrics Data | READ | Access metrics data | |
Metrics Descriptors | READ | Access metrics descriptors | |
PromQL Metadata | READ | Access Prometheus metrics and labels | |
Events Manage access to Events | Custom Events | READ | Access the infrastructure and other events created by Sysdig Agent or Sysdig API |
Explore / Metrics Manage access to Explore / Metrics | Agent Console | VIEW | Use Agent Console commands |
Agent Console - Agent Status | READ | Use Agent Console commands which access agent status | |
Agent Console - Configuration | VIEW | Use Agent Console commands to view the configuration of the agent which does not contain sensitive information like passwords | |
Agent Console - Network Calls | EXEC | Use Agent Console commands which make network calls to remote pods and endpoints | |
Explore | READ | Metric querying with Explore | |
Integrations | Custom Integrations | READ | Access custom integrations in spotlight |
File Storage Config | READ | N/A | |
Helm Renderer | READ | Access Helm-renderer component | |
Infrastructure | READ | View discovered infrastructure | |
Integrations | READ | View discovered workload integrations | |
Monitoring Integrations | READ | Access monitoring integration type or status | |
Monitoring Integrations | VALIDATE | Change monitoring integration status to Pending Metrics | |
Providers | READ | N/A | |
Spotlight | READ | Access spotlight | |
Settings | Agent Installation | READ | Get agent access key (required for agent installation) |
Alert Downtimes | READ | List alert downtimes for the user. | |
API Access Token | READ | Access users API token in scope of a team | |
API Access Token | VIEW | View your API token | |
AWS Settings | READ | Access AWS settings | |
Events Forwarder | READ | Access event forwarding configuration | |
Global Notification Channels | READ | Access global notification channels | |
Notification Channels | READ | Access notification channels in scope of a team | |
Service Accounts | READ | Access service accounts in scope of a team | |
Subscriptions | READ | Access customer subscription details | |
Sysdig Storage | READ | View Sysdig storage configuration |
Team Manager
Category | Item | Permission | description |
---|---|---|---|
Advisor | Advisor | READ | Access Advisor |
Kubernetes API | READ | Kubernetes API feature | |
Live Logs | VIEW | Access Live Logs feature | |
Alerts | Alert Events | EDIT | Acknowledge an event triggered by an alert in the events feed in scope of a team |
Alert Events | READ | Access the events generated by triggered alerts in scope of a team | |
Alerts | EDIT | Modify alerts in scope of a team | |
Alerts | READ | Access the alerts in scope of a team | |
Captures / Investigate | Captures | EDIT | Modify captures |
Captures | READ | Access captures | |
Captures | VIEW | View captures in the UI | |
Dashboards | Dashboard Metrics Data | READ | N/A |
Dashboards | EDIT | Modify dashboards in scope of a team | |
Dashboards | READ | Access dashboards in scope of a team | |
Data Access Settings | Groupings | EDIT | Create and edit custom groupings |
Groupings | READ | Access default and custom groupings | |
Metrics Data | READ | Access metrics data | |
Metrics Descriptors | READ | Access metrics descriptors | |
PromQL Metadata | READ | Access Prometheus metrics and labels | |
Events | Custom Events | EDIT | Acknowledge the infrastructure and other events created by Sysdig Agent or Sysdig API |
Custom Events | READ | Access the infrastructure and other events created by Sysdig Agent or Sysdig API | |
Explore / Metrics | Agent Console | VIEW | Use Agent Console commands |
Agent Console - Agent Status | READ | Use Agent Console commands which access agent status | |
Agent Console - Configuration | VIEW | Use Agent Console commands to view the configuration of the agent which does not contain sensitive information like passwords | |
Agent Console - Network Calls | EXEC | Use Agent Console commands which make network calls to remote pods and endpoints | |
Explore | EDIT | N/A | |
Explore | READ | Metric querying with Explore | |
Shared Groupings with Team | TOGGLE | Share metrics grouping with the team | |
Integrations | Custom Integrations | EDIT | Modify custom integrations in spotlight |
Custom Integrations | READ | Access custom integrations in spotlight | |
Helm Renderer | READ | Access Helm-renderer component | |
Infrastructure | READ | View discovered infrastructure | |
Integrations | READ | View discovered workload integrations | |
Monitoring Integrations | EDIT | Change monitoring integration type or status | |
Monitoring Integrations | READ | Access monitoring integration type or status | |
Monitoring Integrations | VALIDATE | Change monitoring integration status to Pending Metrics | |
Providers | READ | N/A | |
Spotlight | READ | Access spotlight | |
Settings | Agent Installation | READ | Get agent access key (required for agent installation) |
Alert Downtimes | READ | List alert downtimes for the customer | |
API Access Token | EDIT | Reset users API token in scope of a team | |
API Access Token | READ | Access users API token in scope of a team | |
API Access Token | VIEW | View your API token | |
AWS Settings | READ | Access AWS settings | |
Events Forwarder | READ | Access event forwarding configuration | |
Global Notification Channels | READ | Access global notification channels | |
Notification Channels | EDIT | Modify notification channels in scope of a team | |
Notification Channels | READ | Access notification channels in scope of a team | |
Service Accounts | EDIT | Modify service accounts in scope of a team | |
Service Accounts | READ | Access service accounts in scope of a team | |
Subscriptions | READ | Access customer subscription details | |
Sysdig Storage | READ | View Sysdig storage configuration | |
Teams | MANAGE | Modify team settings without the ability to modify team membership for users |
Advanced User
Category | Item | Permission | Description |
---|---|---|---|
