There are pre-configured roles in Security Analytics that are installed on the server and on each service. You can also add custom roles. The following table lists the pre-configured system roles and their permissions.
|Administrators||Full system access|
|Operators||Access to configurations but not to meta and session content|
|Analysts||Access to meta and session content but not to configurations|
|SOC_Managers||Same access as Analysts plus additional permission to handle incidents|
|Malware_Analysts||Access to malware events and to meta and session content|
|Data_Privacy_Officers||Access to meta and session content as well as configuration options that manage obfuscation and viewing of sensitive data within the system (see Data Privacy Management).|
You must add a service role when you have added a:
- Service user or users that requires a new set of permissions.
- Custom role on Security Analytics server because trusted connections require that the same custom role exists both on the server and on each service the custom role will access. The names must be identical. For example, if you add a JuniorAnalysts role on the server then you must add a JuniorAnalysts role on each service the role will access. For more information, see the Add a Role and Assign Permissions topic in System Security and User Management.
To add a service user role and assign permissions to it:
- In the Security Analytics menu, select Administration > Services.
- Select a service, then > View > Security.
The Security view for the selected service is displayed with the Users tab open.
- Select the Roles tab and click .
The Services Security view is displayed and five pre-configured roles are already listed.
- Click , type the Role Name and press Enter.
The Role Name is displayed above a list of Role Permissions.
- Select each permission the role will have on the service.
- Click Apply.
The role is added to the service immediately. You can add service users to it in the Users tab.