Sec/User Mgmt: Role Permissions

Document created by RSA Information Design and Development Employee on Mar 23, 2017Last modified by RSA Information Design and Development Employee on Apr 4, 2018
Version 3Show Document
  • View in full screen mode

This topic describes access to the user interface that users assigned to the built-in Security Analytics roles have by default. 

Within Security Analytics, user access to each module, dashlet, and view is restricted based on the assigned permissions described in this topic. The tables have a row for each permission with columns to indicate if it is a default permission for each user role:

  • Administrators
  • Operators
  • Analysts
  • SOC Managers (SOC Mgrs)
  • Malware Analysts (MAs)
  • Data Privacy Officers (DPOs)


The following table lists the permissions in the Administration tab:

PermissionAdministratorsOperatorsAnalystsSOC MgrsMAsDPOs
Access Administration ModuleYesYesYesYesYesYes
Access Health & WellnessYesYesYesYesYesYes
Apply System UpdatesYesYes    
Can Opt In to Live Intelligence SharingYesYes    
Manage Global AuditingYesYes   Yes
Manage Health & Wellness PolicyYesYes    
Manage SA Advanced SettingsYesYes    
Manage SA AuditingYesYes   Yes
Manage SA EmailYesYes    
Manage SA LLSYesYes    
Manage SA LogsYesYes   Yes
Manage SA NotificationsYesYes    
Manage SA PluginsYesYes    
Manage SA PredicatesYesYes    
Manage SA ReconstructionYesYes    
Manage SA SecurityYesYes   Yes
Manage ServicesYesYes   Yes
Manage System SettingsYesYes    
Modify ESA SettingsYesYes    
Modify Event SourcesYesYes    
Modify HostsYesYes    
Modify ServicesYesYes   Yes
View Event SourcesYesYes Yes  
View Health & Wellness PolicyYesYesYesYes  
View Health & Wellness Stats BrowserYesYesYesYes Yes
View HostsYesYes   Yes
View ServicesYesYes   Yes


The following table lists the permissions in the Alerting tab:

PermissionAdministratorsOperatorsAnalystsSOC MgrsMAsDPOs
Access Alerting ModuleYesYesYesYes Yes
Manage RulesYesYes Yes Yes
View AlertsYes YesYes Yes
View RulesYesYes Yes Yes


The following table lists the permissions in the Incidents tab:

PermissionAdministratorsOperatorsAnalystsSOC MgrsMAsDPOs
Access Incident ModuleYes YesYesYesYes
Configure Incident Management IntegrationYes  Yes Yes
Delete Alerts and incidentsYes    Yes
Manage Alert Handling RulesYes  Yes Yes
View and Manage IncidentsYes YesYesYesYes


The following table lists the permissions in the Investigation tab:

PermissionAdministratorsOperatorsAnalystsSOC MgrsMAsDPOs
Access Investigation ModuleYes YesYesYesYes
Context LookupYes YesYesYes 
Create Incidents from InvestigationYes YesYesYes 
Manage List from InvestigationYes YesYesYes 
Navigate EventsYes YesYesYesYes
Navigate ValuesYes YesYesYesYes


The following table lists the permissions in the Live tab:

PermissionAdministratorsOperatorsAnalystsSOC MgrsMAsDPOs
Access Live ModuleYesYesYesYes Yes
Manage Live System SettingsYesYes    
Deploy Live ResourcesYesYes   Yes
Manage Live FeedsYesYes   Yes
Manage Live ResourcesYesYes   Yes
Search Live ResourcesYesYesYesYes Yes
View Live Resource DetailsYesYesYesYes Yes


The following table lists the permissions in the Malware tab:

PermissionAdministratorsOperatorsAnalystsSOC MgrsMAsDPOs
Download Malware File(s)Yes YesYesYesYes
Initiate Malware Analysis ScanYes YesYesYesYes
View Malware Analysis EventsYes YesYesYesYes


The following table lists the permissions in the Reports tab:

PermissionAdministratorsOperatorsAnalystsSOC MgrsMAsDPOs
Define RE AlertYes YesYes Yes
Export RE Alert DefinitionYes YesYes Yes
Manage RE AlertsYes YesYes Yes
View RE AlertsYes YesYes Yes
View Scheduled RE AlertsYes YesYes Yes
Define ChartYes YesYes Yes
Delete ChartYes YesYes Yes
Export Chart DefinitionYes YesYes Yes
Manage ChartsYes YesYes Yes
View ChartsYes YesYes Yes
Define ListsYes YesYes Yes
Delete ListYes YesYes Yes
Export ListYes YesYes Yes
Manage ListsYes YesYes Yes
Define ReportYes YesYes Yes
Delete ReportYes YesYes Yes
Export ReportYes YesYes Yes
Manage ReportsYes YesYes Yes
View ReportsYes YesYes Yes
Access ConfigureYes YesYes Yes
Access Reporter ModuleYes YesYes Yes
Access Reporter searchYes YesYes Yes
Access ViewYes YesYes Yes
Add RE Alert Definition from RuleYes YesYes Yes
Define RuleYes YesYes Yes
Delete RuleYes YesYes Yes
Export RuleYes YesYes Yes
Manage RulesYes YesYes Yes
View Rule UsageYes YesYes Yes
Define ScheduleYes YesYes Yes
Delete ScheduleYes YesYes Yes
View SchedulesYes YesYes Yes
Warehouse Analytics       
Define JobsYes YesYes Yes
Delete JobsYes  YesYes Yes
Manage JobsYes  YesYes Yes
View JobsYes  YesYes Yes


The following table lists the permissions in the Dashboard tab:

PermissionAdministratorsOperatorsAnalystsSOC MgrsMAsDPOs
Dashlet Access - Admin Device List DashletYesYesYesYes Yes
Dashlet Access - Admin Device Monitor DashletYesYes   Yes
Dashlet Access - Admin News DashletYesYesYesYes Yes
Dashlet Access - Alert Variance DashletYes YesYes Yes
Dashlet Access - Alerting Recent Alerts DashletYes YesYes Yes
Dashlet Access - Investigation Jobs DashletYes YesYes Yes
Dashlet Access - Investigation Top Values DashletYes YesYes Yes
Dashlet Access - Live Featured Resources DashletYesYesYesYes Yes
Dashlet Access - Live New Resources DashletYesYesYesYes Yes
Dashlet Access - Live Subscriptions DashletYesYesYesYes Yes
Dashlet Access - Live Updated Resources DashletYesYesYesYes Yes
Dashlet Access - Malware Jobs DashletYes YesYes Yes
Dashlet  Access - Reporting Recent Report DashletYes YesYes Yes
Dashlet  Access - Reporting Charts DashletYes YesYes Yes
Dashlet  Access - Top Alerts DashletYes YesYes Yes
Dashlet Access ‐ Unified RSA First Watch DashletYesYesYesYes Yes
Dashlet Access ‐ Unified Shortcuts DashletYesYesYesYes Yes
You are here
Table of Contents > How Role-Based Access Control Works > Role Permissions