Advisor | Advisor | READ | Access Advisor |
Kubernetes API | READ | Kubernetes API feature | |
Live Logs | VIEW | Access Live Logs feature | |
Alerts | Alert Events | EDIT | Acknowledge an event triggered by an alert in the events feed in scope of a team |
Alert Events | READ | Access the events generated by triggered alerts in scope of a team | |
Alerts | EDIT | Modify alerts in scope of a team | |
Alerts | READ | Access the alerts in scope of a team | |
Captures / Investigate | Captures | EDIT | Modify captures |
Captures | READ | Access captures | |
Captures | VIEW | View captures in the UI | |
Dashboards | Dashboard Metrics Data | READ | N/A |
Dashboards | EDIT | Modify dashboards in scope of a team | |
Dashboards | READ | Access dashboards in scope of a team | |
Data Settings | Groupings | EDIT | Create and edit custom groupings |
Groupings | READ | Access default and custom groupings | |
Metrics Data | READ | Access metrics data | |
Metrics Descriptors | READ | Access metrics descriptors | |
PromQL Metadata | READ | Access Prometheus metrics and labels | |
Events | Custom Events | EDIT | Acknowledge the infrastructure and other events created by Sysdig Agent or Sysdig API |
Custom Events | READ | Access the infrastructure and other events created by Sysdig Agent or Sysdig API | |
Explore / Metrics | Agent Console | VIEW | Use Agent Console commands |
Agent Console - Agent Status | READ | Use Agent Console commands which access agent status | |
Agent Console - Configuration | VIEW | Use Agent Console commands to view the configuration of the agent which does not contain sensitive information like passwords | |
Agent Console - Network Calls | EXEC | Use Agent Console commands which make network calls to remote pods and endpoints | |
Explore | EDIT | N/A | |
Explore | READ | Metric querying with Explore | |
Shared Groupings with Team | TOGGLE | Share metrics grouping with the team | |
Integrations | Custom Integrations | EDIT | Modify custom integrations in spotlight |
Custom Integrations | READ | Access custom integrations in spotlight | |
Helm Renderer | READ | Access Helm-renderer component | |
Infrastructure | READ | View discovered infrastructure | |
Integrations | READ | View discovered workload integrations | |
Monitoring Integrations | EDIT | Change monitoring integration type or status | |
Monitoring Integrations | READ | Access monitoring integration type or status | |
Monitoring Integrations | VALIDATE | Change monitoring integration status to Pending Metrics | |
Providers | READ | N/A | |
Spotlight | READ | Access spotlight | |
Settings | Agent Installation | READ | Get agent access key (required for agent installation) |
Alert Downtimes | READ | List alert downtimes for the customer | |
API Access Token | EDIT | Reset users API token in scope of a team | |
API Access Token | READ | Access users API token in scope of a team | |
API Access Token | VIEW | View your API token | |
AWS Settings | READ | Access AWS settings | |
Events Forwarder | READ | Access event forwarding configuration | |
Global Notification Channels | READ | Access global notification channels | |
Notification Channels | EDIT | Modify notification channels in scope of a team | |
Notification Channels | READ | Access notification channels in scope of a team | |
Service Accounts | READ | Access service accounts in scope of a team | |
Subscriptions | READ | Access customer subscription details | |
Sysdig Storage | READ | View Sysdig storage configuration |
Sysdig Secure System Roles
Admin
Category | Item | Permission | Description |
---|---|---|---|
INTERNAL_UNCATEGORIZED | secure.access | OTHER | N/A |
Posture | compliance.policies.admin | OTHER_MUTATOR | N/A |
INTERNAL_UNCATEGORIZED | customer.admin | OTHER_MUTATOR | N/A |
INTERNAL_UNCATEGORIZED | team-admin.insight | OTHER | N/A |
INTERNAL_ADMIN | onboarding.admin | OTHER_MUTATOR | N/A |
Integrations | promcat.integrations.manage | MANAGE | Change monitoring integration type or status |
INTERNAL_SERVICE | active-secure-compliance-users-admin.read | READ | N/A |
INTERNAL_SERVICE | active-secure-overview-users-admin.read | READ | N/A |
INTERNAL_ADMIN | inactive-users-admin.read | READ | N/A |
INTERNAL_SERVICE | metrics-data-admin.read | READ | N/A |
Reports | reports.manage | MANAGE | Change monitoring reports |
Posture | secure.onboarding.admin | OTHER_MUTATOR | N/A |
Posture | secure.todo.admin | OTHER_MUTATOR | N/A |
INTERNAL_ADMIN | system-admin.edit | EDIT | N/A |
INTERNAL_ADMIN | system-admin.read | READ | N/A |
Explore / Metrics | agent.cli.agent_internal_diagnostics | READ | Use Agent Console commands which access internal diagnostics of the agent |
Explore / Metrics | agent.cli.agent_network_calls_to_remote_pods | EXEC | Use Agent Console commands which make network calls to remote pods and endpoints |
Explore / Metrics | agent.cli.agent_status | READ | Use Agent Console commands which access agent status |
Explore / Metrics | agent.cli.view | VIEW | Use Agent Console commands |
Explore / Metrics | agent.cli.view_configuration | VIEW | Use Agent Console commands to view the configuration of the agent which does not contain sensitive information like passwords |
Explore / Metrics | agent.cli.view_sensitive_configuration | VIEW | Use Agent Console commands to view the configuration of the agent which does contain sensitive information like passwords. There are currently zero commands that implement this permission |
Settings | sso.config | EDIT | N/A |
INTERNAL_ADMIN | sso-system.config | EDIT | N/A |
Settings | customer-admin-users.create | CREATE | Create new customer admin users |
ROLE_MANAGEMENT | custom-team-roles.create | CREATE | N/A |
Settings | teams.create | CREATE | N/A |
Settings | users.create | CREATE | Invite new users |
ROLE_MANAGEMENT | custom-team-roles.delete | DELETE | N/A |
Settings | teams.delete | DELETE | N/A |
Settings | access-keys.edit | EDIT | N/A |
Settings | sso-active.edit | EDIT | N/A |
Policies | secure.admission-controller.edit | EDIT | N/A |
