Purpose
This article provides a summary of assignable roles that are available when creating new users in BloodHound.
Creating users
Users are created through Settings ⚙️ → Administration → Manage Users, and clicking the button Create User.
The following properties must be set on each user:
Property | Description |
Email Address | Text field for the user's email address. |
Principal Name | Text field for the username used for logging into BloodHound. Can be the same as email address. |
First Name | Text field for the user's first name. |
Last Name | Text field for the user's first name. |
Authentication Method |
Drop-down selection for one of the available authentication methods to be used for the user.
Read more in the article SAML in BloodHound Enterprise. |
Initial Password | Text field for the user's initial password. |
Force Password Reset? |
Selecting this check box forces the user to reset their password on the next logon. Must comply with password requirements:
|
Role |
Drop-down selection for one the available roles. For role access control definitions, see User Role Definitions. |
User Role Definitions
BloodHound offers multiple roles for access control. Each user must be assigned one role.
Administrator | Power User | User | Read-only | Upload-only | |
Tenant Administration | |||||
View, Add, Remove, and Modify users | X | - | - | - | - |
View, Add, Remove, and Modify API keys | X | - | - | - | - |
View, Add, or Remove SAML provider configurations | X | - | - | - | - |
Clear the BloodHound database | X | - | - | - | - |
View audit log | X | - | - | - | - |
Attack Path Analysis | |||||
View any available tenant data, including active Attack Paths [BHE], and explore the Graph | X | X | X | X | - |
Mute Attack Path Impacted Principals [BHE] | X | X | - | - | - |
Modify Tier Zero / High Value Members | X | X | - | - | - |
Collector Clients and File Ingest | |||||
Download collector installation packages |
X | X | X | X | X |
View collector client details [BHE] |
X | X | X | - | - |
Run collector client on demand scan [BHE] | X | X | - | - | - |
Add collector client [BHE] | X | X | - | - | - |
Modify collector client [BHE] | X | X | - | - | - |
Remove collector client [BHE] | X | X | - | - | - |
Regenerate collector client credentials [BHE] | X | X | - | - | - |
File ingest |
X | X | - | - | X |
Updated