🧭 Overview

In SpyCloud’s console, access to user, organization, and license settings is controlled through two built-in roles you can assign to each member of your security team:

• Admin – intended for Sec-Tool administrators and SOC leads who need to create enterprise users, reset passwords, assign Investigation (INV) seats, and view or update organization configuration.
• Operator – designed for Tier 1 & 3 analysts who need to investigate data but should not change users, organizations, or licensing.

Assigning the appropriate role ensures that every action – from adding an enterprise operator to pausing a user account – is allowed only for the people who need it. The permissions matrix below details exactly what each role can and cannot do. Behind the scenes, every check is enforced by SpyCloud’s fine-grained authorization (FGA) engine, so least-privilege access is applied consistently across the UI and API.

This article lists the SpyCloud roles and their capabilities. For step-by-step instructions on granting a role, see Assigning and Updating Roles.

🔧 Assigning and Updating Roles

Prerequisite: Must be an Admin

Assign roles while adding new users to your organization

From the role dropdown, simply select your role, and it will take effect once you “Add User.”

👇ADD ROLE ON USER CREATION

Update roles for existing users from your organization

From the users table under Configuration, click the options button on the right-hand side and then select Edit.

👇USER OPTIONS MENU

From the role dropdown, simply select your role and it will take effect once you “Save Changes.”

👇UPDATE ROLE IN EDIT SECTION