Role-based Permission Levels
RBAC permission levels for Cortex XSOAR components, including
investigations, jobs, scripts, playbooks, and settings. Category
permission levels for user roles.
When editing rule based control (RBAC)
permission levels or creating new user roles you can set permission
levels to the following Cortex XSOAR components:
Component | Description |
|---|---|
Account Management ( Multi-tenant ) | Enables you to configure and manage the multi-tenant
deployment, such as add/delete a host, change hosts, move to HA
group, etc. If you have Read or read/write permissions, you can
select whether the role can sync content to tenant accounts. |
Data | Sets the permission level generally for data related
to investigations. When Read/Write is selected,
you can define the following:
For
example, if you want to enable chat in the War Room, but exclude
permissions for everything else, you should give the role Read/Write
permissions under Data but remove all other
granular data permissions. Also remove permissions in Integrations
(under Settings). This leaves the role with access to chat only. |
Exclusion List | Limits permissions when editing, creating,
or deleting an indicator in an exclusion list. |
Jobs | Limits permissions for managing jobs. Roles that
have read permissions to content items, retain partial read access.
If you do not want to retain partial read access, set the permission
to none. |
Scripts | Limits permissions for managing scripts. If
the user has read/write permissions, you can enable users to create
scripts that run as a Super User. In the Script page,
you can define which roles are permitted to run an automation, and
according to which role the automation executes. |
Playbooks | Limits permissions for creating, editing and deleting
Playbooks. You can also add, change, and remove roles from a playbook
when clicking Settings in the Playbooks page. There
are several notes and limitations you should familiarize yourself
with when assigning roles to playbooks. |
Settings | You can set the permission level generally
for all settings or split them according to the following: Users :
includes invitations and editing permissions.Integrations : whether
a user can add, edit or delete instances. Roles that have read permissions
to content items, retain partial read access. If you do not want
to retain partial read access, set the permission to none.Credentials : whether
a user can add, edit, or delete credentials. |
Administration | Limits permissions for server configurations, editing
layouts for indicators and incidents, integration permissions, audit
trails and the password policy. |
Propagation labels ( Multi-tenant) | Enables you to do the following: Read :
Enables you to select from existing propagation labels.Read/Write : Enables
you to create new and select from existing propagation labels |
Marketplace | View Marketplace : Enables you to
view the Marketplace.Install Content Pack : install,
upgrade, downgrade, and delete Content Pack content.Contribute
to Marketplace : Enables you to contribute a Content Pack in
the Contributions tab or generally. |
Page Access | Select the pages you want the user to have access
to. |
Default Dashboards | Select the default dashboards for each role.
If a user has not modified their dashboard, these dashboards are
added automatically, otherwise users can add these dashboards to
their existing dashboards. |
Pre-set Role Queries | Select the Pre-set Query per Role for each
of the available components. |
Recommended For You
Recommended Videos
Recommended videos not found.
