Roles in Cortex XSOAR
The default admin is the super user role in XSOAR. Administrator, Analyst, and Read-Only roles are defined by the read-write level of access to XSOAR components.
A role is a set of permissions that determine which actions and resources users within that role are granted access in Cortex XSOAR. Users are assigned to at least one role, depending on their required level of access.
You can add as many roles as you require, by clicking
New. To create a new role, see define a role. Follow the same steps when editing a role. When defining a new role, you can add permissions, SAML and AD Roles, define shift periods and so on.
Cortex XSOAR has the following assigned roles:
Read/Write permissions for all components and access to all pages.
Default administrators have the same permissions as administrators with a few additional permissions such as view audit log incidents. Default administrators are usually used for troubleshooting.
Mix of Read and Read/Write permissions for all components and access to all pages.
Read permissions for all components and access to all pages.
You can view and change the following permission levels as required:
No access to the specified component.
Can view but not edit the specified component.
Can view and edit the specified component.
Default administrators are usually used for troubleshooting, they are not counted as license users, cannot be deleted, and are also tenant administrators.
From version 6.5 and above, the default administrator can view all incidents (including those that are marked as restricted) and view modifications to restricted incidents in the Audit Trail. To prevent the default administrator from viewing these restricted incidents, set the
The following table describes the administrator and default administrator permissions:
Users and Roles
Default Administrator) Trigger the integration
Run all automations.
View all tenant accounts.
Default Administrator) Delete file entries from the file system
Recommended For You
Recommended videos not found.