Roles give system administrators finer control over what users can do and see on an appliance. Each user account is associated with a single role, which is a collection of the capabilities that allow the user to perform certain operations. The following roles are provided:
admin The system administrator is a super user who has all capabilities except those that allow access to the FireEye Web services API. The primary function of this role is to configure the system.
monitor The system monitor has read-only access to some things the admin role can change or configure, and has access to some malware analysis functions.
operator The system operator has a subset of the capabilities associated with the admin role. Its primary function is configuring and monitoring the system.
analyst The system analyst focuses on the detection of malware and taking appropriate action, including setting up alerts and reports.
auditor The system auditor reviews audit logs and performs forensic analysis to trace how events occurred.
api_analyst, api_monitor Web services API roles. The api_analyst and api_monitor roles must be
assigned from the Web UI or CLI of the appliance. Users with these roles cannot log into the CLI or the Web UI. Users with any other role (including the admin role) cannot access the API.
fe_services The system analyst focuses on providing FireEye as a Service (FaaS).