This topic describes the pre-configured service user roles and permissions.
The Services Security view Roles tab enables you to create service user roles and assign permissions. You can also use the pre-configured roles included with Security Analytics to assign user permissions.
Service User Roles
Security Analytics has the following pre-configured service user roles.
|Administrators||All permissions||Security Analytics System Administrator|
|You can use this role to create an Aggregation account.|
This role provides the minimum permissions necessary to perform aggregation of data. It is only available on Security Analytics 10.5 and later services.
|Analysts, Malware_Analysts, and SOC_Managers||sdk.meta|
|Users can use specific applications, run queries and view content for purposes of analysis.|
|Data Privacy Officer|
Data Privacy Officers have the dpo.manage permission on Decoders and Log Decoders.
|Operators are responsible for the daily operation of the services.|
Service User Permissions
There are many permissions that you can assign a service role in Security Analytics. Users can have different permissions on each service, depending on their role assignments and the permissions selected for each role. This table describes the permissions that you can assign to a role.
|sys.manage||Allows the user to edit the service configuration settings.|
|services.manage||Allows the user to manage connections to other services.|
|connections.manage||Allows the user to manage connections to the service.|
|users.manage||Allows the user to create individual users and user roles and specify user permissions.|
|aggregate||Allows the user to perform aggregation of data.|
|sdk.meta||Allows the user to run queries in the Investigation and Reporting applications and to view the metadata returned by the query.|
|sdk.content||Allows the user to access raw packets and logs from any client application (Investigations and Reporting).|
|sdk.packets||Allows users to access raw packets and logs from any client application.|
|appliance.manage||Allows the user to manage the appliance (host) tasks. This permission is required by the Appliance service.|
|decoder. manage||Allows the user to edit the configuration settings for the Decoder service.|
|concentrator.manage||Allows the user to edit the configuration settings for the Concentrator/Broker service.|
|logs.manage||Allows the user to view the service logs and edit the logging configuration settings for the specified service.|
|parsers.manage||Allows the user to manage all attributes under the parsers node.|
|rules.manage||Allows the user to add and delete all rules.|
|database.manage||Allows the user to set database locations, sizes, and the various configuration settings for the session, meta and/or packet/log databases.|
|index.manage||Allows the user to manage all index-related attributes.|
|sdk.manage||Allows the user to view and set all SDK configuration items.|
|storedproc.execute||Allows the user to execute a Lua stored procedure.|
|storedproc.manage||Allows the user to manage Lua stored procedures.|
|archiver.manage||Allows the user to modify the Archiver configuration.|
|dpo.manage||Allows the user to manage the transform configuration and the applicable keys.|