Reporting: Manage Access for a Rule or Rule Group

Document created by RSA Information Design and Development on Jul 28, 2016
Version 1Show Document
  • View in full screen mode
 

This topic describes the access permissions the user will have depending on the user role to manage a rule or rule group. The Reporting module provides access control at the rule and rule group level. Only a user who has the right set of permissions can perform the tasks in the Reporting module. The access control is managed by the administrator from the Administration > Security > Roles tab.

When creating users and user roles, administrator must ensure that the roles created for specific tasks have access to all the permissions higher in the hierarchy of roles.

Rules or Rule Groups can be tied to a specific set of user roles so that when a user logs into Security Analytics, the only rules they can access are rules accessible to the group to which the user belongs. Users that belong to a user role with the ‘Read & Write’ access permission have full access rights on the rule. Further, the access can be tightened so that rules are accessed only by those who have the ‘Read Only’ access.

Note: You must at least have ‘Read Only’ permission on a group to view the rules within that group.

At the rule level, you can set the following access permissions for the user roles in Security Analytics:

  • Read & Write
  • Read Only
  • No Access

Suppose, you want the Security Analysts to have access to all the rules in a Rule Group, you can set the permission 'Read & Write' at the Rule Group level. And, if you do not want the Operator role to have access to a specific set of rules in a rule group, you can set the permission 'No Access' at the Rule Group level. The permission is set only for the rule group but not the rules or sub-groups in the Rule Group.

Access Control for a Rule Group

When you want to change the rule group permissions, you must select a rule group and set their access permissions using the Rule Permissions panel.

Before applying rule group permissions, the default permission set for all the user roles is 'No Access' permission, and the checkboxes are unchecked. 

105_b4_applyg_rule_grp_perm.png

If you want to change the access permission for a specific user role, you must set these at the rule group level, as shown in the figure.Suppose, you want the Administrators to have access to all the rules in a Rule Group, you can set the permission 'Read & Write' in the Rule Group Permissions panel.

105_after_applyg_rule_grp_perm.png

And, you can also apply permissions to sub-groups and rules in the group by selecting the checkbox.

The two scenarios are explained in brief:

  • Scenario 1:Permissions applied to Rule Group/ Sub Group/ Rules based on the user role.
  • Scenario 2:Permissions applied to Sub Group and Rules in the Group.
                 
Role (Analysts)Permissions applied to Rule Group/ Sub Group/ Rules based on the user rolePermissions applied to Sub group and Rules in the Group
Group Read & WriteRead & Write
Sub GroupReadRead & Write - Inherited
RulesReadRead & Write - Inherited

The access permissions that you set can be applied to subgroups and child objects of this group. 

The Rule Group will be assigned the role of a Security Analyst and permissions are set to Read & Write rule group.

For scenario 1, each of the levels will have a permission set depending on the user role. For scenario 2, the permission at the Rule Group level will be inherited by the Sub Group and Rules in the Group.

Access Control for a Rule

When you want to change the rule permissions, you must select a rule and set their access permissions using the Rule Permissions panel.

Before applying the Rule permissions, the default permission set for all the user roles is 'No Access' permission and the checkbox is unchecked.

105_specific_rule_b4_applyg_perm.png

If you want to change the access permission for a specific user role, you must set these at the rule level, as shown in the figure. Suppose, you want the Administrators to have access to a specific rule, you can set the permission 'Read & Write' in the Rule Permissions panel.

105_specific_rule_after_applyg_perm.png

Access Control for a Rule When Multiple Rules are Selected

When you want to change permissions of multiple rules, you can select multiple rules at a time and set their access permissions using the Rules Permissions Panel. The access permission that you choose will be applied to all the selected rules.

Note: The '*' besides the role name indicates the other permissions available on the user role. If you want to change the access permission for the required user role, select the user role and change the access permission.

105_rule_mult_rules_perm.png

Login as a specific user and view the access details

When you login to the Security Analytics UI as a user having 'Read access' permission, all the rules will be denoted with the symbol (read-only.png) and when you click on the symbol the 'Read Only' callout is displayed on the Rules List panel.

When you login to the Security Analytics UI as a user not having 'Read & Write' access permission on a Rule, all the rules will be denoted with the symbol (no_access.png) and the rules appear grayed out on the Rules List panel.

The following figure shows the Rules List panel when logged in with minimal 'Read & Write' access permission.

login_as_diff_user_access_rules.png

Note: If a user (other than ADMIN) creates a rule, ADMIN cannot access that rule.

Tabular Listing

The following table lists the various columns in the Rules Permissions panel:

                 
ColumnDescription
RolesThe role of the user logged into the Security Analytics user interface.
Read & WriteThe user can access, view, edit, delete,import, and export rules on the Rules view. The user can also change the permission on the rule.
Read OnlyThe user can only access and view the rule on the Rules view
No AccessThe user cannot access or view the rule for which this permission is set.

Topics

You are here: Working with Reporting Rules > Reporting: Manage Access for a Rule or Rule Group

Attachments

    Outcomes