Meta pixel

Fleet documentation

Welcome to the documentation for Fleet, an open-source osquery management server.

search
Install Fleet

Install osquery and Fleet

Get started right arrow
Fleet support

Can't find what you need?

Support right arrow

{{page.title}}

{{thisPage.title}}

Permissions

Users have different abilities depending on the access level they have.

Users with the Admin role receive all permissions.

User permissions

Action Observer Maintainer Admin
View all activity
View all hosts
Filter hosts using labels
Target hosts using labels
Add and delete hosts
Transfer hosts between teams*
Create, edit, and delete labels
View all software
Filter software by vulnerabilities
Filter hosts by software
Filter software by team*
Manage vulnerability automations
Run only designated, observer can run ,queries as live queries against all hosts
Run any query as live query against all hosts
Create, edit, and delete queries
View all queries
Add, edit, and remove queries from all schedules
Create, edit, view, and delete packs
View all policies
Filter hosts using policies
Create, edit, and delete policies for all hosts
Create, edit, and delete policies for all hosts assigned to team*
Manage policy automations
Create, edit, view, and delete users
Add and remove team members*
Create, edit, and delete teams*
Create, edit, and delete enroll secrets
Create, edit, and delete enroll secrets for teams*
Edit organization settings
Edit agent options
Edit agent options for hosts assigned to teams*

*Applies only to Fleet Premium

Team member permissions

Applies only to Fleet Premium

Users in Fleet either have team access or global access.

Users with team access only have access to the hosts, software, schedules, and policies assigned to their team.

Users with global access have access to all hosts, software, queries, schedules, and policies. Check out the user permissions table above for global user permissions.

Users can be a member of multiple teams in Fleet.

Users that are members of multiple teams can be assigned different roles for each team. For example, a user can be given access to the "Workstations" team and assigned the "Observer" role. This same user can be given access to the "Servers" team and assigned the "Maintainer" role.

Action Team observer Team maintainer Team admin
View hosts
Filter hosts using labels
Target hosts using labels
Add and delete hosts
Filter software by vulnerabilities
Filter hosts by software
Filter software
Run only designated, observer can run ,queries as live queries against all hosts
Run any query as live query
Create, edit, and delete only self authored queries
Add, edit, and remove queries from the schedule
View policies
View global (inherited) policies
Filter hosts using policies
Create, edit, and delete policies
Add and remove team members
Edit team name
Create, edit, and delete team enroll secrets
Edit agent options

Is there something missing?

If you notice something we’ve missed, or that could be improved, please click here to edit this page.