Scanning (Legacy) | agentscanning.config.edit | EDIT | N/A |
Settings | api-token.edit | EDIT | Reset users API token in scope of a team |
Settings | aws-settings.edit | EDIT | N/A |
Settings | beacon-configuration.edit | EDIT | N/A |
Posture | secure.benchmark.results.edit | EDIT | N/A |
Settings | certman.edit | EDIT | N/A |
Costs | cost-advisor.edit | EDIT | Change Cost Advisor pricing |
Costs | cost-reports.edit | EDIT | Change cost reports |
USERS | user-deactivation-configuration.edit | EDIT | Modify user deactivation configuration |
Data Access Settings | datastream.edit | EDIT | N/A |
INTERNAL_SERVICE | data-api-settings.edit | EDIT | N/A |
INTERNAL_SERVICE | data-throttling-settings.edit | EDIT | N/A |
Settings | downtimes.edit | EDIT | N/A |
Settings | events-forwarder.edit | EDIT | N/A |
Integrations | file-storage-config.edit | EDIT | N/A |
Settings | global.notification-channels.edit | EDIT | N/A |
Settings | global.service-accounts.edit | EDIT | N/A |
Settings | global-service-account-notification-settings.edit | EDIT | N/A |
Data Access Settings | groupings.edit | EDIT | Create and edit custom groupings |
Settings | group-mappings.edit | EDIT | Modify mapping of users IDP groups to Sysdig teams/roles |
Settings | ip-filters.edit | EDIT | Modify IP filter configuration |
Settings | login-banner.edit | EDIT | N/A |
Settings | memberships.edit | EDIT | Invite other users to the teams |
Settings | memberships-roles.edit | EDIT | Modify team members roles |
Network Security | netsec.edit | EDIT | N/A |
Get Started | onboarding.edit | EDIT | N/A |
INTERNAL_ADMIN | service.platform-alerts-settings.edit | EDIT | Edit platform alerts settings |
Policies | policy-tuner.edit | EDIT | N/A |
Integrations | promcat.integrations.edit | EDIT | Change monitoring integration type or status |
Integrations | providers.edit | EDIT | N/A |
Scanning (Legacy) | scanning.retention.edit | EDIT | N/A |
Scanning (Legacy) | secure.images.edit | EDIT | N/A |
Settings | secure-settings.edit | EDIT | Modify Sysdig Secure configuration |
Settings | service-account.edit | EDIT | Modify service accounts in scope of a team |
Settings | service-account-notification-settings.edit | EDIT | N/A |
Settings | service-account-role.edit | EDIT | Change service account roles |
Settings | subscription.edit | EDIT | N/A |
Settings | sysdig-storage.edit | EDIT | N/A |
INTERNAL_ADMIN | system-falco.edit | EDIT | N/A |
Settings | teams.edit | EDIT | N/A |
Settings | team-agent-cli-settings.edit | EDIT | Toggle access to agent console for a team |
Settings | team-capture-settings.edit | EDIT | Toggle access to captures for a team |
Settings | team-rapid-response-settings.edit | EDIT | N/A |
Integrations | third-party-integrations.edit | EDIT | N/A |
Ticketing | ticketing-customer-settings.edit | EDIT | Edit ticketing customer settings |
UI Settings | ui-customer-settings.edit | EDIT | N/A |
UI Settings | ui-inactivity-settings.edit | EDIT | N/A |
UI Settings | ui-settings.edit | EDIT | N/A |
UI Settings | ui-user-app-settings.edit | EDIT | N/A |
Settings | users.edit | EDIT | N/A |
Settings | user-list.edit | EDIT | N/A |
USERS | user-password.edit | EDIT | N/A |
USERS | user-profile.edit | EDIT | N/A |
INTERNAL_UNCATEGORIZED | dev-task.exec | EXEC | N/A |
INTERNAL_UNCATEGORIZED | es-query.exec | EXEC | N/A |
Captures / Investigate | secure.rapid-response.exec | EXEC | Use rapid response |
INTERNAL_ADMIN | protobuf.export | OTHER_MUTATOR | N/A |
INTERNAL_ADMIN | impersonate.edit | EDIT | N/A |
Data Access Settings | ingest.prws | OTHER | N/A |
Data Access Settings | ingest.prws.controlled | OTHER | N/A |
Captures / Investigate | secure.rapid-response.kill | KILL | N/A |
INTERNAL_SERVICE | metrics-descriptors.manage | MANAGE | N/A |
INTERNAL_UNCATEGORIZED | quartz-jobs.manage | MANAGE | N/A |
Settings | secure.risk-spotlight-integration-tokens.manage | MANAGE | Manage risk spotlight integration tokens from the UI |
Settings | access-keys.read | READ | N/A |
Scanning (Legacy) | agentscanning.config.read | READ | N/A |
Settings | agent-installation.read | READ | Get agent access key (required for agent installation) |
Settings | agreement.read | READ | N/A |
Settings | api-token.read | READ | Access users API token in scope of a team |
INTERNAL_UNCATEGORIZED | audit-trail-events.read | READ | N/A |
Settings | aws-settings.read | READ | Access AWS settings |
Settings | azure-settings.read | READ | N/A |
Settings | beacon-configuration.read | READ | N/A |
Settings | certman.read | READ | N/A |
Settings | cloud.accounts.read | READ | Access cloud accounts |
Costs | cost-advisor.read | READ | Access Cost Advisor |
INTERNAL_SERVICE | cost-digest.read | READ | Read cost digest enabled customers |
Costs | cost-explorer.read | READ | Access Cost Explorer |
Costs | cost-reports.read | READ | Access cost reports |
INTERNAL_SERVICE | customer-by-accesskey.read | READ | N/A |
Settings | customer-plan.read | READ | N/A |
Settings | customer-teams.read | READ | Access and list teams data |
USERS | user-deactivation-configuration.read | READ | Access user deactivation configuration |
Events | custom-events.read | READ | Access the infrastructure and other events created by Sysdig Agent or Sysdig API |
ROLE_MANAGEMENT | custom-team-roles.read | READ | N/A |
Dashboards | dashboard-metrics-data.read | READ | N/A |
Data Access Settings | datastream.read | READ | Access data stream configuration |
INTERNAL_SERVICE | data-api-settings.read | READ | N/A |
INTERNAL_SERVICE | data-throttling-settings.read | READ | N/A |
Settings | downtimes.read | READ | List alert downtimes for the customer |
Settings | events-forwarder.read | READ | Access event forwarding configuration |
Explore / Metrics | explore.read | READ | Metric querying with Explore |
INTERNAL_UNCATEGORIZED | external-links.read | READ | N/A |
Integrations | file-storage-config.read | READ | N/A |
Settings | global.service-accounts.read | READ | N/A |
