In AIR, the Global Admin has full control over managing 118 specific privileges, allowing the creation of highly customized user roles. This granular access control ensures that each user or group has permissions tailored to their specific needs, such as handling evidence acquisition, interACT sessions, or audit log management.
A useful feature within this setup is the tooltips provided alongside each privilege. These tooltips highlight any dependencies that may exist between privileges, helping administrators configure roles accurately without unintentionally restricting necessary functions.
For example, an admin could create a role that enables a user to access interACT for remote evidence collection while restricting access to audit logs or system-wide settings. The tooltips ensure that admins are aware of any required privileges to avoid misconfigurations.
This approach provides both flexibility and clarity, empowering admins to manage user roles effectively.
The tables below show the default privileges assigned to each built-in role. These can be customized by creating new roles with specific privilege combinations.
| Privilege | Org Admin | L1/L2 | L3/L4 | Maintenance | Responder |
|---|
| View Backup | ❌ | ❌ | ❌ | ✅ | ❌ |
| Backup Now | ❌ | ❌ | ❌ | ✅ | ❌ |
| Delete Backup | ❌ | ❌ | ❌ | ❌ | ❌ |
| Download Backup | ❌ | ❌ | ❌ | ❌ | ❌ |
| Privilege | Org Admin | L1/L2 | L3/L4 | Maintenance | Responder |
|---|
| View License Key | ❌ | ❌ | ❌ | ✅ | ❌ |
| Update License Key | ❌ | ❌ | ❌ | ✅ | ❌ |
| Privilege | Org Admin | L1/L2 | L3/L4 | Maintenance | Responder |
|---|
| Create Organization | ❌ | ❌ | ❌ | ❌ | ❌ |
| Delete Organization | ❌ | ❌ | ❌ | ❌ | ❌ |
| Privilege | Org Admin | L1/L2 | L3/L4 | Maintenance | Responder |
|---|
| Save Settings | ❌ | ❌ | ❌ | ✅ | ❌ |
| Privilege | Org Admin | L1/L2 | L3/L4 | Maintenance | Responder |
|---|
| Download Server Logs | ❌ | ❌ | ❌ | ❌ | ❌ |
| Privilege | Org Admin | L1/L2 | L3/L4 | Maintenance | Responder |
|---|
| View Acquisition Profile | ✅ | ✅ | ✅ | ❌ | ✅ |
| Create Acquisition Profile | ✅ | ✅ | ✅ | ❌ | ✅ |
| Update Acquisition Profile | ✅ | ✅ | ✅ | ❌ | ✅ |
| Delete Acquisition Profile | ✅ | ❌ | ✅ | ❌ | ✅ |
| Privilege | Org Admin | L1/L2 | L3/L4 | Maintenance | Responder |
|---|
| View Auditlog | ✅ | ❌ | ❌ | ❌ | ❌ |
| Privilege | Org Admin | L1/L2 | L3/L4 | Maintenance | Responder |
|---|
| Create Auto Asset Tag | ✅ | ❌ | ❌ | ❌ | ✅ |
| Update Auto Asset Tag | ✅ | ❌ | ❌ | ❌ | ✅ |
| View Auto Asset Tag | ✅ | ❌ | ❌ | ❌ | ✅ |
| Delete Auto Asset Tag | ✅ | ❌ | ❌ | ❌ | ✅ |
| Assign Auto Asset Tagging Task | ✅ | ❌ | ❌ | ❌ | ✅ |
| Privilege | Org Admin | L1/L2 | L3/L4 | Maintenance | Responder |
|---|
| View Automation Hub | ✅ | ✅ | ✅ | ❌ | ✅ |
| Manage Automation Hub | ✅ | ❌ | ✅ | ❌ | ✅ |
| Privilege | Org Admin | L1/L2 | L3/L4 | Maintenance | Responder |
|---|
| View Case | ✅ | ✅ | ✅ | ❌ | ✅ |
| Create Case | ✅ | ✅ | ✅ | ❌ | ✅ |
| Manage Case | ✅ | ✅ | ✅ | ❌ | ✅ |
| Update Case Status | ✅ | ✅ | ✅ | ❌ | ❌ |
