In ContraForce, users added to the portal can be assigned different permission levels on the organizational and workspace level. This article will provide an overview on which privileges each user role has in ContraForce.
Overview
In ContraForce, users are assigned an Organizational role as well as a Workspace Role. This article is divided into the following sections that outline the capabilities of each role against different ContraForce feature sets.
- Organizational Roles
- Workspace Roles - Incident Management
- Workspace Roles - Gamebooks
- Workspace Roles - Content Management System
- Workspace Roles - Workspaces
- Workspace Roles - Endpoints (Microsoft Defender for Endpoint)
- Workspace Roles - Notifications (Microsoft Sentinel)
Organizational Roles
In ContraForce, Organizational roles are separated from Workspace roles. Organizational roles are focused on restricting access to users, groups, and workspace settings.
| Organizational Roles | Org Member | Workspace Admin | User Admin | Org Admin |
| Add & Manage Users | N | N | Y | Y |
| Add & Manage User Groups | N | N | Y | Y |
| Assign Users & Groups to Workspaces | N | Y + Workspace Owner | Y + Workspace Owner | Y |
| View all Managed Workspaces | N | Y | N | Y |
| Add Workspaces | N | Y | N | Y |
| View all Users added to ContraForce | Y | Y | Y | Y |
| (Customer Tenant) Enable Allow Service Provider to run Gamebooks | Y | Y | Y | Y |
Workspace Roles - Incident Management
Features related to core incident management functionality inside ContraForce.
| Incident Management | Incident Analyst | Incident Responder | Content Admin | Owner |
| Apply Global Workspaces Filter | Y | Y | Y | Y |
| View Incident Tracker Card | Y | Y | Y | Y |
| View Latest Gamebook Runs Card | Y | Y | Y | Y |
| View Command Page Incident Table | Y | Y | Y | Y |
| View Incidents Page | Y | Y | Y | Y |
| Bulk Update Incidents | Y | Y | Y | Y |
| Search/Filter Incidents Table | Y | Y | Y | Y |
| Assign Incident Status | Y | Y | Y | Y |
| Assign Incident Owner | Y | Y | Y | Y |
| Open Incident Summary View | Y | Y | Y | Y |
| Open Incident Detail View | Y | Y | Y | Y |
| Add Comments to Incident | Y | Y | Y | Y |
| Create/Link ITSM Ticket to Incident | Y | Y | Y | Y |
| Fetch Related Incidents | Y | Y | Y | Y |
| Fetch Entity Spcific Incident Insights | Y | Y | Y | Y |
| Use Log Search Page | Y | Y | Y | Y |
Workspace Roles - Gamebooks
Features related to Gamebook functionality inside ContraForce.
| Gamebooks | Incident Analyst | Incident Responder | Content Admin | Owner |
| Run Gamebook Sequence | N | Y | Y | Y |
| Request Gamebooks for Approval | N | Y | Y | Y |
| Approve Gamebooks | N | Y | Y | Y |
| Load Previously Executed Gamebooks | Y | Y | Y | Y |
| View Gamebook Activity | Y | Y | Y | Y |
| View Gamebook Recommendations | Y | Y | Y | Y |
| Enable Gamebook Recommendations | N | N | Y | Y |
Workspace Roles - Content Management System
Features related to Content Management System functionality inside ContraForce. Note that this is only available for Sentinel Security Modules.
| Content Management System | Incident Analyst | Incident Responder | Content Admin | Owner |
| View CMS Rules, Rule Details, and Data Connector Activity | Y | Y | Y | Y |
| Deploy CMS Rules and Enable Auto-Update | N | N | Y | Y |
Workspace Roles - Workspaces
Features related to Workspace features inside ContraForce.
| Workspaces | Incident Analyst | Incident Responder | Content Admin | Owner |
| View all Managed Workspaces | N | N | Y | Y |
| View Workspace Configuration | Y + Addition to Workspace | Y + Addition to Workspace | Y + Addition to Workspace | Y |
| Consent Enterprise Applications for the Workspace | N | N | Y + Azure Global Admin | Y + Azure Global Admin |
| Add Security Module | N | N | Y | Y |
| Update Security Module | N | N | Y | Y |
| Add ITSM Module | N | N | Y | Y |
| Update ITSM Module | N | N | Y | Y |
| View All Assigned Users and Groups to Workspace | Y | Y | Y | Y |
| Assign Workspace Users & Groups | N | N | N | Y |
| Manage Workspace Users & Groups | N | N | N | Y |
Workspace Roles - Endpoints Page
Features related to the Endpoints page inside ContraForce. Note that this is only available for Defender XDR modules.
| Endpoints | Incident Analyst | Incident Responder | Content Admin | Owner |
| View Endpoint Inventory | Y | Y | Y | Y |
| Search Endpoint Inventory | Y | Y | Y | Y |
| View Endpoint Details | Y | Y | Y | Y |
Workspace - Notifications
Features related to Notifications functionality inside ContraForce. Note that this is only available for Sentinel Security Modules.
| Notifications | Incident Analyst | Incident Responder | Content Admin | Owner |
| Update Notification Preferences per Workspace | Y | Y | Y | Y |
| Receive Incident Notification Email | Y | Y | Y | Y |
If you have any questions, please contact us at support@contraforce.com.