Settings | global-service-account-notification-settings.read | READ | N/A |
Data Access Settings | groupings.read | READ | Access default and custom groupings |
Settings | group-mappings.read | READ | Access mapping of users IDP groups to Sysdig teams/roles |
Integrations | helmsrenderer.read | READ | Access Helm-renderer component |
Data Access Settings | history-data.read | READ | N/A |
INTERNAL_UNCATEGORIZED | impersonate.read | READ | N/A |
Integrations | infrastructure.read | READ | View discovered infrastructure |
Integrations | integrations.read | READ | View discovered workload integrations |
Settings | ip-filters.read | READ | Access IP Filter configuration |
Advisor | kubernetes-api-commands.read | READ | Kubernetes API feature |
Advisor | live-logs.view | VIEW | Access Live Logs feature |
Settings | login-banner.read | READ | N/A |
Data Access Settings | mds.read-metadata | READ | N/A |
Settings | memberships.read | READ | Access team members |
Data Access Settings | metadata-defaults.read | READ | N/A |
Data Access Settings | metrics-data.read | READ | Access metrics data |
Data Access Settings | metrics-descriptors.read | READ | Access metrics descriptors |
Get Started | onboarding.read | READ | N/A |
Advisor | overviews.read | READ | Access Advisor |
Settings | payment-details.read | READ | N/A |
ROLE_MANAGEMENT | permissions.read | READ | N/A |
INTERNAL_ADMIN | service.platform-alerts-settings.read | READ | Read platform alerts settings |
Integrations | promcat.integrations.read | READ | Access monitoring integration type or status |
Data Access Settings | promql-metadata.read | READ | Access Prometheus metrics and labels |
Integrations | providers.read | READ | N/A |
Scanning (Legacy) | scanning.read | READ | Read scan results |
Scanning (Legacy) | scanning.retention.read | READ | N/A |
Get Started | secure.onboarding.read | READ | N/A |
Settings | secure-settings.read | READ | N/A |
Settings | service-account.read | READ | Access service accounts in scope of a team |
Settings | service-account-notification-settings.read | READ | N/A |
Integrations | spotlight.read | READ | Access spotlight |
Settings | subscription.read | READ | Access customer subscription details |
Settings | sysdig-storage.read | READ | View Sysdig storage configuration |
INTERNAL_UNCATEGORIZED | teams.read | READ | N/A |
Settings | team-agent-cli-settings.read | READ | See the agent console access settings for a team |
Settings | team-capture-settings.read | READ | See the capture settings for a team |
Settings | team-rapid-response-settings.read | READ | N/A |
INTERNAL_UNCATEGORIZED | team-search.read | READ | N/A |
Integrations | third-party-integrations.read | READ | N/A |
Ticketing | ticketing-customer-settings.read | READ | Read ticketing customer settings |
UI Settings | ui-customer-settings.read | READ | N/A |
UI Settings | ui-inactivity-settings.read | READ | N/A |
UI Settings | ui-settings.read | READ | N/A |
UI Settings | ui-user-app-settings.read | READ | N/A |
Settings | users.read | READ | Access existing users data |
Settings | user-list.read | READ | See the list of users for a customer |
USERS | user-profile.read | READ | N/A |
Captures / Investigate | secure.rapid-response.sessions.read.all | READ | N/A |
Settings | agreement.sign | SIGN | N/A |
INTERNAL_UNCATEGORIZED | system-support.edit | EDIT | N/A |
INTERNAL_ADMIN | agent-availability.toggle | TOGGLE | N/A |
INTERNAL_UNCATEGORIZED | track.event | OTHER_MUTATOR | N/A |
ROLE_MANAGEMENT | custom-team-roles.update | UPDATE | N/A |
Sage | sage.exec | EXEC | Sysdig Sage chat |
Integrations | promcat.integrations.validate | VALIDATE | Change monitoring integration status to Pending Metrics |
Sysdig Secure Team Roles
Standard User
Category | Item | Permission | Description |
---|---|---|---|
Advisor | Kubernetes API | READ | Kubernetes API feature |
Live Logs | VIEW | Access Live Logs feature | |
Alerts | Alerts | READ | Access the alerts in scope of a team |
Captures / Investigate | Captures | READ | Access captures |
Captures | VIEW | View captures in the UI | |
Data Access Settings | Groupings | EDIT | Create and edit custom groupings |
Groupings | READ | Access default and custom groupings | |
Metrics Data | READ | Access metrics data | |
Metrics Descriptors | READ | Access metrics descriptors | |
Events | Custom Events | READ | Access the infrastructure and other events created by Sysdig Agent or Sysdig API |
Policy Events | READ | Access policy events | |
Explore / Metrics | Agent Console | VIEW | Use Agent Console commands |
Agent Console - Agent Status | READ | Use Agent Console commands which access agent status | |
Agent Console - Configuration | VIEW | Use Agent Console commands to view the configuration of the agent which does not contain sensitive information like passwords | |
Agent Console - Network Calls | EXEC | Use Agent Console commands which make network calls to remote pods and endpoints | |
Explore | READ | Metric querying with Explore | |
Shared Groupings with Team | TOGGLE | Share metrics grouping with the team | |
Integrations | Helm Renderer | READ | Access Helm-renderer component |
Infrastructure | READ | View discovered infrastructure | |
Monitoring Integrations | READ | Access monitoring integration type or status | |
Providers | READ | N/A | |
Policies | Posture Policies | READ | View Posture policies |
Posture Controls | READ | View Posture Controls | |
Zones | READ | View Zones that are assigned to current team | |
Posture | Compliance | READ | Access Compliance results |
Risk Acceptance | READ | Access to Posture Risk Acceptance management page | |
Legacy Benchmark Tasks | EDIT | Create and modify scheduled Legacy benchmark and compliance tasks | |
Legacy Benchmark Tasks | READ | Access scheduled Legacy benchmark tasks | |
Legacy Benchmarks | READ | Access Legacy benchmark results | |
Legacy Compliance | READ | Access Legacy Compliance tasks and reports | |
Risk | Risks | READ | Read Risks |
