Note
At least these rights are available in Workbench. However, this list can change at any time and may not be accurate at any given viewing.
Any user can be designated assignable by selecting a checkbox in the User profile. After a user is assignable:
-
Their name appears in the Assign to menus.
-
Their initials are visible to other Expel users after an alert or action is assigned to them.
|
Feature |
Action |
Organization Admin |
Organization Analyst |
|---|---|---|---|
|
Assign |
assign to customer user |
|
|
|
Assemblers |
view page |
|
|
|
create/edit/delete |
|
||
|
BOLO |
view page |
API only |
API only |
|
Customer context |
view page |
|
|
|
Customer configuration [1] |
view/edit |
|
|
|
Hunting |
view hunts (org specific with hunting service) |
|
|
|
Investigative actions |
pivot to console |
API only |
API only |
|
Investigation findings |
create/edit/delete |
|
|
|
Investigation remediations |
credit/edit/delete |
|
|
|
Timeline |
upload CSV |
|
|
|
add/edit timeline event |
|
|
|
|
My profile |
edit notifications |
|
|
|
change password |
|
|
|
|
reset Google Auth |
|
|
|
|
edit user |
|
|
|
|
"assignable" checkbox |
|
||
|
"locked" checkbox |
|
||
|
Navigation bar |
change organizations |
Multi-org only |
Multi-org only |
|
Organizations list |
view page |
Multi-org only |
Multi-org only |
|
edit |
Multi-org only |
||
|
My organization |
view page |
|
|
|
configure/edit PagerDuty integration |
|
||
|
show PagerDuty service key |
|
|
|
|
configure/edit Ticketing integration |
|
||
|
edit notifications |
|
|
|
|
Resilience |
view all recommendations |
|
|
|
show/hide recommendations |
|
|
|
|
Security devices |
view page |
|
|
|
create |
|
||
|
edit |
|
||
|
delete |
|
||
|
Workbench Integrations (PD, ticketing, and so on) |
configure/edit |
|
|
|
test connection |
|
||
|
Users |
view page |
|
|
|
"assignable" checkbox |
|
||
|
change own role |
|
||
|
change username |
|
||
|
create/delete |
|
||
|
edit |
|
||
|
lock other users ("locked" checkbox) |
|
||
|
resend enrollment email |
|
[1] Customer configuration defaults can only be created by expel_admin but overrides can be set per customer by org_admin. However, each configuration has internal write and visibility properties that can further change who can view or edit the setting to SYSTEM, EXPEL, or ORGANIZATION.