Roles & Permissions

Control user access and capabilities with role-based access control (RBAC).

Principle of Least Privilege

Users should only have access to what they need. CastellanAI's RBAC ensures secure, auditable access management.

---

Role-Based Access Control

Principle	Description
Principle of Least Privilege	Users only get access they need
Separation of Duties	Critical actions require multiple roles
Audit Trail	All actions logged with role context
Custom Roles	Create roles tailored to your needs

---

Built-in Roles

👑 Administrator

Administrator

Full system access with no restrictions. Can manage all users, settings, and configurations.

Capabilities:

Capability	Description
View and manage all security events	Full event access
Execute response actions	No approval required
Create and modify detection rules	Full rule management
Manage users, roles, and permissions	Complete user control
Configure system settings	Full configuration access
Access billing and subscription	Financial management

Security Note

Limit administrator role to 2-3 trusted individuals. All administrator actions are logged.

🔍 Security Analyst

Security Analyst

Primary role for security operations personnel. Can investigate and triage threats.

Capabilities:

Capability	Description
View all security events	Full visibility
Investigate incidents	Deep analysis
Triage and assign threats	Prioritization
Create custom rules	Rule management
Add IOCs to watchlists	Threat intelligence
Generate reports	Reporting access
Suggest actions	Requires approval for execution

Limitations:

• Cannot modify system settings
• Cannot manage users or billing

⚡ Incident Responder

Incident Responder

Tactical role focused on threat containment and remediation.

Capabilities:

Capability	Description
View assigned incidents	Limited visibility
Execute response actions	Direct execution
Block IPs	Network containment
Quarantine files	Malware isolation
Isolate hosts	Endpoint containment

Limitations:

• Limited event visibility (assigned only)
• Cannot create detection rules
• Cannot modify configuration

👁️ Viewer

Viewer

Read-only access for compliance officers, auditors, and stakeholders.

Capabilities:

Capability	Description
View security dashboard	Overview access
View security events	Read-only
View reports and metrics	Analytics access
Export data	Non-sensitive only

Limitations:

• Cannot modify anything
• Cannot execute actions
• Cannot access sensitive data

Audit Use Case

Ideal for external auditors who need visibility without operational control.

---

Permission Matrix

Quick reference for role capabilities:

Permission	Admin	Analyst	Responder	Viewer
View Security Events	✅	✅	Assigned	✅
Create Detection Rules	✅	✅	❌	❌
Execute Response Actions	✅	Approval	✅	❌
Manage Users & Roles	✅	❌	❌	❌
Configure System Settings	✅	❌	❌	❌
Generate Reports	✅	✅	✅	✅
Access Billing	✅	❌	❌	❌

---

Managing User Roles

📋 Assign Roles

Assigning Roles

1. Navigate to Settings → User Management
2. Select the user you want to modify
3. Click Edit Roles
4. Check/uncheck roles as needed (users can have multiple roles)
5. Click Save Changes

Immediate Effect

Changes take effect immediately. Users will be notified of role changes via email.

🎨 Custom Roles

Creating Custom Roles

Enterprise Feature

Custom roles are available on the Enterprise plan.

Steps:

1. Go to Settings → Roles & Permissions
2. Click Create Custom Role
3. Name the role and provide a description
4. Select specific permissions from the permission list
5. Test the role with a test user before deploying

Custom Role Example:

Name: SOC Lead
Permissions:
  ✅ View all events
  ✅ Investigate incidents
  ✅ Create rules
  ✅ Manage analyst assignments
  ❌ Manage users
  ❌ Access billing

---

Best Practices

✅ Do's

Role Management Do's

Practice	Description
Regular Access Reviews	Audit user roles quarterly
Minimize Admin Accounts	Limit to 2-3 trusted individuals
Require MFA	Enforce for Administrator and Analyst roles
Document Assignments	Record why users have specific roles
Immediate Revocation	Remove access when employees leave

❌ Don'ts

Role Management Don'ts

Avoid	Risk
Excessive Admin Accounts	Increases attack surface
Shared Accounts	Breaks audit trail
Delayed Offboarding	Unauthorized access risk
Role Creep	Users accumulate unnecessary permissions
Undocumented Exceptions	Compliance violations

📝 Role Assignment Checklist

• Identify user's job function and responsibilities
• Select minimum required role
• Document role assignment rationale
• Configure MFA if required for role
• Notify user of assigned permissions
• Schedule quarterly review date

---

What's Next?

Guide	Description
Multi-Factor Authentication	Enhance account security
User Activity Monitoring	Track user actions
Access Control Policies	Configure advanced access controls

Need Help?

Our team can assist with designing role structures for your organization. Contact Support