End-of-Life (EoL)

Limit Access to Investigations using RBAC

Follow these steps to limit access to investigations using Role-based Access Control.
When you define access to an investigation according to Cortex XSOAR’s roles, only users with that role can view and access the investigation.
  1. In the
    Incident
    page, select the incident you want to restrict access.
  2. In the CLI, type
    /incident_set roles=
    name of the role
    .
  3. To check that the role was assigned to the incident, click the
    War Room
    tab.
  4. (
    Optional
    ) For automations:
    • Use the
      setIncident
      command in a playbook.
    • Specify the roles that you want to have access to the incident investigation.

Recommended For You