Scanning (legacy) | Image Import | EDIT | Import scanning images |
Scanning | READ | Read scan results | |
Scanning Alerts | READ | Access scanning alerts | |
Scanning Image Results | CREATE | Create scanning events | |
Scanning Image Results | READ | List scanning images | |
Scanning Runtime | EDIT | Query runtime containers API | |
Scanning Scheduled Reports | READ | View and download existing reports | |
Scanning Trusted Images | READ | Access the trusted images list | |
Scanning Untrusted Images | READ | Access the untrusted images list | |
Scanning Vulnerability Exceptions | READ | Access vulnerability exceptions | |
Settings | Agent Installation | READ | Get agent access key (required for agent installation) |
API Access Token | EDIT | Reset users API token in scope of a team | |
API Access Token | READ | Access users API token in scope of a team | |
API Access Token | VIEW | View your API token | |
AWS Settings | READ | Access AWS settings | |
Cloud Accounts | READ | Access cloud accounts | |
Global Notification Channels | READ | Access global notification channels | |
IAC | READ | Access IAC results | |
Notification Channels | READ | Access notification channels in scope of a team | |
Service Accounts | READ | Access service accounts in scope of a team | |
Subscriptions | READ | Access customer subscription details | |
Sysdig Secure Settings | EDIT | Modify Sysdig Secure configuration | |
Sysdig Storage | READ | View Sysdig storage configuration | |
Vulnerability Management | Scan Results | READ | View scan results on the Pipeline, Runtime, and Registry UI. Retrieve SBOM results from the SBOM API. |
Reporting | READ | View and download scan reports | |
Policy | READ | View policy details | |
Risk Acceptance | READ | View Exceptions | |
Registry Credentials | READ | View registry credentials |
Service Manager
Category | Item | Permission | Description |
---|---|---|---|
Advisor | Kubernetes API | READ | Kubernetes API feature |
Live Logs | VIEW | Access Live Logs feature | |
Alerts | Alerts | READ | Access the alerts in scope of a team |
Captures / Investigate | Captures | READ | Access captures |
Captures | VIEW | View captures in the UI | |
Data Access Settings | Groupings | EDIT | Create and edit custom groupings |
Groupings | READ | Access default and custom groupings | |
Metrics Data | READ | Access metrics data | |
Metrics Descriptors | READ | Access metrics descriptors | |
Events | Custom Events | READ | Access the infrastructure and other events created by Sysdig Agent or Sysdig API |
Policy Events | READ | Access policy events | |
Explore / Metrics | Agent Console | VIEW | Use Agent Console commands |
Agent Console - Agent Status | READ | Use Agent Console commands which access agent status | |
Agent Console - Configuration | VIEW | Use Agent Console commands to view the configuration of the agent which does not contain sensitive information like passwords | |
Agent Console - Network Calls | EXEC | Use Agent Console commands which make network calls to remote pods and endpoints | |
Explore | READ | Metric querying with Explore | |
Shared Groupings with Team | TOGGLE | Share metrics grouping with the team | |
Integrations | Helm Renderer | READ | Access Helm-renderer component |
Infrastructure | READ | View discovered infrastructure | |
Monitoring Integrations | READ | Access monitoring integration type or status | |
Providers | READ | N/A | |
Policies | Posture Policies | READ | View Posture policies |
Posture Controls | READ | View Posture Controls | |
Zones | READ | View Zones that are assigned to current team | |
Posture | Compliance | READ | Access Compliance results |
Risk Acceptance | READ | Access to Posture Risk Acceptance management page | |
Legacy Benchmark Tasks | EDIT | Create and modify scheduled Legacy benchmark and compliance tasks | |
Legacy Benchmark Tasks | READ | Access scheduled Legacy benchmark tasks | |
Legacy Benchmarks | READ | Access Legacy benchmark results | |
Legacy Compliance | READ | Access Legacy Compliance tasks and reports | |
Risk | Risks | READ | Read Risks |
Scanning (Legacy) | Image Import | EDIT | Import scanning images |
Scanning | EXEC | Execute backend scanning | |
Scanning | READ | Read scan results | |
Scanning | WRITE | Modify scanning alerts and registry credentials | |
Scanning Alerts | EDIT | Modify scanning alerts | |
Scanning Alerts | READ | Access scanning alerts | |
Scanning | Scanning Image Results | CREATE | Create scanning events |
Scanning Image Results | READ | List scanning images | |
Scanning Policy Assignments | READ | Access policy mappings | |
Scanning Runtime | EDIT | Query runtime containers API | |
Scanning Scheduled Reports | READ | View and download existing reports | |
Scanning Trusted Images | READ | Access the trusted images list | |
Scanning Untrusted Images | READ | Access the untrusted images list | |
Scanning Vulnerability Exceptions | READ | Access vulnerability exceptions | |
Settings | Agent Installation | READ | Get agent access key (required for agent installation) |
API Access Token | EDIT | Reset users API token in scope of a team | |
API Access Token | READ | Access users API token in scope of a team | |
API Access Token | VIEW | View your API token | |
AWS Settings | READ | Access AWS settings | |
Cloud Accounts | READ | Access cloud accounts | |
Global Notification Channels | READ | Access global notification channels | |
IAC | READ | Access IAC results | |
Notification Channels | EDIT | Modify notification channels in scope of a team | |
Notification Channels | READ | Access notification channels in scope of a team | |
Service Accounts | READ | Access service accounts in scope of a team | |
Subscriptions | READ | Access customer subscription details | |
Sysdig Secure Settings | EDIT | Modify Sysdig Secure configuration | |
Sysdig Storage | READ | View Sysdig storage configuration | |
Team Membership | EDIT | Invite other users to the teams | |
Team Membership | READ | Access team members | |
