In the Security Roles section of your PhishER Settings, you can set the access that users have to your PhishER console. You can add KSAT users to PhishER, create Security Roles to grant or restrict access to PhishER features, and assign Security Roles to your users.

Users

The Users subtab displays all the users who can manage your PhishER console. To add a new user to your console, follow the steps below:

1. Log in to your PhishER console.
2. Navigate to Settings > Users.
3. Click the Add New User button in the top-right corner of the page. The Add New PhishER User pop-up window will open.
4. In the Add New PhishER User pop-up window, enter the KSAT email address of the user you would like to add.
5. Click Add to add the user to PhishER.

After you’ve added the user, you can grant them access to your PhishER console and assign Security Roles to them from the Users subtab. For more information about this subtab, see the screenshot and list below:

1. Name: This column displays the name associated with the user’s KSAT email address.
2. Security Roles: This column displays the Security Roles assigned to the user.
3. Last Login: This column displays the date and time of when the user last logged in to PhishER.
4. Created At: This column displays the date and time of when the user was added to PhishER.
5. Has PhishER Access: This column indicates if the user has access to PhishER. You can hover your mouse over the clipboard icon to view the PhishER user who granted the access and the date of when they granted the access.
6. Actions: You can click the vertical ellipsis icon and select an option to edit a user’s PhishER access. To learn about the options, see the list below:
   • Grant PhishER Access: Click this button to grant the user access to your PhishER console.
   • Revoke PhishER Access: Click this button to remove the user's access to your PhishER console.
   • Delete User: Click this button to delete the user from your PhishER console.
   • Update Security Roles: Click this button to open the Update Assigned Security Roles pop-up window. In the Assigned Security Roles field, enter a Security Role, then select it from the list. Click Save to update the Security Roles for that user.

Roles

The Roles subtab displays the Security Roles you’ve created in your console. You can use Security Roles to allow your PhishER users to view and manage specific areas of your console. To create a new Security Role, follow the steps below:

1. Log in to your PhishER console.
2. Navigate to Settings > Roles.
3. Click the Add New Role button in the top-right corner of the page. The New Security Role pop-up window will open.
4. In the New Security Role pop-up window, set up your Security Role. For more information, see the screenshot and list below:
   1. Name: In this field, enter a name for your Security Role.
   2. Limited or Full: For each PhishER section, select whether this Security Role will grant Limited or Full access to the user. You’ll need to select an access type for each section to save the Security Role. To learn about the difference between Limited or Full access for each area, see the table below:

      Section Name	Limited Access	Full Access
      Rooms	Users can access the Inbox, Reports, and Dashboard pages. Users can use the search bar.	Users can access the Inbox, Reports, and Dashboard pages. Users can use the search bar. Users can save a query as a PhishER room from the Inbox page. Users can delete a room.
      Inbox	Users can access the Inbox page. Users can access the Message Details page if the Inbox Message Details Access check box is selected.	Users can access the Inbox page. Users can access the Message Details page if the Inbox Message Details Access check box is selected. Users can access the Rule Replay option. Users can send emails. Users can set the Category, Status, and Priority fields.
      Rules	Users can access the Rules tab to view PhishER rules. Users can access the Allow Rule Replay button if the Allow Rule Replay check box is selected.	Users can access the Rules tab to view PhishER rules. Users can access the Allow Rule Replay button if the Allow Rule Replay check box is selected. Users can create, delete, disable, enable, and preview PhishER rules. Users can update rules, including a rule’s name, description, tags, target, and YARA rules.
      Actions	Users can access the Actions tab to view and save the order of PhishER actions and QuickActions.	Users can access the Actions tab to edit, view, create, update, delete, run, and save the order of PhishER actions and QuickActions.
      PhishRIP	Users can access the PhishRIP Messages, PhishRIP Queries, and Message Details pages. Users can use the search bar. Users can access the Message Details page if the PhishRIP Message Details Access check box is selected.	Users can access the PhishRIP Messages, PhishRIP Queries, and Message Details pages. Users can use the search bar. Users can access the Message Details page if the PhishRIP Message Details Access check box is selected. Users can send emails. Users can quarantine, restore, and delete messages. Users can set the Status and Resolution fields. Users can access the PhishFlip option to create KSAT phishing templates and campaigns.
      Blocklist	Users can access the Blocklist tab. Users can filter the blocklist entries.	Users can access the Blocklist tab. Users can filter the blocklist entries. Users can view, create, and delete blocklist entries.
      Settings	Users can access the Reporting Emails, Email Server, Downloads, Data Retention, VirusTotal, Syslog, PhishML, and PhishRIP pages.	Users can view, edit, and update the Reporting Emails, Email Server, Data Retention, VirusTotal, PhishML, and PhishRIP pages. Users can access the Email Templates, Downloads, and Syslog pages. Users can view, edit, create, update, and delete email templates. Users can view, download, and delete Downloads files. Users can view, edit, create, update, and delete Syslog integration information.

   3. (Optional) Tag Limitations: In this field, you can enter tags. Users assigned to your Security Role will be able to view messages that contain the added tags only. This tag limitation applies to the Dashboard, Inbox, Rooms, and Reports pages.
   4. (Optional) Set As Default Security Role: You can select this check box to apply this Security Role to all existing users and new users in your PhishER console.
   
5. Click Save to create your Security Role. Then, you can assign the role to the users that you added to your PhishER console. For more information, see the Users section above.