🛡️ GuardFoxCopilot Documentation

User Management

Manage users, assign roles, and control access with RBAC.

Route: /admin

Role-Based Access Control

Overview

Role-Based Access Control (RBAC)

GuardFoxCopilot uses a 7-level role hierarchy. Higher roles inherit all permissions of lower roles.

RoleLevelTypical userKey permissions
READONLY1Executive / auditorView dashboards, reports
ANALYST2Junior SOCView alerts, SIEM, EDR
SOC_L13SOC Level 1Triage alerts, add notes
SOC_L24SOC Level 2Quarantine, forensics, SOAR
SOC_L35SOC Level 3Red team, advanced response
MANAGER6SOC ManagerUser management, reports
ADMIN7Platform adminFull access, settings, billing

What each role can access

  • ANALYST+ — Dashboard, SIEM, Alerts, EDR view, Threat Intel, Vuln Mgmt, Support
  • SOC_L2+ — Forensics, SOAR, AI Triage, Attack Surface, Compliance, Shift Handover
  • SOC_L3+ — Red Team BAS, Cloud Posture
  • ADMIN only — Data Sources, User Management, AI Provider settings, Billing

Managing users

How to use

Managing Users

Go to Administration → User Management (ADMIN role required).

Inviting a new user

  1. Click Invite User
  2. Enter their email address
  3. Select their role
  4. Click Send Invite

They receive an email with a sign-up link that expires in 48 hours.

Changing a user's role

  1. Find the user in the table
  2. Click the role dropdown
  3. Select the new role
  4. Confirm — the change takes effect on their next page load

Disabling a user

Click the Disable toggle. Their account is deactivated immediately — existing sessions are terminated within 60 seconds. The user cannot log in but their data and audit log entries are preserved.

SSO users (Azure AD / Okta)

SSO users are created automatically on first login. Their role defaults to ANALYST. An admin must manually upgrade the role if needed. Role mapping from Azure AD groups or Okta groups can be configured in Settings → SSO → Role Mapping.