Team Membership Roles | EDIT | Modify team members roles | |
Teams | MANAGE | Modify team settings without the ability to modify team membership for users | |
Teams | READ | N/A | |
Users | READ | Access existing users data | |
Vulnerability Management | Scan Results | READ | View scan results on the Pipeline, Runtime, and Registry UI. Retrieve SBOM results from the SBOM API. |
Reporting | READ | View and download scan reports | |
Reporting | WRITE | Create, modify, and delete reports | |
Policy | READ | View policy details | |
Policy | WRITE | Create, edit, and delete policies | |
Risk Acceptance | READ | View Exceptions | |
CLI Execution | EXEC | Ability to run CLI Scanner | |
Scan Now | EXEC | Ability to instantly scan using Scan Now | |
Registry Credentials | READ | View registry credentials | |
Registry Credentials | WRITE | Add registry credentials | |
Registry Scanner | EXEC | Ability to run Registry Scanner |
View Only
Category | Item | Permission | Description |
---|---|---|---|
Advisor | Kubernetes API | READ | Kubernetes API feature |
Live Logs | VIEW | Access Live Logs feature | |
Alerts | Alerts | READ | Access the alerts in scope of a team |
Captures / Investigate | Activity Audit Commands | READ | Access activity audit commands |
Captures | READ | Access captures | |
Captures | VIEW | View captures in the UI | |
Data Access Settings | Groupings | EDIT | Create and edit custom groupings |
Groupings | READ | Access default and custom groupings | |
Metrics Data | READ | Access metrics data | |
Metrics Descriptors | READ | Access metrics descriptors | |
Events | Custom Events | READ | Access the infrastructure and other events created by Sysdig Agent or Sysdig API |
Policy Events | READ | Access policy events | |
Explore / Metrics | Agent Console | VIEW | Use Agent Console commands |
Agent Console - Agent Status | READ | Use Agent Console commands which access agent status | |
Agent Console - Configuration | VIEW | Use Agent Console commands to view the configuration of the agent which does not contain sensitive information like passwords | |
Agent Console - Network Calls | EXEC | Use Agent Console commands which make network calls to remote pods and endpoints | |
Explore | READ | Metric querying with Explore | |
Integrations | Helm Renderer | READ | Access Helm-renderer component |
Infrastructure | READ | View discovered infrastructure | |
Monitoring Integrations | READ | Access monitoring integration type or status | |
Providers | READ | N/A | |
Network Security | Network Security | READ | Access Kubernetes Network Security policy advisor |
Policies | Posture Policies | READ | View Posture policies |
Posture Controls | READ | View Posture Controls | |
Zones | READ | View Zones that are assigned to current team | |
Image profiling | READ | View existing image profiles | |
Policies | READ | Access policies | |
Policy Advisor | READ | Read PSP advisor simulations | |
Posture | Compliance | READ | Access Compliance results |
Risk Acceptance | READ | Access to Posture Risk Acceptance management page | |
Legacy Benchmark Tasks | EDIT | Create and modify scheduled Legacy benchmark and compliance tasks | |
Legacy Benchmark Tasks | READ | Access scheduled Legacy benchmark tasks | |
Legacy Benchmarks | READ | Access Legacy benchmark results | |
Legacy Compliance | READ | Access Legacy Compliance tasks and reports | |
Scanning (Legacy) | Scanning | READ | Read scan results |
Scanning Alerts | READ | Access scanning alerts | |
Scanning Image Results | READ | List scanning images | |
Scanning Policies | READ | Access security policies | |
Scanning Policy Assignments | READ | Access policy mappings | |
Scanning Registry Credentials | READ | List container registries | |
Scanning Runtime | EDIT | Query runtime containers API | |
Scanning Scheduled Reports | READ | View and download existing reports | |
Scanning Trusted Images | READ | Access the trusted images list | |
Scanning Untrusted Images | READ | Access the untrusted images list | |
Scanning Vulnerability Exceptions | READ | Access vulnerability exceptions | |
Settings | Agent Installation | READ | Get agent access key (required for agent installation) |
API Access Token | EDIT | Reset users API token in scope of a team | |
API Access Token | READ | Access users API token in scope of a team | |
API Access Token | VIEW | View your API token | |
AWS Settings | READ | Access AWS settings | |
Cloud Accounts | READ | Access cloud accounts | |
Global Notification Channels | READ | Access global notification channels | |
IAC | READ | Access IAC results | |
Notification Channels | READ | Access notification channels in scope of a team | |
Service Accounts | READ | Access service accounts in scope of a team | |
Subscriptions | READ | Access customer subscription details | |
Sysdig Secure Settings | EDIT | Modify Sysdig Secure configuration | |
Settings | Sysdig Storage | READ | View Sysdig storage configuration |
Vulnerability Management | Scan Results | READ | View scan results on the Pipeline, Runtime, and Registry UI. Retrieve SBOM results from the SBOM API. |
Reporting | READ | View and download scan reports | |
Policy | READ | View policy details | |
Risk Acceptance | READ | View Exceptions | |
Registry Credentials | READ | View registry credentials |
Team Manager
Category | Item | Permission | Description |
---|---|---|---|
Advisor | Kubernetes API | READ | Kubernetes API feature |
Live Logs | VIEW | Access Live Logs feature | |
Alerts | Alerts | EDIT | Modify alerts in scope of a team |
Alerts | READ | Access the alerts in scope of a team | |
Captures / Investigate | Activity Audit Commands | READ | Access activity audit commands |
Captures | EDIT | Modify captures | |
Captures | READ | Access captures | |
Captures | VIEW | View captures in the UI | |
Rapid Response | EXEC | Use rapid response | |
Data Access Settings | Datastream | READ | Access data stream configuration |
Groupings | EDIT | Create and edit custom groupings | |
