End-of-Life (EoL)

Define a Role

Follow these steps to define a new role in Cortex XSOAR.
Cortex XSOAR comes with three roles with default permissions. You can add as many new roles and combine them with other roles, such as single sign on.
  1. In the
    tab, click
  2. In the
    Role name
    field, type the name for the new role.
  3. Select the category permissions.
    Sets the permission level generally for investigations or set different permission levels for data and chats. You can also limit the role to exclude executing potential harmful actions when building your own integrations.
    Incident table actions
    Limits table actions in the
    page, such as delete, edit, close and so on.
    Limits permissions for managing jobs.
    Limits permissions for managing scripts. If the user has read/write permissions you can enable users to create scripts that run as a Super User.
    In the
    page, you can define which roles are permitted to run an automation, and according to which role the automation executes.
    Limits permissions for creating, editing and deleting Playbooks.
    You can also add, change, and remove roles from a playbook when clicking
    in the
    page.There are several notes and limitations you should familiarize yourself with when assigning roles to playbooks.
    You can set the permission level generally for all settings or split them according to the following:
    : includes invitations and editing permissions.
    : whether a user can add, edit or delete instances.
    : whether a user can add, edit, or delete credentials.
    Limits permissions for server configurations, editing layouts for indicators and incidents, integration permissions, audit trails and the password policy.
  4. In the
    Page Access
    section, select the pages you want the user to have access.
  5. To assign the role to an active directory group, in the
    AD Roles Mapping
    section, from the drop down list, select the group as required.
  6. To assign a role to a single sign on group, in the
    SAML Roles Mapping
    section, from the drop down list, select the group as required.
    To associate roles to an AD or SAML group, you need to add a SAML instance and configure your identity provider.
    Users can log into Cortex XSOAR with their Active Directory or SAML user name and passwords. Their permission in Cortex XSOAR is set according to the groups and mapping set in Active Directory or SSO. For more information, Authenticate Users with SAML 2.0.
  7. If you want to associate the role with another role, in the
    Nested Roles
    section, from the drop down list, select the nested role, as required.
    Nested Role
    overrides any settings you select in the
  8. To add a shift period of work to the role, in the
    field, click
    + Add Shift
    and define the required period.
    Weekly shifts start on Sunday and specified in the UTC time zone.
  9. Click

Recommended For You