Sec/User Mgmt: Role Permissions

Document created by RSA Information Design and Development on Jul 28, 2016
Version 1Show Document
  • View in full screen mode
 

Within Security Analytics, user access to each module, dashlet and view is restricted based on the assigned permissions described in this topic. The tables have a row for each permission with columns to indicate if it is a default permission for each user role:

  • Administrators
  • Operators
  • Analysts
  • SOC Managers (SOC Mgrs)
  • Malware Analysts (MAs)
  • Data Privacy Officers (DPOs)

Administration

The following table lists the permissions in the Administration tab:

                                                                                                                                                                                                                                                                 
PermissionAdministratorsOperatorsAnalystsSOC MgrsMAsDPOs
Access Administration ModuleYesYesYesYesYesYes
Access Health & WellnessYesYesYesYesYesYes
Apply System UpdatesYesYes    
Can Opt In to Live Intelligence SharingYesYes    
Manage Global AuditingYes     
Manage Health & Wellness PolicyYesYes    
Manage SA Advanced SettingsYesYes    
Manage SA AuditingYesYes   Yes
Manage SA EmailYesYes    
Manage SA LLSYesYes    
Manage SA LogsYesYes   Yes
Manage SA NotificationsYes     
Manage SA PluginsYesYes    
Manage SA PredicatesYesYes    
Manage SA ReconstructionYesYes    
Manage SA SecurityYesYes   Yes
Manage ServicesYes    Yes
Manage System SettingsYesYes    
Modify ESA SettingsYes     
Modify Event SourcesYes     
Modify HostsYesYes    
Modify ServicesYesYes   Yes
View Event SourcesYes     
View Health & Wellness PolicyYesYesYesYesYesYes
View Health & Wellness Stats BrowserYesYesYesYes Yes
View HostsYesYes   Yes
View ServicesYesYes   Yes

Alerting

The following table lists the permissions in the Alerting tab:

                                                  
PermissionAdministratorsOperatorsAnalystsSOC MgrsMAsDPOs
Access Alerting ModuleYesYesYesYes Yes
Manage RulesYesYes Yes Yes
View AlertsYes YesYes Yes
View RulesYesYes Yes Yes

Incidents

The following table lists the permissions in the Incidents tab:

                                                           
PermissionAdministratorsOperatorsAnalystsSOC MgrsMAsDPOs
Access Incident ModuleYes YesYesYesYes
Configure Incident Management IntegrationYes  Yes Yes
Delete Alerts and incidentsYes    Yes
Manage Alert Handling RulesYes  Yes Yes
View and Manage IncidentsYes YesYesYesYes

Investigation

The following table lists the permissions in the Investigation tab:

                                                  
PermissionAdministratorsOperatorsAnalystsSOC MgrsMAsDPOs
Access Investigation ModuleYes YesYesYesYes
Create Incidents from InvestigationYes YesYesYes 
Navigate EventsYes YesYesYesYes
Navigate ValuesYes YesYesYesYes

Live

The following table lists the permissions in the Live tab:

                                                                                               
PermissionAdministratorsOperatorsAnalystsSOC MgrsMAsDPOs
Live      
Access Live ModuleYesYesYesYes Yes
Manage Live System SettingsYesYes    
Resources      
Deploy Live ResourcesYesYes   Yes
Manage Live FeedsYesYes   Yes
Manage Live ResourcesYesYes   Yes
Search Live ResourcesYesYesYesYes Yes
View Live Resource DetailsYesYesYesYes Yes

Malware

The following table lists the permissions in the Malware tab:

                                         
PermissionAdministratorsOperatorsAnalystsSOC MgrsMAsDPOs
Download Malware File(s)Yes YesYesYesYes
Initiate Malware Analysis ScanYes YesYesYesYes
View Malware Analysis EventsYes YesYesYesYes

Reports

The following table lists the permissions in the Reports tab:

                                                                                                                                                                                                                                                                                                                                                                                                                          
PermissionAdministratorsOperatorsAnalystsSOC MgrsMAsDPOs
Alert      
Define RE AlertYes YesYes Yes
Export RE Alert DefinitionYes YesYes Yes
Manage RE AlertsYes YesYes Yes
View RE AlertsYes YesYes Yes
View Scheduled RE AlertsYes YesYes Yes
Chart       
Define ChartYes YesYes Yes
Delete ChartYes YesYes Yes
Export Chart DefinitionYes YesYes Yes
Manage ChartsYes YesYes Yes
View ChartsYes YesYes Yes
List       
Define ListsYes YesYes Yes
Delete ListYes YesYes Yes
Export ListYes YesYes Yes
Manage ListsYes YesYes Yes
Report      
Define ReportYes YesYes Yes
Delete ReportYes YesYes Yes
Export ReportYes YesYes Yes
Manage ReportsYes YesYes Yes
View ReportsYes YesYes Yes
Reports      
Access ConfigureYes YesYes Yes
Access Reporter ModuleYes YesYes Yes
Access Reporter searchYes YesYes Yes
Access ViewYes YesYes Yes
Rule      
Add RE Alert Definition from RuleYes YesYes Yes
Define RuleYes YesYes Yes
Delete RuleYes YesYes Yes
Export RuleYes YesYes Yes
Manage RulesYes YesYes Yes
View Rule UsageYes YesYes Yes
Schedules      
Define ScheduleYes YesYes Yes
Delete ScheduleYes YesYes Yes
View SchedulesYes YesYes Yes
Warehouse Analytics      
Define JobsYes YesYes Yes
Delete JobsYes YesYes Yes
Manage JobsYes YesYes Yes
View JobsYes YesYes Yes

Dashboard

The following table lists the permissions in the Dashboard tab:

                                                                                                                                                                       
PermissionAdministratorsOperatorsAnalystsSOC MgrsMAsDPOs
Dashlet Access - Admin Device List DashletYesYesYesYes Yes
Dashlet Access - Admin Device Monitor DashletYesYes   Yes
Dashlet Access - Admin News DashletYesYesYesYes Yes
Dashlet Access - Alert Variance DashletYes YesYes Yes
Dashlet Access - Alerting Recent Alerts DashletYes YesYes Yes
Dashlet Access - Investigation Jobs DashletYes YesYes Yes
Dashlet Access - Investigation Top Values DashletYes YesYes Yes
Dashlet Access - Live Featured Resources DashletYesYesYesYes Yes
Dashlet Access - Live New Resources DashletYesYesYesYes Yes
Dashlet Access - Live Subscriptions DashletYesYesYesYes Yes
Dashlet Access - Live Updated Resources DashletYesYesYesYes Yes
Dashlet Access - Malware Jobs DashletYes YesYes Yes
Dashlet  Access - Reporting Recent Report DashletYes YesYes Yes
Dashlet  Access - Reporting Charts DashletYes YesYes Yes
Dashlet  Access - Top Alerts DashletYes YesYes Yes
Dashlet Access ‐ Unified RSA First Watch DashletYesYesYesYes Yes
Dashlet Access ‐ Unified Shortcuts DashletYesYesYesYes Yes
You are here: How Role-Based Access Control Works > Role Permissions

Attachments

    Outcomes