Reporting: Manage Access for a List or List Group

Document created by RSA Information Design and Development on Jul 29, 2016
Version 1Show Document
  • View in full screen mode
 

The Reporting module provides access control at the list and list group level. Only a user who has the right set of permissions can perform the tasks in the Reporting module. The access control is managed by the administrator from the Administration > Security > Roles tab.

The administrator when creating users and user roles, must ensure that the roles created for specific tasks have access to all the permissions higher in the hierarchy of roles.

Lists or List Groups can be tied to a specific set of user roles so that when a user logs into Security Analytics, the only lists they can access are lists accessible to the group to which the user belongs. Users that belong to a user role with the ‘Read & Write’ access permission have full access rights on the list. Further, the access can be tightened so that lists are accessed only by those who have the ‘Read Only’ access.

Note: You must have ‘Read Only’ permission on a group to view the lists within that group.

At the list level, you can set the following access permissions for the user roles in Security Analytics:

  • Read & Write
  • Read Only
  • No Access

Suppose, you want the Security Analysts to have access to all the lists in a List Group, you can set the permission 'Read & Write' at the List Group level. And, if you do not want the Operator role to have access to a specific set of lists in a list group, you can set the permission 'No Access' at the List Group level.

The permission is set only for the list group but not the lists, or sub-groups in the List Group.

Access Control for a List Group

When you want to change the list group permissions, you must select a list group and set their access permissions using the Lists Permissions panel.

Before applying list group permissions, the default permission set for all the user roles is 'No Access' permission, and the checkboxes are unchecked, as shown in the figure. 

105_b4_applyg_list_grp_perm.png

If you want to change the access permission for a specific user role, you must set these at the list group level, as shown in the figure.Suppose, you want the Administrators to have access to all the lists in a List Group, you can set the permission 'Read & Write' in the Lists Group Permissions panel.

105_after_applyg_list_grp_perm.png

And, you can also apply permissions to sub-groups and lists in the group by selecting the checkbox, as shown in the figure.

The two scenarios are explained in brief:

  • Scenario 1: Permissions applied to List Group/ Sub Group based on the user role.
  • Scenario 2: Permissions applied to Sub Group and Lists in the Group.
                 
Role (Analysts)Permissions applied to List Group/ Sub Group based on the user rolePermissions applied to Sub group and Lists in the Group
Group Read & WriteRead & Write
Sub GroupReadRead & Write - Inherited
ListsReadRead & Write - Inherited

The access permissions that you set can be applied to subgroups and child objects of this group. 

The List Group will be assigned the role of a Security Analyst and permissions are set to Read & Write list group.

For scenario 1, each of the levels will have a permission set depending on the user role. For scenario 2, the permission at the List Group level will be inherited by the Sub Group and Lists in the Group.

Access Control for a List

When you want to change the list permissions, you must select a list and set their access permissions using the List Permissions panel.

Before applying the List permissions, the default permission set for all the user roles is 'No Access' permission and the checkbox is unchecked, as shown in the figure.

105_b4_applyg_list_perm.png

If you want to change the access permission for a specific user role, you must set these at the list level, as shown in the figure. Suppose, you want the Administrators to have access to a specific list, you can set the permission 'Read & Write' in the Lists Permissions panel.

105_after_applyg_list_perm.png

Access Control for a List When Multiple Lists are Selected

When you want to change permissions of multiple lists, you can select multiple lists at a time and set their access permissions using the Lists Permissions Panel. The access permission that you choose is applied to all the selected lists.

Note: The '*' besides the role name indicates the other permissions available on the user role. If you want to change the access permission for the required user role, select the user role and change the access permission.

105_multiple_list_obj_sel.png

Note: If a user (other than ADMIN) creates a list, ADMIN cannot access that list.

Tabular Listing

The following table lists the various columns in the Lists Permissions panel:

                 
ColumnDescription
RolesThe role of the user logged into the Security Analytics user interface.
Read & WriteThe user can access, view, edit, delete,import, and export lists on the Lists view. The user can also change the permission on the rule.
Read OnlyThe user can only access and view the list on the Lists view
No AccessThe user cannot access or view the list for which this permission is set.
You are here: Working with Lists in the Reporting Module > Reporting: Manage Access for a List or List Group

Attachments

    Outcomes