Category filter
XDR Access Control: Managing Technicians and Roles
The Hexnode XDR portal serves as the centralized command center for monitoring security alerts, managing endpoints, and configuring organizational security posture. Effective security management relies on Role-Based Access Control (RBAC) to ensure that IT administrators have the precise level of access required for their specific responsibilities, preventing unauthorized changes and mitigating internal risks.
Understanding Technicians and Roles
In Hexnode XDR, Technicians are the IT administrators authorized to access the portal. Each technician is governed by a Role, which defines their functional scope and permission levels.
Predefined Roles in Hexnode XDR
Hexnode XDR provides four built-in roles tailored to common IT security workflows:
| Role | Description |
|---|---|
| Super Admin | The primary account holder with unrestricted access to all portal features, including managing all other technicians. There can be only one Super Admin in the portal. This role is unique and cannot be reassigned or modified. |
| Admin | Has complete access to all portal features. Multiple admins can be created. |
| Reports Manager | Has access only to the Dashboard and Reports tabs for monitoring and analysis. |
| Auditor | Has full access to the Dashboard and Reports tab, along with limited access to all other tabs for threat investigation and compliance monitoring. |
How to Create a New Technician?
To add a new technician in Hexnode XDR:
- Login to the Hexnode XDR portal.
- Navigate to Settings > Access Control > Technicians.
- Click Add Technician.
- Configure Profiles: Enter the First Name, Email (required), and optional details (Last Name, Phone, Organization).
- Assign Role: Select a predefined role from the dropdown menu.
- Save: An automated invitation link will be sent to the technician’s email (valid for 24 hours).
Technician Management Lifecycle
Super Admins and Admins can perform lifecycle management tasks to maintain portal security.
1. Modifying Technician Profiles
Update roles or contact information as administrative responsibilities evolve.
- Path: Settings > Access Control > Technicians > Three-dots icon > Edit Technician.
Super Admin roles and emails cannot be changed.
2. Resending Activation Links
If an invite expires (after 24 hours) or is lost:
- Path: Settings > Access Control > Technicians > Three-dots icon > Resend account activation link.
3. Deactivating Access (Temporary)
To suspend access without deleting the account (e.g., during leave or investigation):
- Path: Settings > Access Control > Technicians > toggle the Status switch to ‘Off’ in the Technicians list.
- Reactivation: Toggle the switch back to ‘On‘ and complete authentication.
4. Deleting Technicians (Permanent)
To permanently revoke access for offboarding:
- Path: Settings > Access Control > Technicians > Three-dots icon > Delete Technician.
- Authentication: Requires a confirmation dialogue and security authentication.
- The Super Admin account cannot be edited, deleted, or disabled by any other technician.
- While a Super Admin can edit their own profile, their Email and Role are fixed.
