How this manual is structured
Each page covers one capability area with production-oriented workflows, reference tables, field behavior, and troubleshooting guidance. Pages are organized from platform setup through day-two operations and exception handling.
- Foundations — Identity, tenant structure, and account setup. Use these pages before rollout or when validating access and scope behavior.
- Core Operations — Host control, monitoring, patching, workflows, and elevated access. These pages cover the daily execution loop and its common failure modes.
- Service Management — Incident, escalation, change, and request workflows for teams that need governed service operations.
- Security & Compliance — Compliance checks, remediation, vulnerability handling, anomaly detection, and service dependency context.
- Discovery & Network — Network discovery and device monitoring for infrastructure that cannot or should not run an agent.
- Administration — Active Directory, agent lifecycle operations, evidence capture, and platform integration points.
Quick start guide
Use this sequence when validating a new environment or establishing your first known-good operating path.
- Validate identity and scope first. Confirm account, organization, MFA, and role context before touching operational features. See IDP & Tenant Management and Accounts, Orgs & Locations.
- Bring hosts online and verify telemetry. Deploy agents or discovery probes, then confirm heartbeat, inventory, and host placement are correct before enabling automation. See Host Management and Agentless Discovery.
- Test execution on a safe target. Run a diagnostic or controlled workflow to validate job dispatch, permissions, and result capture. See Workflows & Jobs.
- Establish your guardrails. Review alerting, maintenance controls, patch policy, and access rules before broad rollout. See Monitoring & Alerts, Patch Management, and PAM & Credential Vault.
- Confirm evidence and exception paths. Validate audit records, remediation outcomes, and how unresolved issues escalate. See Audit & Webhooks Software & Licenses, Remediation & Runbooks, and SLA & ITIL Operations.
Permission model
Cadres uses role-based access control. Every state-changing UI action and API operation is gated by permission, scope, and assignment resolution. L3 engineers should understand this model before troubleshooting “missing” actions or access failures.
How it works
- Roles are collections of permission keys. Custom roles can be created from scratch or cloned from built-in templates (Helpdesk Technician, Read-Only Auditor, etc.).
- Scope determines reach. Account-scoped roles grant access across all organizations. Org-scoped roles restrict access to a single organization.
- Assignments link a role to a user or group. Assignments can have expiration dates for time-limited access (e.g. contractor engagements). Expired assignments are automatically deactivated.
- Additive resolution means all assigned roles are merged. If any role grants a permission, the user has it. There is no "deny" — remove the role to revoke access.
- Group inheritance — users inherit permissions from all groups they belong to. Group assignments are resolved at request time alongside direct assignments.
Permission domains
| Domain | Keys | Controls |
|---|---|---|
| Hosts | hosts.view, hosts.manage |
Host listing, details, service/process/user control, diagnostics |
| Host Groups | host_groups.view, host_groups.create, host_groups.manage |
Group creation, membership, service groups, tiers |
| Alerts | alerts.view, alerts.manage |
Alert rules, triage, incidents, remediation, runbooks |
| Fingerprints | fingerprints.view, fingerprints.manage |
Policies, baselines, drift events |
| Patches | patches.view, patches.manage |
Patch policies, deployments, approvals, maintenance windows |
| Jobs | jobs.view, jobs.create, jobs.cancel |
Script execution, job history, cancellation |
| Workflows | workflows.view, workflows.manage |
Workflow definitions, execution, scheduling |
| Roles | roles.view, roles.create, roles.edit, roles.delete |
Role definitions, permission configuration |
| Access Grants | access_grants.view, access_grants.manage |
Role assignments to users and groups |
| IDP | idp.view, idp.manage |
User management, groups, SAML SSO, security settings |
| Monitoring | monitoring.view, monitoring.configure |
Monitoring configuration and metric definitions |
| Settings | settings.view, settings.manage |
Account settings, feature flags, org configuration |
| Audit | audit.view |
Audit log access |
Platform operations flow
The five-phase operating loop supported by Cadres, from asset onboarding through controlled execution, validation, and reporting.
Module status
All 24 manual pages are available. Each page is intended to function as an L3 reference for setup, execution flow, validation evidence, and troubleshooting.
IDP & Tenant Management
Available
Accounts, Orgs & Locations
Available
Host Management
Available
Monitoring & Alerts
Available
Fingerprint & Drift
Available
Patch Management
Available
Workflows & Jobs
Available
PAM & Credential Vault
Available
Remote Access
Available
Software & Licenses
Available
SLA & ITIL Operations
Available
Change Management
Available
Service Catalog
Available
Compliance (CIS/STIG)
Available
Remediation & Runbooks
Available
Vulnerabilities & Certs
Available
Security & Forecasting
Available
Service Map
Available
Agentless Discovery
Available
SNMP Monitoring
Available
Active Directory
Available
Agent Management
Available
Audit & Webhooks
Available
Feature snapshot
Visual reference for the platform dashboard used throughout the manual.
Overview dashboard showing host health, issue pressure, execution state, and approvals.