Back to Floor
The War Room • Room 3
ES Roles & Access Control
ES ships with several built-in roles that control dashboard access and functionality:
**ess_admin** — Full administrative access: manage correlation searches, configure settings, and modify navigation. **ess_analyst** — Investigate, triage notable events, and run adaptive response actions. **ess_user** — Read-only view of dashboards and notable events.
Custom roles can be created inheriting from these base ES roles. Navigation items can be hidden per-role, limiting what each team sees.
Knowledge Check
Prove your understanding to clear the room (Rewards XP)
Describe the ES role hierarchy.
The ______ role has full administrative access to ES settings, while the ______ role is limited to investigating and triaging notable events.