CONFIGURE FLARE

Roles & Permissions

7 min

this document describes what each team member role can and cannot do within the flare platform to ensure clarity for operational workflows and onboarding organization level roles flare uses organization level roles to manage access and responsibilities across your entire account organization admin this role has full administrative control across all tenants in your organization org admins can create and manage tenants, assign tenant level admin and other roles, configure tenant & organization wide integrations (including sso), and oversee user management at the organization level regular member this role allows users to participate within tenants of the organization, with access and actions determined by the specific tenant level roles (tenant admin, tenant editor, tenant viewer) assigned to users within each tenant you can have more information in the tenant level roles section below org admin regular members create & manage tenants ✅ ❌ assign tenant admin(s) ✅ ❌ tenant level roles flare uses tenant level roles to control what users can do within each tenant under a specific organization these roles determine access for regular members to features, data, and actions within a specific tenant tenant level roles ensure your team members have the right level of access based on their responsibilities , while maintaining security and operational clarity across your flare environment ✅ can edit 🔍 read only access ❌ no access tenant admin tenant editor tenant viewer manage users within tenant ✅ ❌ ❌ manage integrations (alert channels) ✅ ❌ ❌ manage email alert channels ✅ ✅ ❌ manage identifier(s) ✅ ✅ 🔍 manage report(s) ✅ ✅ 🔍 remediate/ignore event(s) & credential(s) ✅ ✅ ❌ view passwords for credentials 🔍 🔍 🔍 validate credentials (entraid) ✅ ✅ 🔍 use global search (scoped by tenant) ✅ ✅ ✅ use threat flow ✅ ✅ ✅ api access (create/merge api keys) ✅ ✅ ✅ takedown requests ✅ ✅ ❌ when adding a member to a new tenant, you’ll now see an overview of the key permissions they can access for the complete list of available permissions, refer to the table above if you want more information on how to add a member and assign a specific role, you can go to the dedicated section team docid 4xeiipg1bvef7a2buan9 faq can a tenant admin assign another tenant admin? no only an organization administrator (org admin) can grant or revoke the tenant admin role tenant admins cannot promote other users to tenant admin within their tenant—this prevents privilege escalation and maintains separation of duties can a tenant admin create a new tenant? no only an org admin can create tenants within the organization tenant admins can manage settings and users for the tenants they’re assigned to, but they cannot create additional tenants can a tenant admin add a user not already added to the org? yes what if a tenant admin is adding member that already exists in the org? if the email is already registered in the organization, the existing account will be added to the tenant the first and last name entered will not update their existing details within the organization for more details on the tenant admin role capabilities, check out this storylane walkthrough related articles