Groupings | READ | Access default and custom groupings | |
Metrics Data | READ | Access metrics data | |
Metrics Descriptors | READ | Access metrics descriptors | |
Events | Custom Events | READ | Access the infrastructure and other events created by Sysdig Agent or Sysdig API |
Policy Events | READ | Access policy events | |
Explore / Metrics | Agent Console | VIEW | Use Agent Console commands |
Agent Console - Agent Status | READ | Use Agent Console commands which access agent status | |
Agent Console - Configuration | VIEW | Use Agent Console commands to view the configuration of the agent which does not contain sensitive information like passwords | |
Agent Console - Network Calls | EXEC | Use Agent Console commands which make network calls to remote pods and endpoints | |
Explore | EDIT | N/A | |
Explore | READ | Metric querying with Explore | |
Shared Groupings with Team | TOGGLE | Share metrics grouping with the team | |
Integrations | Helm Renderer | READ | Access Helm-renderer component |
Infrastructure | READ | View discovered infrastructure | |
Monitoring Integrations | READ | Access monitoring integration type or status | |
Providers | READ | N/A | |
Network Security | Network Security | READ | Access Kubernetes Network Security policy advisor |
Policies | Zones | EDIT | View and Edit All Zones |
Posture Policies | EDIT | View and Edit Posture policies | |
Posture Controls | EDIT | View and Edit Posture Controls | |
Image profiling | EXEC | Execute image profiling | |
Image profiling | READ | View existing image profiles | |
Image profiling | WRITE | Write image profiles | |
Policies | EDIT | Modify policies | |
Policies | READ | Access policies | |
Policy Advisor | EXEC | Execute PSP advisor simulation | |
Policy Advisor | READ | Read PSP advisor simulations | |
Policy Advisor | WRITE | Create PSP advisor simulation | |
Posture | Compliance | READ | Access Compliance results |
Risk Acceptance | EDIT | Access and modify Posture Risk Acceptance | |
Open PR | EDIT | Setup Pull Requests from posture remediation panel | |
Legacy Benchmark Tasks | EDIT | Access, Create and modify scheduled Legacy benchmark and compliance tasks | |
Legacy Benchmarks | READ | Access Legacy benchmark results | |
Legacy Compliance | READ | Access Legacy Compliance tasks and reports | |
Risk | Risks | READ | Read Risks |
Scanning | Image Import | EDIT | Import scanning images |
Scanning | EXEC | Execute backend scanning | |
Scanning | READ | Read scan results | |
Scanning | WRITE | Modify scanning alerts and registry credentials | |
Scanning Alerts | EDIT | Modify scanning alerts | |
Scanning Alerts | READ | Access scanning alerts | |
Scanning Image Results | CREATE | Create scanning events | |
Scanning Image Results | READ | List scanning images | |
Scanning Policies | EDIT | Modify security policies | |
Scanning Policies | READ | Access security policies | |
Scanning Policy Assignments | EDIT | Create and modify policy mappings | |
Scanning Policy Assignments | READ | Access policy mappings | |
Scanning Registry Credentials | EDIT | Create and modify container registries configuration | |
Scanning Registry Credentials | READ | List container registries | |
Scanning Runtime | EDIT | Query runtime containers API | |
Scanning Scheduled Reports | EDIT | Create and modify reports | |
Scanning Scheduled Reports | READ | View and download existing reports | |
Scanning Trusted Images | EDIT | Modify the trusted images list | |
Scanning Trusted Images | READ | Access the trusted images list | |
Scanning Untrusted Images | EDIT | Modify the untrusted images list | |
Scanning Untrusted Images | READ | Access the untrusted images list | |
Scanning Vulnerability Exceptions | EDIT | Edit vulnerability exceptions | |
Scanning Vulnerability Exceptions | READ | Access vulnerability exceptions | |
Settings | Agent Installation | READ | Get agent access key (required for agent installation) |
API Access Token | EDIT | Reset users API token in scope of a team | |
API Access Token | READ | Access users API token in scope of a team | |
API Access Token | VIEW | View your API token | |
AWS Settings | READ | Access AWS settings | |
Cloud Accounts | READ | Access cloud accounts | |
Global Notification Channels | READ | Access global notification channels | |
IAC | READ | Access IAC results | |
Notification Channels | EDIT | Modify notification channels in scope of a team | |
Notification Channels | READ | Access notification channels in scope of a team | |
Service Accounts | EDIT | Modify service accounts in scope of a team | |
Service Accounts | READ | Access service accounts in scope of a team | |
Subscriptions | READ | Access customer subscription details | |
Sysdig Secure Settings | EDIT | Modify Sysdig Secure configuration | |
Sysdig Storage | READ | View Sysdig storage configuration | |
Teams | MANAGE | Modify team settings without the ability to modify team membership for users | |
Vulnerability Management | Scan Results | READ | View scan results on the Pipeline, Runtime, and Registry UI. Retrieve SBOM results from the SBOM API. |
Reporting | READ | View and download scan reports | |
Reporting | WRITE | Create, modify, and delete reports | |
Policy | READ | View policy details | |
Policy | WRITE | Create, edit, and delete policies | |
Risk Acceptance | READ | View Exceptions | |
Risk Acceptance | WRITE | Create, update, and delete Exceptions | |
CLI Execution | EXEC | Ability to run CLI Scanner | |
Scan Now | EXEC | Ability to instantly scan using Scan Now | |
Registry Credentials | READ | View registry credentials | |
Registry Credentials | WRITE | Add registry credentials | |
Registry Scanner | EXEC | Ability to run Registry Scanner |
Advanced User
Category | Item | Permission | Description |
---|---|---|---|
Advisor | Kubernetes API | READ | Kubernetes API feature |
Live Logs | VIEW | Access Live Logs feature | |
Alerts | Alerts | EDIT | Modify alerts in scope of a team |
Alerts | READ | Access the alerts in scope of a team | |
