What is a one sentence summary of your feature request?
Enable role-based permission for non-admin users to switch between NTP and NTM data sources during investigations.
Please describe your idea in detail. What is your problem, why do you feel this idea is the best solution, etc.
Currently, only Admin or Threat Responder roles can switch the investigation source (e.g., from NTM to NTP), even though this action is read-only and does not modify any data. This creates a limitation for organizations where multiple teams (e.g., audit, security analysts, reporting teams) need access to different data sources for investigation or reporting purposes but should not be granted elevated permissions.
As a result, customers are forced to either over-permission users (granting admin-level access unnecessarily) or restrict their ability to access relevant data, which impacts usability and operational efficiency.
A more flexible approach would be to introduce a role-based permission that allows users (e.g., Reviewer role) to switch investigation sources without granting full administrative rights. This would improve security posture by avoiding over-permissioning while enabling broader and more effective use of the platform for investigation and reporting use cases.
How do you currently solve the challenges you have by not having this feature?
Currently, users who require access to different data sources are unable to switch the investigation source unless they have elevated permissions. As a result, they need to rely on users with higher privileges to access or extract the required data, or use accounts with broader permissions than necessary.