Admin Roles

Sysdig Monitor System Roles

Admin

Category	Item	Permission	Description
INTERNAL_UNCATEGORIZED	secure.access	OTHER	N/A
Posture	compliance.policies.admin	OTHER_MUTATOR	N/A
INTERNAL_UNCATEGORIZED	customer.admin	OTHER_MUTATOR	N/A
INTERNAL_UNCATEGORIZED	team-admin.insight	OTHER	N/A
INTERNAL_ADMIN	onboarding.admin	OTHER_MUTATOR	N/A
Integrations	promcat.integrations.manage	MANAGE	Change monitoring integration type or status
INTERNAL_SERVICE	active-secure-compliance-users-admin.read	READ	N/A
INTERNAL_SERVICE	active-secure-overview-users-admin.read	READ	N/A
INTERNAL_ADMIN	inactive-users-admin.read	READ	N/A
INTERNAL_SERVICE	metrics-data-admin.read	READ	Access metrics data associated with a time series.
Reports	reports.manage	MANAGE	Change monitoring reports
Posture	secure.onboarding.admin	OTHER_MUTATOR	N/A
Posture	secure.todo.admin	OTHER_MUTATOR	N/A
INTERNAL_ADMIN	system-admin.edit	EDIT	N/A
INTERNAL_ADMIN	system-admin.read	READ	N/A
Explore / Metrics	agent.cli.agent_internal_diagnostics	READ	Use Agent Console commands which access internal diagnostics of the agent
Explore / Metrics	agent.cli.agent_network_calls_to_remote_pods	EXEC	Use Agent Console commands which make network calls to remote pods and endpoints
Explore / Metrics	agent.cli.agent_status	READ	Use Agent Console commands which access agent status
Explore / Metrics	agent.cli.view	VIEW	Use Agent Console commands
Explore / Metrics	agent.cli.view_configuration	VIEW	Use Agent Console commands to view the configuration of the agent which does not contain sensitive information like passwords
Explore / Metrics	agent.cli.view_sensitive_configuration	VIEW	Use Agent Console commands to view the configuration of the agent which does contain sensitive information like passwords. There are currently zero commands that implement this permission
Settings	sso.config	EDIT	N/A
INTERNAL_ADMIN	sso-system.config	EDIT	N/A
Settings	customer-admin-users.create	CREATE	Create new customer admin users
ROLE_MANAGEMENT	custom-team-roles.create	CREATE	N/A
Settings	teams.create	CREATE	N/A
Settings	users.create	CREATE	Invite new users
ROLE_MANAGEMENT	custom-team-roles.delete	DELETE	N/A
Settings	teams.delete	DELETE	N/A
Settings	access-keys.edit	EDIT	N/A
Settings	sso-active.edit	EDIT	N/A
Policies	secure.admission-controller.edit	EDIT	N/A
Scanning (Legacy)	agentscanning.config.edit	EDIT	N/A
Settings	api-token.edit	EDIT	Reset users API token in scope of a team
Settings	aws-settings.edit	EDIT	N/A
Settings	beacon-configuration.edit	EDIT	N/A
Posture	secure.benchmark.results.edit	EDIT	N/A
Settings	certman.edit	EDIT	N/A
Costs	cost-advisor.edit	EDIT	Change Cost Advisor pricing
Costs	cost-reports.edit	EDIT	Change cost reports
USERS	user-deactivation-configuration.edit	EDIT	Modify user deactivation configuration
Data Access Settings	datastream.edit	EDIT	N/A
INTERNAL_SERVICE	data-api-settings.edit	EDIT	N/A
INTERNAL_SERVICE	data-throttling-settings.edit	EDIT	N/A
Settings	downtimes.edit	EDIT	N/A
Settings	events-forwarder.edit	EDIT	N/A
Integrations	file-storage-config.edit	EDIT	N/A
Settings	global.notification-channels.edit	EDIT	N/A
Settings	global.service-accounts.edit	EDIT	N/A
Settings	global-service-account-notification-settings.edit	EDIT	N/A
Data Access Settings	groupings.edit	EDIT	Create and edit custom groupings
Settings	group-mappings.edit	EDIT	Modify mapping of users IDP groups to Sysdig teams/roles
Settings	ip-filters.edit	EDIT	Modify IP filter configuration
Settings	login-banner.edit	EDIT	N/A
Settings	memberships.edit	EDIT	Invite other users to the teams
Settings	memberships-roles.edit	EDIT	Modify team members roles
Network Security	netsec.edit	EDIT	N/A
Get Started	onboarding.edit	EDIT	N/A
INTERNAL_ADMIN	service.platform-alerts-settings.edit	EDIT	Edit platform alerts settings
Policies	policy-tuner.edit	EDIT	N/A
Integrations	promcat.integrations.edit	EDIT	Change monitoring integration type or status
Integrations	providers.edit	EDIT	N/A
