---
title: Anthropic Compliance admin role assignment granted
description: Datadog, the leading service for cloud-scale monitoring.
breadcrumbs: >-
  Docs > Datadog Security > OOTB Rules > Anthropic Compliance admin role
  assignment granted
---

# Anthropic Compliance admin role assignment granted

{% alert level="danger" %}
This rule is part of a beta feature. To learn more, [contact Support](https://docs.datadoghq.com/help/).
{% /alert %}
Classification:attackTactic:[TA0004-privilege-escalation](https://attack.mitre.org/tactics/TA0004)Technique:[T1098-account-manipulation](https://attack.mitre.org/techniques/T1098) 
## Goal{% #goal %}

Detects when an admin role is directly assigned to a principal using the Compliance API's `role_assignment_granted` activity.

## Strategy{% #strategy %}

This rule monitors Anthropic Compliance activities for `role_assignment_granted` where `@role` resolves to one of `admin`, `owner`, `primary_owner`, or `membership_admin` — either unprefixed or under a resource namespace (e.g. `chat_project:owner`, `platform:admin`). Unlike the invite-acceptance flow, this activity captures direct administrative grants (and re-grants) including the affected `@target_id`, `@target_type`, `@resource_type`, and `@resource_id`. High-fidelity signal for admin elevation.

## Triage and response{% #triage-and-response %}

- Confirm `{{@usr.email}}` is authorized to grant administrative roles.
- Identify the principal receiving the role using `@target_id` and `@target_type`.
- Verify the resource scope of the assignment using `@resource_type` and `@resource_id`.
- Review the granted role against the principal's expected responsibilities.
- Examine the granting user's authentication history for compromise indicators.