Sec/User Mgmt: Add or Edit Role Dialog

Document created by RSA Information Design and Development on Apr 25, 2016Last modified by RSA Information Design and Development on Sep 1, 2016
Version 3Show Document
  • View in full screen mode
 

This topic introduces the Add User and Edit User dialogs accessible from the Administration Security view > Roles tab.

In the Add Role and Edit Role dialogs, you can add or edit a role and the permissions assigned to it. You can also specify the query-handling attributes for role members to lock down the information that they can retrieve. The structure of these dialogs is the same. The only difference is that you either add a new role or modify an existing role.

When you change permissions for a role, the change is immediately applied to users who are assigned the particular role after the role is saved.

To access this view:

  1. In the Security Analytics menu, select Administration > Security.
    The Security view opens to the Users tab by default.
  2. Click the Roles tab.
  3. Do one of the following:
    • In the action bar, click .
      The Add Role dialog is displayed.
    • Select a role and in the action bar, click .
      The Edit Role dialog is displayed.

The Add Role and Edit Role dialogs include three sections: Role Info, Attributes, and Permissions.

Role Info

This is the information in the Role Info section.

                 
FeatureDescription
Name The name of the user role.
Description An optional description of the user role.

Attributes

This is the information in the Attributes section. A value shown in italics indicates a default value, for example, 5. A value shown without italics indicates a change from the default value, for example, 1200. Step 3. Verify Query and Session Attributes per Role provides more information.

                         
FeatureDescription
SA Core Query Timeout (Optional) Specifies the maximum number of minutes that a user can run a query. The default value is 5 minutes. This timeout only applies to queries performed from Investigation. If this value is set, it must be zero (0) or greater. A value of zero represents no timeout.

When migrating to Security Analytics 10.5 and later, if there is no value set in the roles, 5 minutes is set by default.

Note: Security Analytics 10.5 and later Core services use this field.

SA Core Query Level (Optional) Specifies the maximum number of minutes that a user can run a query. There are three query levels: 1, 2, and 3. The default query levels are Query Level 1 = 60 minutes, Query Level 2 = 40 minutes, and Query Level 3 = 20 minutes.

Note: Security Analytics 10.4 and earlier Core services use this field. Query Level is deprecated for Core services starting with Security Analytics 10.5.

SA Core Query Prefix (Optional) Filters query results to restrict what the role members see. By default, this is blank. For example, the 'service' = 80 query prefix prepends to any queries run by the user and the user can only access meta of HTTP sessions.
SA Core Session Threshold Controls how the service scans meta values to determine session counts. This value must be zero (0) or greater. If this value is greater than zero, a query optimization will extrapolate the total session counts that exceed the threshold. When the meta value returned by the query reaches the threshold, the system will:
  • Stop its determination of the session count
  • Show the threshold and percentage of query time used to reach the threshold

The default value is 100000. The limit you specify here overrides the Max Session Export value defined in Profile > Preferences > Investigation. 

Permissions

This is the information in the Permissions section. Role Permissions describes the permissions.

                             
FeatureDescription
Module
tabs
There are eight tabs, one for each module:  Administration, Alerting, Incidents, Investigation, Live, Malware, Reports, and Dashboard. Each tab lists the permissions for a module.
Description
column
List of of all permissions for the module.
Assigned
column
Checkbox that indicates if a module permission is assigned to the role.
Save Saves the role with the selected permissions assigned to it.
Cancel Cancels any work and closes the dialog.
You are here: References > Administration Security View > Add or Edit Role Dialog

Attachments

    Outcomes