Scanning (Legacy)	scanning.retention.edit	EDIT	N/A
Scanning (Legacy)	secure.images.edit	EDIT	N/A
Settings	secure-settings.edit	EDIT	Modify Sysdig Secure configuration
Settings	service-account.edit	EDIT	Modify service accounts in scope of a team
Settings	service-account-notification-settings.edit	EDIT	N/A
Settings	service-account-role.edit	EDIT	Change service account roles
Settings	subscription.edit	EDIT	N/A
Settings	sysdig-storage.edit	EDIT	N/A
INTERNAL_ADMIN	system-falco.edit	EDIT	N/A
Settings	teams.edit	EDIT	N/A
Settings	team-agent-cli-settings.edit	EDIT	Toggle access to agent console for a team
Settings	team-capture-settings.edit	EDIT	Toggle access to captures for a team
Settings	team-rapid-response-settings.edit	EDIT	N/A
Integrations	third-party-integrations.edit	EDIT	N/A
Ticketing	ticketing-customer-settings.edit	EDIT	Edit ticketing customer settings
UI Settings	ui-customer-settings.edit	EDIT	N/A
UI Settings	ui-inactivity-settings.edit	EDIT	N/A
UI Settings	ui-settings.edit	EDIT	N/A
UI Settings	ui-user-app-settings.edit	EDIT	N/A
Settings	users.edit	EDIT	N/A
Settings	user-list.edit	EDIT	N/A
USERS	user-password.edit	EDIT	N/A
USERS	user-profile.edit	EDIT	N/A
INTERNAL_UNCATEGORIZED	dev-task.exec	EXEC	N/A
INTERNAL_UNCATEGORIZED	es-query.exec	EXEC	N/A
Captures / Investigate	secure.rapid-response.exec	EXEC	Use rapid response
INTERNAL_ADMIN	protobuf.export	OTHER_MUTATOR	N/A
INTERNAL_ADMIN	impersonate.edit	EDIT	N/A
Data Access Settings	ingest.prws	OTHER	N/A
Data Access Settings	ingest.prws.controlled	OTHER	N/A
Captures / Investigate	secure.rapid-response.kill	KILL	N/A
INTERNAL_SERVICE	metrics-descriptors.manage	MANAGE	Manage metrics descriptors, which are unique combinations of metrics and labels that create a time series. For example, sysdig_container_cpu_used_percenthost_hostname=foo,region=bar.
INTERNAL_UNCATEGORIZED	quartz-jobs.manage	MANAGE	N/A
Settings	secure.risk-spotlight-integration-tokens.manage	MANAGE	Manage risk spotlight integration tokens from the UI
Settings	access-keys.read	READ	N/A
Scanning (Legacy)	agentscanning.config.read	READ	N/A
Settings	agent-installation.read	READ	Get agent access key (required for agent installation)
Settings	agreement.read	READ	N/A
Settings	api-token.read	READ	Access users API token in scope of a team
INTERNAL_UNCATEGORIZED	audit-trail-events.read	READ	N/A
Settings	aws-settings.read	READ	Access AWS settings
Settings	azure-settings.read	READ	N/A
Settings	beacon-configuration.read	READ	N/A
Settings	certman.read	READ	N/A
Settings	cloud.accounts.read	READ	Access cloud accounts
Costs	cost-advisor.read	READ	Access Cost Advisor
INTERNAL_SERVICE	cost-digest.read	READ	Read cost digest enabled customers
Costs	cost-explorer.read	READ	Access Cost Explorer
Costs	cost-reports.read	READ	Access cost reports
INTERNAL_SERVICE	customer-by-accesskey.read	READ	N/A
Settings	customer-plan.read	READ	N/A
Settings	customer-teams.read	READ	Access and list teams data
USERS	user-deactivation-configuration.read	READ	Access user deactivation configuration
Events	custom-events.read	READ	Access the infrastructure and other events created by Sysdig Agent or Sysdig API
ROLE_MANAGEMENT	custom-team-roles.read	READ	N/A
Dashboards	dashboard-metrics-data.read	READ	Access metrics data associated with a dashboard.
Data Access Settings	datastream.read	READ	Access data stream configuration
INTERNAL_SERVICE	data-api-settings.read	READ	N/A
INTERNAL_SERVICE	data-throttling-settings.read	READ	N/A
Settings	downtimes.read	READ	List alert downtimes for the customer
Settings	events-forwarder.read	READ	Access event forwarding configuration
Explore / Metrics	explore.read	READ	Metric querying with Explore
INTERNAL_UNCATEGORIZED	external-links.read	READ	N/A
Integrations	file-storage-config.read	READ	N/A
Settings	global.service-accounts.read	READ	N/A
Settings	global-service-account-notification-settings.read	READ	N/A
Data Access Settings	groupings.read	READ	Access default and custom groupings
