Help CenterThreatLocker Access gives you full control over whether and how ThreatLocker staff can access your environment. No ThreatLocker staff member can view or modify your account unless you explicitly grant access. This ensures your environment remains private and protected at all times.
Non-technical ThreatLocker staff do not have access to your portal environment. This includes Sales staff and Account Managers.
By default, Solutions Engineers have Full Control access to your account. During your trial, we recommend keeping this setting at Full Control so Solutions Engineers can assist with onboarding and make changes on your behalf. You may reduce or remove this access at any time.
By default, the Cyber Hero support team has Read-Only access to your account. If you have Cyber Hero Management, the Cyber Hero support team will require Full Control access to perform management tasks.
ThreatLocker Access settings are configured per organization and apply to all customer accounts within that organization, ensuring consistent access control across your environment.
Changing Your ThreatLocker Access Settings
Only a Super-Admin on your ThreatLocker account can modify these settings. To change ThreatLocker staff access, first ensure you are managing the correct organization. Then, click the Help button in the upper-right corner of the ThreatLocker portal. Under either Solutions Engineer or Cyber Heroes, select Full Control, Read-Only, or None.
- Full Control - This gives the selected staff group full access to view and make changes to your account.
- Create/edit/delete policies in Application Control
- Create/edit/delete Store items
- Create custom rules in applications
- Create/edit/delete policies in Patch Management
- Patch now/skip patching/ abort patch
- Create/edit/delete policies in Storage Control
- Create/edit/delete monitored paths
- Create/edit/delete storage devices
- Create/edit/delete policies in Network Control
- Create/edit/delete Auth Hosts
- Create/edit/delete Tags
- Create/edit/delete Configuration Manager policies
- Create/edit/delete policies in Endpoint Detect
- Create/edit/delete policies in Cloud Detect
- Create/edit/delete policies in Web Control
- Place computers into a temporary maintenance mode
- Update ThreatLocker agent versions
- Enable/disable options
- Copy policies from all modules
- Create/edit/delete/invite administrators
- Create/edit/delete computer groups
- Create/edit/delete mobile devices
- Create/edit Advanced Settings
- Create/edit/delete local administrators and policies
- Install new computers
- Create/edit/delete login settings
- Create/edit/delete API users
- Create/edit/delete integrations
- Create/edit/delete organizations
- Create/edit/delete billing contacts
- Create/edit/delete payment details
- Create/edit/delete tax certificates
- Create mutual action plans (only visible once one has been created)
- Respond to approval requests
- Respond to Detect alerts
- Deploy policies
- Enable/disable products
- Read-Only - Allows the selected staff group to view your environment without making changes, such as reviewing policies, audit activity, and configuration status.
- None - This setting will prevent the selected staff group from viewing or modifying your account in any way and ensures that ThreatLocker staff has no access to your account.
Please note: ThreatLocker Staff will be unable to change this setting on your behalf.
To allow the Cyber Heroes or your Solutions Engineer to view your account, you will need to enable 'Read-Only' access. You can do this at the time you need assistance and turn the access back to 'None' after you have been assisted, if desired.
For the Cyber Heroes or Solutions Engineers to make any changes within your account, you will need to grant them 'Full Control'. As stated above, you can enable this during the time you are being assisted and then return the setting to 'None' when finished.
