Reporting: Manage Access for an Alert

Document created by RSA Information Design and Development on Jun 26, 2017
Version 1Show Document
  • View in full screen mode
  

This topic provides an overview of the access permissions the user may have depending on the user role to manage an alert. The Reporting module provides access control at the alert level. Only a user who has the right set of permissions can perform the tasks in the Reporting module. The access control is managed by the administrator from the Administration > Security > Roles tab.

Note: Reporting Engine Alert permissions are prefixed with 'RE' to distinguish it from Event Streaming Analysis (ESA). 

When creating users and user roles, administrator must ensure that the roles created for specific tasks have access to all the permissions higher in the hierarchy of roles.

Alerts can be tied to a specific set of user roles so that when a user logs into Security Analytics, the only alerts they can access are alerts accessible by the role the user belongs. Users that belong to a user role with the ‘Read & Write’ access permission can define alerts. Further, the access can be tightened so that alerts are accessed only by those who have the ‘Read Only’ access.

At the alert level, you can set the following access permissions for the user roles in Security Analytics:

  • Read & Write
  • Read Only
  • No Access

Access Control for an Alert

When you want to change the alert permissions, you must select an alert and set their access permissions using the Alert Permissions panel.

Before applying the Alert permissions, the default permission set for all the user roles is 'No Access' permission and the checkbox is unchecked, as shown in the figure.

105_b4_applyg_alert_perm.png

If you want to change the access permission for a specific user role, you must set these at the alert level, as shown in the figure. Suppose, you want the Administrators to have access to a specific alert, you can set the permission 'Read & Write' in the Alert Permissions panel.

And, you can apply read-only permission to rules in the alerts by selecting the checkbox.

105_after_applyg_alert_perm.png

The two scenarios are explained in brief:

  • Scenario 1: Permissions applied to Alert/ Rules based on the user role.
  • Scenario 2: Read-only permission applied to Rules in the Alert.
                
 Role (Analysts)Permissions applied to Alert/ Rules based on the user rolePermission (Read-only) applied to Rules in the Alert
AlertRead & WriteRead & WriteRead & Write
RulesReadReadRead
 

The Alert is assigned the role of a Security Analyst and permissions are set to Read & Write alerts.

For scenario 1, each of the levels has a permission set based on the user role. For scenario 2, the Read permission is set for the Rules except that the permission for the rules must not be higher than the permission for the Alerts.

Note: If the permission for the rules is higher than the permission for the Alerts, the permission is not applied. For example, if you set the permissions for the Alert as No Access and then specify the option Apply Read-only permission to Rules in the Alerts, the read-only permission is not set for the rules. 

Access Control for an Alert When Multiple Alerts are Selected

When you want to change permissions of multiple alerts, you must select several alerts and set their access permissions using the Alert Permissions panel. The access permission that you choose is applied to all the selected alerts.

105_mult_alert_obj_sel.png

Login as a specific user and view the access details

When you login to the Security Analytics UI as a user having 'Read access' permission, all the alerts will be denoted with the symbol
(read-only.png) and when you click on the symbol the 'Read Only' callout is displayed on the Alert List panel.

When you login to the Security Analytics UI as a user not having 'Read & Write' access permission on an Alert, all the alerts will be denoted with the symbol (no_access.png) and the alerts appear grayed out on the Alert List panel.

The following figure shows the Alert List panel when logged in with minimal 'Read & Write' access permission.

104_alert_diff_user.png

Note: If a User (other than the super user) creates an alert there will be no access to that alert for the super user.

The following table lists the various columns in the Alert Permissions Panel:

                    
ColumnDescription
RolesThe role of the user logged into the Security Analytics UI.
Read & WriteThe user can access, view, edit, import, export, and delete the alert on the Alerts page. The user can also change the permission on the alert.
Read OnlyThe user can only access and view the alert on the Alerts page.
No AccessThe user cannot access or view the alert for which this permission is set. 
IconCheckbox.png Apply Read-only permission to Rules in the AlertsSelect the checkbox to automatically apply permissions to the rules in the alerts.

Topics

Previous Topic:View All Templates
You are here
Table of Contents > Working with Alerts in the Reporting Module > Manage Access for an Alert

Attachments

    Outcomes