The out-of-the-box (not editable) roles provided by BigPanda are Admin and User. Admins can create and/or duplicate an unlimited amount of these roles and set user permissions for each of their organization's available resources.
BigPanda provides two types of permissions for each resource:

Read - Provides Read-Only access to the resource.
Full_Access - Provides Full access to all actions related to the resource (ie: view, create, edit, duplicate, delete).

BigPanda Resource Permissions

Build roles within your organization using the permissions specific to each individual BigPanda resource.

Permissions	Specifications	Related Docs
`Search_Read`	Read access to BigPanda Unified search.	Unified Search
`Dashboards_Read` `Dashboards_Full_Access`	Read-only - view BigPanda Dashboards. Full access - customize and interact with BigPanda Dashboards.	Dashboards
`Analytics_Read`	Read-only - view BigPanda Analytics.	Analytics
`Integrations_Read` `Integrations_Full_Access`	Read-only - view BigPanda Integrations in the BigPanda Integrations tab. Full access - view, install, uninstall and/or work with integrations in the BigPanda Integrations tab.	Integrations
`Users_Read` `Users_Full_Access`	Read-only - view the list of Users in BigPanda Settings. Full access - view, add, edit and delete Users in BigPanda Settings.	Users
`Users/management_Read` `Users/management_Full_Access`	Read-only - view the User Management screen. Full access - view, add, edit and delete BigPanda Users. Requires Users_Full_Access.	User Management
`Users/roles_Read` `Users/roles_Full_Access`	Read-only - view the User Roles screen. Full access - view, add, edit and delete BigPanda User Roles.	User Roles
`Roles_Read` `Roles_Full_Access`	Read-only - view the Role Management section. Full access - view, add, edit and delete BigPanda Roles. Note: Add `Permissions_Full_Access` for access to these permissions.	Role Management Working with the Role Management Section
`Notifications_Read` `Notifications_Full_Access`	Read-only - view existing Autosharing settings in the BigPanda Settings. Full access - view, add, edit and delete Autosharing settings in the BigPanda Settings.	Notifications (AutoSharing)
`Custom_tags_Read` `Custom_tags_Full_Access`	Read-only - view existing custom tags in the BigPanda Settings. Full access - preview and create new and inactive Extraction and Composition tags in the BigPanda Settings.	Custom Tags
`Correlations_Read` `Correlations_Full_Access`	Read-only - view existing correlation patterns in the BigPanda Settings. Full access - preview and create new correlation patterns in the BigPanda Settings.	Correlation Patterns
`Quotas_Read` `Quotas_Full_Access`	Read-only - view existing rate limitations in the BigPanda Settings. Full access - view and edit rate limitations in the BigPanda Settings.	Quota Sharing
`Apikeys_Read` `Apikeys_Full_Access`	Read-only - view the existing API Keys in the BigPanda Settings. Full access - view existing API keys and name, assign and describe new API keys in BigPanda Settings.	API Keys
`Sso_Read` `Sso_Full_Access`	Read-only - view the Single Sign-on section in BigPanda Settings. Full access - view, select, add, configure, validate and integrate a Single Sign-on provider in BigPanda Settings.	Single Sign-On
`Changes_Read` `Changes_Full_Access`	Read-only - view the Related Changes section in the incident details. Full access - view and mark changes as Suspect or Match.	Changes
`Topology_Read` `Topology_Full_Access`	Read-only - view the Topology section in the incident details. Full access - access and configure the Topology graph via the Topology UI API.	Topology
`Plans_Read` `Plans_Full_Access`	Read-only - view the Maintenance Plans section and the Plans V1 and Maintenance Plans V2 (Beta) APIs. Full access - view and interact with the Maintenance Plans section and use the Plans V1 and the Maintenance Plans V2 (Beta) APIs to configure maintenance plans. Use the Schedules API to define the specific start and end times of Plans configured with the Plans V1 API. Use these Read and Full permissions for both the Plans V1 API and the Maintenance Plans V2 API.	Maintenance Plans V1 API Maintenance Plans V2 (Beta) API Maintenance Plans V2 (Beta)
`Schedules_Read` `Schedules_Full_Access`	Read-only - view the Schedules API. Full access - use the Schedules API to define the specific start and end times of Plans configured with the Plans V1 API.	Schedules API
`Enrichments_Read` `Enrichments_Full_Access` `Enrichments-jobs_Read` `Enrichments-jobs_Full_Access`	Read-only - view the Enrichments API. Full access - use the Enrichments API to view and define mapping enrichments.	Enrichments API
`Audit_logs_Read`	Read-only - view the Audit Log API.*	Audit Log API
`Incident-tags-definitions_Read`	Read-only - View the Incident Tags section of the BigPanda Settings.	[Incident Tags](https://docs.bigpanda.io/docs/incident-tags-beta
`Incident-tags-definitions_Full_Access`	Full access - View, create and edit incident tags in the Incident Tags section of the BigPanda Settings.	Managing Incident Tags

Granular Environment Permissions

BigPanda RBAC provides roles and permissions to control and manage access to different resources in BigPanda.
Granular RBAC applies exclusively to BigPanda Environments, defining permissions at the single environment level.
To set and assign Granular permissions, start with the name of the environment to which privileges will be assigned, followed by _Read and _Incident_Actions, ie: YourEnvironment_Read

🚧
Users must have access to at least one environment, either read-only or with actions, in order to be able to use BigPanda.

Permission	Description
`Environments_Full_Access`	Read, edit and delete actions for all environments. Full access to all enrichment tags and incident actions (ie: assign, snooze, share, comment) in all environments.
`Environments_Incident_Actions`	Full access to all enrichment tags and incident actions (ie: assign, snooze, share, comment) minus environment configuration in all environments.
`Environments_Read`	Read-only access to all enrichment tags and incident actions (ie: assign, snooze, share, comment) in all environments without the ability to change or submit any new incident action.
`<ENV_NAME>_Incident_Actions`	Granular - Full access to all enrichment tags and incident actions (ie: assign, snooze, share, comment) minus environment configuration in the specified environment(s).
`<ENV_NAME>_Read`	Granular - Read-only access to all enrichment tags and incident actions (ie: assign, snooze, share, comment) in the specified environment(s) without the ability to change or submit any new incident action.

📘
Replace <ENV_NAME> with the relevant environment name.