Roles & Permissions
Control user access and capabilities with role-based access control (RBAC).
Role-Based Access Control
CastellanAI uses role-based access control (RBAC) to manage user permissions. Each user is assigned one or more roles that determine what they can view and do within the platform.
| Principle | Description |
|---|---|
| Principle of Least Privilege | Users only get access they need |
| Separation of Duties | Critical actions require multiple roles |
| Audit Trail | All actions logged with role context |
| Custom Roles | Create roles tailored to your needs |
Built-in Roles
CastellanAI includes four pre-configured roles for common use cases:
Administrator
Full system access with no restrictions. Can manage all users, settings, and configurations.
Capabilities:
- View and manage all security events
- Execute response actions without approval
- Create and modify detection rules
- Manage users, roles, and permissions
- Configure system settings and integrations
- Access billing and subscription management
Limit administrator role to 2-3 trusted individuals. All administrator actions are logged.
Security Analyst
Primary role for security operations personnel. Can investigate and triage threats but requires approval for high-impact actions.
Capabilities:
- View all security events
- Investigate incidents
- Triage and assign threats
- Create custom rules
- Add IOCs to watchlists
- Generate reports
- Suggest actions (requires approval)
Limitations:
- Cannot modify system settings
Incident Responder
Tactical role focused on threat containment and remediation. Can execute response actions with limited approval requirements.
Capabilities:
- View assigned incidents
- Execute response actions
- Block IPs and quarantine files
- Isolate compromised hosts
Limitations:
- Limited event visibility (assigned only)
- Cannot create detection rules
Viewer
Read-only access for compliance officers, auditors, and stakeholders who need visibility without operational control.
Capabilities:
- View security dashboard
- View security events (read-only)
- View reports and metrics
- Export data (non-sensitive)
Limitations:
- Cannot modify anything
- Cannot execute actions
Permission Matrix
Quick reference for role capabilities:
| Permission | Admin | Analyst | Responder | Viewer |
|---|---|---|---|---|
| View Security Events | Yes | Yes | Assigned Only | Yes |
| Create Detection Rules | Yes | Yes | No | No |
| Execute Response Actions | Yes | With Approval | Yes | No |
| Manage Users & Roles | Yes | No | No | No |
| Configure System Settings | Yes | No | No | No |
| Generate Reports | Yes | Yes | Yes | Yes |
| Access Billing | Yes | No | No | No |
Managing User Roles
Assigning Roles
- Navigate to Settings -> User Management
- Select the user you want to modify
- Click Edit Roles
- Check/uncheck roles as needed (users can have multiple roles)
- Click Save Changes
Changes take effect immediately. Users will be notified of role changes via email.
Creating Custom Roles
Enterprise plan customers can create custom roles with granular permissions:
- Go to Settings -> Roles & Permissions
- Click Create Custom Role
- Name the role and provide a description
- Select specific permissions from the permission list
- Test the role with a test user before deploying
Best Practices
- Regular Access Reviews - Audit user roles quarterly to ensure appropriate access levels
- Minimize Administrator Accounts - Limit administrator role to 2-3 trusted individuals maximum
- Require MFA for Privileged Roles - Enforce multi-factor authentication for Administrator and Analyst roles
- Document Role Assignments - Maintain records of why users have specific roles for compliance
- Immediate Revocation - Remove access immediately when employees leave or change roles
What's Next?
- Multi-Factor Authentication - Enhance account security
- User Activity Monitoring - Track user actions
- Access Control Policies - Configure advanced access controls
Need Help?
Our team can assist with designing role structures for your organization.