Reporting: Manage Access for a Report or Report Group

Document created by RSA Information Design and Development on Nov 23, 2016Last modified by RSA Information Design and Development on Feb 10, 2017
Version 5Show Document
  • View in full screen mode
  

This section covers the access permissions the user has depending on the user role to manage a report and report group. The Reporting Module provides access control at the report and report group level. The user who has the right set of permissions can only perform the tasks in reporting module. The access control is managed by the administrator from the Administration > Security > Roles tab.

When creating users and user roles, administrator must ensure that the roles created for specific tasks have access to all the permissions higher in the hierarchy of roles.

Reports and Report Groups can be tied to a specific set of user roles so that when a user logs into Security Analytics, the reports with the access rights for the specific user role can be viewed. Users that belong to a user role with the ‘Read & Write’ access permission can define reports. Further, the access can be tightened so that reports are accessed only by those who have the ‘Read Only’ access.

Note: You must have ‘Read Only’ permission on a group to view the reports within that group.

At the report level, you can set the following access permissions for the user roles in Security Analytics:

  • Read & Write
  • Read Only
  • No Access

Suppose, you want the Security Analysts to have access to all the reports in a Report Group, you can set the permission 'Read & Write' at the Report Group level. And, if you do not want the Operator role to have access to a specific set of reports in a report group, you can set the permission 'No Access' at the Report Group level.

The permission is set only for the report group but not the reports, rules, or sub-groups in the Report Group.

Access Control for a Report Group

When you want to change the report group permissions, you must select a report group and set their access permissions using the Reports Permissions panel.

Before applying report group permissions, the default permission set for all the user roles is 'No Access', except for Administrators, as shown in the figure. 

105_before_applyg_report_grp_perm.png

If you want to change the access permission for a specific user role, you must set these at the report group level, as shown in the figure. <suppose,>Administrators to have access to all the reports in a Report Group, you can set the permission 'Read & Write' in the Report Group Permissions panel.

And, you can also apply permissions to sub-groups and reports in the group, as well as apply read-only permission to rules in the reports by selecting the appropriate checkboxes, as shown in the figure.

105_after_applying_report_grp_access_perm.png

The three scenarios are explained in brief:

  • Scenario 1: Permissions applied to Report Group/ Sub Group/ Report based on the user role.
  • Scenario 2: Permissions applied to Sub Group and Report in the Group.
  • Scenario 3: Read-only permission applied to Rules in the Report.
                               
 Role (Analyst)Permissions applied to Report Group/ Sub Group/ Report based on the user rolePermissions applied to Sub group and Report in the Group Permission (Read-only) applied to Rules in the Report
Group Read & WriteRead & WriteRead & WriteRead & Write
Sub GroupReadReadRead & Write - InheritedRead & Write
ReportReadReadRead & Write - InheritedRead & Write
RulesReadReadReadRead

The Report Group will be assigned the role of a Security Analyst and permissions are set to Read & Write report group.

For scenario 1, each of the levels has a permission set depending on the user role. For scenario 2, the permission at the Report Group level (Read & Write) is inherited by the Sub Group and Reports in the Group. For scenario 3, the Read permission is set for the Rules except that the permission set for the rules cannot be higher than the permissions set for the Report Group.

Access Control for a Report

When you want to change the report permissions, you must select a report and set their access permissions using the Report Permissions panel.

Before applying the Report permissions, the default permission set for all the user roles is 'No Access' permission and the checkbox is unchecked, as shown in the figure.

105_before_applyg_report_perm.png

If you want to change the access permission for a specific user role, you must set these at the report level, as shown in the figure. Suppose, you want the Administrators to have access to a specific report, you can set the permission 'Read & Write' in the Report Permissions panel.

And, you can apply read-only permission to rules in the reports by selecting the checkbox, as shown in the figure.

105_after_applyg_report_perm.png

The two scenarios are explained in brief:

  • Scenario 1: Permissions applied to Report Group/ Sub Group/ Report/ Rules.
  • Scenario 2: Read-only permission applied to Rules in the Report.
                          
 Role (Analysts)Permissions applied to Report Group/ Sub Group/ Report/ Rules based on the user rolePermission (Read-only) applied to Rules in the Report
Group Read & WriteRead & WriteRead & Write
Sub GroupReadReadRead & Write
ReportReadReadRead & Write
RulesReadReadRead

The Report will be assigned the role of a Security Analyst and permissions are set to Read & Write reports.

For scenario 1, each of the levels has a permission set based on the user role. For scenario 2, the Read permission is set for the Rules except that the permission for the rules cannot be higher than the permission for the Reports.

Note: If the permission for the rules is higher than the permission for the Reports then the permission is be applied. For example, if you set the permissions for the Report Group as No Access and then specify the option Apply Read-only permission to Rules in the Reports, then the read-only permission is not set for the rules. 

Access Control for a Report When Multiple Reports are Selected

When you want to change permissions of multiple reports, you must select several reports and set their access permissions using the Report Permissions panel. The access permission that you choose is applied to all the selected reports.

105_multiple_objts_104.png

Access Control for a Report When Multiple Reports with several rules are Selected

When you want to change permissions when multiple reports with several rules are selected, you must select the checkbox in the Report Permissions panel, as shown in the figure. The read-only access permission is applied to all the rules of the selected reports, provided that the permission of the rules are lower than the permission of the reports.

105_multiple_obj_perm2_104.png

Login as a specific user and view the access details

When you login to the Security Analytics UI as a user having 'Read access' permission, all the reports is denoted with the symbol (read-only.png) and when you click on the symbol the 'Read Only' callout is displayed on the Report List panel.

When you login to the Security Analytics UI as a user not having 'Read & Write' access permission on a Report, all the reports are denoted with the symbol (no_access.png) and the reports appear grayed out on the Report List panel.

The following figure shows the Report List panel when logged in with minimal 'Read & Write' access permission.

logged_in_as_diff_user_screen.png

Note:  If a User (other than the super user) creates a report there will be no access to that report for the super user. 

Tabular Listing

The following table lists the various columns in the Reports Permissions Panel:

                       
ColumnDescription
Roles    The role of the user logged into the Security Analytics UI.
Read & WriteThe user can access, view, edit, import, export, and delete the report on the Reports view. The user can also change the permission on the report.
Read Only The user can only access and view the report on the Reports view.
No AccessThe user cannot access or view the report for which this permission is set. 
IconCheckbox.png Apply these permissions to sub-groups and Reports in this groupSelect the checkbox to apply the selected permissions to the report group, sub-groups in the group and reports in the group.

Note: This checkbox is populated only when you set access permissions for a Report Group.

IconCheckbox.png Apply Read-only permission to Rules in the ReportsSelect the checkbox to automatically apply permissions to the rules in the reports.

Topics:

You are here
Table of Contents > Working with Reports in the Reporting Module > Manage Acess for a Report or Report Group

Attachments

    Outcomes