| Change Owner Case | ✅ | ✅ | ✅ | ❌ | ✅ |
| Privilege | Org Admin | L1/L2 | L3/L4 | Maintenance | Responder |
|---|
| View Cloud Acquisition Profile | ❌ | ❌ | ❌ | ❌ | ❌ |
| Create Cloud Acquisition Profile | ❌ | ❌ | ❌ | ❌ | ❌ |
| Update Cloud Acquisition Profile | ❌ | ❌ | ❌ | ❌ | ❌ |
| Delete Cloud Acquisition Profile | ❌ | ❌ | ❌ | ❌ | ❌ |
| Privilege | Org Admin | L1/L2 | L3/L4 | Maintenance | Responder |
|---|
| View Cloud Asset Account | ❌ | ❌ | ❌ | ❌ | ❌ |
| Create Cloud Asset Account | ❌ | ❌ | ❌ | ❌ | ❌ |
| Delete Cloud Asset Account | ❌ | ❌ | ❌ | ❌ | ❌ |
| Sync Cloud Asset Account | ❌ | ❌ | ❌ | ❌ | ❌ |
| Privilege | Org Admin | L1/L2 | L3/L4 | Maintenance | Responder |
|---|
| Manage Cloud Account | ✅ | ❌ | ❌ | ❌ | ✅ |
| Deploy Responder to Cloud | ✅ | ❌ | ❌ | ❌ | ✅ |
| Privilege | Org Admin | L1/L2 | L3/L4 | Maintenance | Responder |
|---|
| Create Asset | ✅ | ❌ | ✅ | ❌ | ✅ |
| Edit Asset Label | ✅ | ❌ | ❌ | ❌ | ✅ |
| Delete Asset | ✅ | ❌ | ❌ | ✅ | ✅ |
| View Asset | ✅ | ✅ | ✅ | ✅ | ✅ |
| Sync LDAP | ✅ | ❌ | ❌ | ✅ | ✅ |
| Download Asset Logs | ✅ | ❌ | ❌ | ✅ | ✅ |
| Import Off-Network Asset | ✅ | ❌ | ✅ | ❌ | ✅ |
| Import PPC to Existing Asset | ✅ | ❌ | ✅ | ❌ | ✅ |
| Update Asset Connection Route | ✅ | ❌ | ✅ | ✅ | ✅ |
| Update Asset Maintenance Mode | ❌ | ❌ | ❌ | ❌ | ❌ |
| Privilege | Org Admin | L1/L2 | L3/L4 | Maintenance | Responder |
|---|
| Create Asset Tag | ✅ | ✅ | ✅ | ✅ | ✅ |
| Update Asset Tags | ✅ | ❌ | ❌ | ✅ | ✅ |
| Delete Asset Tag | ✅ | ❌ | ❌ | ✅ | ✅ |
| Delete All Asset Tags | ✅ | ❌ | ❌ | ✅ | ✅ |
| Remove Tags from Asset | ✅ | ❌ | ❌ | ✅ | ✅ |
| Add Tags to Assets | ✅ | ✅ | ✅ | ✅ | ✅ |
| Privilege | Org Admin | L1/L2 | L3/L4 | Maintenance | Responder |
|---|
| Create Event Subscriptions | ✅ | ❌ | ❌ | ❌ | ✅ |
| Update Event Subscriptions | ✅ | ❌ | ❌ | ❌ | ✅ |
| View Event Subscriptions | ✅ | ❌ | ❌ | ❌ | ✅ |
| Delete Event Subscriptions | ✅ | ❌ | ❌ | ❌ | ✅ |
| Privilege | Org Admin | L1/L2 | L3/L4 | Maintenance | Responder |
|---|
| View Evidence Repository | ✅ | ✅ | ✅ | ✅ | ✅ |
| Create Evidence Repository | ✅ | ❌ | ❌ | ✅ | ✅ |
| Update Evidence Repository | ✅ | ❌ | ❌ | ✅ | ✅ |
| Delete Evidence Repository | ✅ | ❌ | ❌ | ✅ | ✅ |
| View Case Report | ✅ | ✅ | ✅ | ❌ | ✅ |
| Privilege | Org Admin | L1/L2 | L3/L4 | Maintenance | Responder |
|---|
| View Full Text Search Profile | ✅ | ✅ | ✅ | ❌ | ✅ |
| Create Full Text Search Profile | ✅ | ✅ | ✅ | ❌ | ✅ |
| Update Full Text Search Profile | ✅ | ✅ | ✅ | ❌ | ✅ |
| Delete Full Text Search Profile | ✅ | ❌ | ✅ | ❌ | ✅ |
| Privilege | Org Admin | L1/L2 | L3/L4 | Maintenance | Responder |
|---|
| View Disk Image Acquisition Profile | ❌ | ❌ | ❌ | ❌ | ❌ |
| Create Disk Image Acquisition Profile | ❌ | ❌ | ❌ | ❌ | ❌ |
| Update Disk Image Acquisition Profile | ❌ | ❌ | ❌ | ❌ | ❌ |
| Delete Disk Image Acquisition Profile | ❌ | ❌ | ❌ | ❌ | ❌ |
| Privilege | Org Admin | L1/L2 | L3/L4 | Maintenance | Responder |
|---|
| View interACT Library | ✅ | ✅ | ✅ | ❌ | ✅ |
| Modify interACT Library | ✅ | ❌ | ✅ | ❌ | ✅ |