Settings	group-mappings.read	READ	Access mapping of users IDP groups to Sysdig teams/roles
Integrations	helmsrenderer.read	READ	Access Helm-renderer component. During cloud account setup in Secure, the wizard calls the Helm Renderer to generate the Terraform snippet.
Data Access Settings	history-data.read	READ	N/A
INTERNAL_UNCATEGORIZED	impersonate.read	READ	N/A
Integrations	infrastructure.read	READ	View discovered infrastructure
Integrations	integrations.read	READ	View discovered workload integrations
Settings	ip-filters.read	READ	Access IP Filter configuration
Advisor	kubernetes-api-commands.read	READ	Kubernetes API feature
Advisor	live-logs.view	VIEW	Access Live Logs feature
Settings	login-banner.read	READ	N/A
Data Access Settings	mds.read-metadata	READ	N/A
Settings	memberships.read	READ	Access team members
Data Access Settings	metadata-defaults.read	READ	N/A
Data Access Settings	metrics-data.read	READ	Access metrics data associated with a time series.
Data Access Settings	metrics-descriptors.read	READ	Access metrics descriptors, which are unique combinations of metrics and labels that create a time series. For example, sysdig_container_cpu_used_percenthost_hostname=foo,region=bar.
Get Started	onboarding.read	READ	N/A
Advisor	overviews.read	READ	Access Advisor
Settings	payment-details.read	READ	N/A
ROLE_MANAGEMENT	permissions.read	READ	N/A
INTERNAL_ADMIN	service.platform-alerts-settings.read	READ	Read platform alerts settings
Integrations	promcat.integrations.read	READ	Access monitoring integration type or status
Data Access Settings	promql-metadata.read	READ	Access Prometheus metrics and labels
Integrations	providers.read	READ	Related to cloud account setups (both Metric Stream and Cost Private Pricing).
Scanning (Legacy)	scanning.read	READ	Read scan results
Scanning (Legacy)	scanning.retention.read	READ	N/A
Get Started	secure.onboarding.read	READ	N/A
Settings	secure-settings.read	READ	N/A
Settings	service-account.read	READ	Access service accounts in scope of a team
Settings	service-account-notification-settings.read	READ	N/A
Integrations	spotlight.read	READ	Access spotlight
Settings	subscription.read	READ	Access customer subscription details
Settings	sysdig-storage.read	READ	View Sysdig storage configuration
INTERNAL_UNCATEGORIZED	teams.read	READ	N/A
Settings	team-agent-cli-settings.read	READ	See the agent console access settings for a team
Settings	team-capture-settings.read	READ	See the capture settings for a team
Settings	team-rapid-response-settings.read	READ	N/A
INTERNAL_UNCATEGORIZED	team-search.read	READ	N/A
Integrations	third-party-integrations.read	READ	N/A
Ticketing	ticketing-customer-settings.read	READ	Read ticketing customer settings
UI Settings	ui-customer-settings.read	READ	N/A
UI Settings	ui-inactivity-settings.read	READ	N/A
UI Settings	ui-settings.read	READ	N/A
UI Settings	ui-user-app-settings.read	READ	N/A
Settings	users.read	READ	Access existing users data
Settings	user-list.read	READ	See the list of users for a customer
USERS	user-profile.read	READ	N/A
Captures / Investigate	secure.rapid-response.sessions.read.all	READ	N/A
Settings	agreement.sign	SIGN	N/A
INTERNAL_UNCATEGORIZED	system-support.edit	EDIT	N/A
INTERNAL_ADMIN	agent-availability.toggle	TOGGLE	N/A
INTERNAL_UNCATEGORIZED	track.event	OTHER_MUTATOR	N/A
ROLE_MANAGEMENT	custom-team-roles.update	UPDATE	N/A
Sage	sage.exec	EXEC	Sysdig Sage chat
Integrations	promcat.integrations.validate	VALIDATE	Change monitoring integration status to Pending Metrics

Administration

Access & Identity

Account & Licensing

Network & Connectivity

Operations & Maintenance

Security & Compliance

Shield & Backend

Legacy

Sysdig Monitor System Roles

Admin

Administration

Access & Identity

Account & Licensing

Network & Connectivity

Operations & Maintenance

Security & Compliance

Shield & Backend

Legacy

​Sysdig Monitor System Roles

​Admin

Sysdig Monitor System Roles

Admin