Captures / Investigate | Activity Audit Commands | READ | Access activity audit commands |
Captures | EDIT | Modify captures | |
Captures | READ | Access captures | |
Captures | VIEW | View captures in the UI | |
Rapid Response | EXEC | Use rapid response | |
Data Access Settings | Datastream | READ | Access data stream configuration |
Groupings | EDIT | Create and edit custom groupings | |
Groupings | READ | Access default and custom groupings | |
Metrics Data | READ | Access metrics data | |
Metrics Descriptors | READ | Access metrics descriptors | |
Events | Custom Events | READ | Access the infrastructure and other events created by Sysdig Agent or Sysdig API |
Policy Events | READ | Access policy events | |
Explore / Metrics | Agent Console | VIEW | Use Agent Console commands |
Agent Console - Agent Status | READ | Use Agent Console commands which access agent status | |
Agent Console - Configuration | VIEW | Use Agent Console commands to view the configuration of the agent which does not contain sensitive information like passwords | |
Agent Console - Network Calls | EXEC | Use Agent Console commands which make network calls to remote pods and endpoints | |
Explore | EDIT | N/A | |
Explore | READ | Metric querying with Explore | |
Shared Groupings with Team | TOGGLE | Share metrics grouping with the team | |
Integrations | Helm Renderer | READ | Access Helm-renderer component |
Infrastructure | READ | View discovered infrastructure | |
Monitoring Integrations | READ | Access monitoring integration type or status | |
Providers | READ | N/A | |
Network Security | Network Security | READ | Access Kubernetes Network Security policy advisor |
Policies | Zones | EDIT | View and Edit All Zones |
Posture Policies | EDIT | View and Edit Posture policies | |
Posture Controls | EDIT | View and Edit Posture Controls | |
Image profiling | EXEC | Execute image profiling | |
Image profiling | READ | View existing image profiles | |
Image profiling | WRITE | Write image profiles | |
Policies | EDIT | Modify policies | |
Policies | READ | Access policies | |
Policy Advisor | EXEC | Execute PSP advisor simulation | |
Policy Advisor | READ | Read PSP advisor simulations | |
Policy Advisor | WRITE | Create PSP advisor simulation | |
Compliance | READ | Access Compliance results | |
Risk Acceptance | EDIT | Access and modify Posture Risk Acceptance | |
Posture | Open PR | EDIT | Setup Pull Requests from posture remediation panel |
Legacy Benchmark Tasks | EDIT | Access, Create and modify scheduled Legacy benchmark and compliance tasks | |
Legacy Benchmarks | READ | Access Legacy benchmark results | |
Legacy Compliance | READ | Access Legacy Compliance tasks and reports | |
Risk | Risks | READ | Read Risks |
Scanning (Legacy) | Image Import | EDIT | Import scanning images |
Scanning | EXEC | Execute backend scanning | |
Scanning | READ | Read scan results | |
Scanning | WRITE | Modify scanning alerts and registry credentials | |
Scanning Alerts | EDIT | Modify scanning alerts | |
Scanning Alerts | READ | Access scanning alerts | |
Scanning Image Results | CREATE | Create scanning events | |
Scanning Image Results | READ | List scanning images | |
Scanning Policies | EDIT | Modify security policies | |
Scanning Policies | READ | Access security policies | |
Scanning Policy Assignments | EDIT | Create and modify policy mappings | |
Scanning Policy Assignments | READ | Access policy mappings | |
Scanning Registry Credentials | EDIT | Create and modify container registries configuration | |
Scanning Registry Credentials | READ | List container registries | |
Scanning Runtime | EDIT | Query runtime containers API | |
Scanning Scheduled Reports | EDIT | Create and modify reports | |
Scanning Scheduled Reports | READ | View and download existing reports | |
Scanning Trusted Images | EDIT | Modify the trusted images list | |
Scanning Trusted Images | READ | Access the trusted images list | |
Scanning Untrusted Images | EDIT | Modify the untrusted images list | |
Scanning Untrusted Images | READ | Access the untrusted images list | |
Scanning Vulnerability Exceptions | EDIT | Edit vulnerability exceptions | |
Scanning Vulnerability Exceptions | READ | Access vulnerability exceptions | |
Settings | Agent Installation | READ | Get agent access key (required for agent installation) |
API Access Token | EDIT | Reset users API token in scope of a team | |
API Access Token | READ | Access users API token in scope of a team | |
API Access Token | VIEW | View your API token | |
AWS Settings | READ | Access AWS settings | |
Cloud Accounts | READ | Access cloud accounts | |
Global Notification Channels | READ | Access global notification channels | |
IAC | READ | Access IAC results | |
Notification Channels | EDIT | Modify notification channels in scope of a team | |
Notification Channels | READ | Access notification channels in scope of a team | |
Service Accounts | READ | Access service accounts in scope of a team | |
Subscriptions | READ | Access customer subscription details | |
Sysdig Secure Settings | EDIT | Modify Sysdig Secure configuration | |
Sysdig Storage | READ | View Sysdig storage configuration | |
Vulnerability Management | Scan Results | READ | View scan results on the Pipeline, Runtime, and Registry UI. Retrieve SBOM results from the SBOM API. |
Reporting | READ | View and download scan reports | |
Reporting | WRITE | Create, modify, and delete reports | |
Policy | READ | View policy details | |
Policy | WRITE | Create, edit, and delete policies | |
Risk Acceptance | READ | View Exceptions | |
Risk Acceptance | WRITE | Create, update, and delete Exceptions | |
CLI Execution | EXEC | Ability to run CLI Scanner | |
Scan Now | EXEC | Ability to instantly scan using Scan Now | |
Registry Credentials | READ | View registry credentials | |
Registry Credentials | WRITE | Add registry credentials | |
Registry Scanner | EXEC | Ability to run Registry Scanner |
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.