| Privilege | Org Admin | L1/L2 | L3/L4 | Maintenance | Responder |
|---|
| Enumerate | ✅ | ✅ | ✅ | ❌ | ✅ |
| Read Content | ✅ | ❌ | ✅ | ❌ | ✅ |
| Write and Execute | ✅ | ❌ | ✅ | ❌ | ✅ |
| Privilege | Org Admin | L1/L2 | L3/L4 | Maintenance | Responder |
|---|
| View Notification | ✅ | ✅ | ✅ | ✅ | ✅ |
| Delete All Notifications | ✅ | ❌ | ❌ | ✅ | ✅ |
| Mark All as Read Notification | ✅ | ✅ | ✅ | ✅ | ✅ |
| Privilege | Org Admin | L1/L2 | L3/L4 | Maintenance | Responder |
|---|
| View Organization | ✅ | ❌ | ❌ | ❌ | ❌ |
| Update Organization | ✅ | ❌ | ❌ | ❌ | ❌ |
| Privilege | Org Admin | L1/L2 | L3/L4 | Maintenance | Responder |
|---|
| Update Deployment Token | ✅ | ❌ | ❌ | ❌ | ❌ |
| Privilege | Org Admin | L1/L2 | L3/L4 | Maintenance | Responder |
|---|
| View Policy | ✅ | ✅ | ✅ | ✅ | ✅ |
| Create Policy | ✅ | ❌ | ❌ | ✅ | ✅ |
| Update Policy | ✅ | ❌ | ❌ | ✅ | ✅ |
| Delete Policy | ✅ | ❌ | ❌ | ✅ | ✅ |
| Override Policy | ✅ | ❌ | ✅ | ✅ | ✅ |
| Privilege | Org Admin | L1/L2 | L3/L4 | Maintenance | Responder |
|---|
| Manage Relay Server | ✅ | ❌ | ❌ | ❌ | ✅ |
| Privilege | Org Admin | L1/L2 | L3/L4 | Maintenance | Responder |
|---|
| View Task | ✅ | ✅ | ✅ | ✅ | ✅ |
| Delete Task | ✅ | ✅ | ✅ | ❌ | ✅ |
| Cancel Task | ✅ | ✅ | ✅ | ❌ | ✅ |
| Update Task | ✅ | ❌ | ❌ | ❌ | ✅ |
| Schedule Task | ✅ | ❌ | ✅ | ❌ | ✅ |
| Update Scheduled Task | ✅ | ❌ | ✅ | ❌ | ✅ |
| Privilege | Org Admin | L1/L2 | L3/L4 | Maintenance | Responder |
|---|
| Assign Hunt/Triage Task | ✅ | ✅ | ✅ | ❌ | ✅ |
| Assign Acquire Evidence Task | ✅ | ✅ | ✅ | ❌ | ✅ |
| Assign Full Text Search Task | ✅ | ❌ | ❌ | ❌ | ❌ |
| Assign Disk Image Acquisition Task | ❌ | ❌ | ❌ | ❌ | ❌ |
| Assign Reboot Task | ✅ | ❌ | ✅ | ✅ | ❌ |
| Assign Shutdown Task | ✅ | ❌ | ❌ | ✅ | ❌ |
| Assign Log Retrieval Task | ✅ | ❌ | ❌ | ✅ | ✅ |
| Assign Version Update Task | ✅ | ❌ | ✅ | ✅ | ✅ |
| Assign Isolation Task | ✅ | ❌ | ✅ | ✅ | ✅ |
| Privilege | Org Admin | L1/L2 | L3/L4 | Maintenance | Responder |
|---|
| Delete Task Assignment | ✅ | ✅ | ✅ | ✅ | ✅ |
| Cancel Task Assignment | ✅ | ✅ | ✅ | ✅ | ✅ |
| Privilege | Org Admin | L1/L2 | L3/L4 | Maintenance | Responder |
|---|
| View Hunt/Triage | ✅ | ✅ | ✅ | ❌ | ✅ |
| Create Hunt/Triage | ✅ | ✅ | ✅ | ❌ | ✅ |
| Update Hunt/Triage | ✅ | ✅ | ✅ | ❌ | ✅ |
| Delete Hunt/Triage | ✅ | ✅ | ✅ | ❌ | ✅ |
| Privilege | Org Admin | L1/L2 | L3/L4 | Maintenance | Responder |
|---|
| View User | ✅ | ✅ | ✅ | ❌ | ✅ |
| Create User | ✅ | ❌ | ❌ | ❌ | ❌ |
| Delete User | ✅ | ❌ | ❌ | ❌ | ❌ |
| Update User | ✅ | ❌ | ❌ | ❌ | ❌ |
| Privilege | Org Admin | L1/L2 | L3/L4 | Maintenance | Responder |
|---|
| View Role | ✅ | ❌ | ❌ | ❌ | ❌ |
| Privilege | Org Admin | L1/L2 | L3/L4 | Maintenance | Responder |
|---|
| Update 2FA Settings | ✅ | ❌ | ❌ | ❌ | ❌ |
| Privilege | Org Admin | L1/L2 | L3/L4 | Maintenance | Responder |
|---|
| View Webhook | ✅ | ❌ | ❌ | ❌ | ✅ |
| Create Webhook | ✅ | ❌ | ❌ | ❌ | ✅ |
| Update Webhook | ✅ | ❌ | ❌ | ❌ | ✅ |
| Delete Webhook | ✅ | ❌ | ❌ | ❌ | ✅ |
