Sec/User Mgmt: Role Permissions

Document created by RSA Information Design and Development on Aug 29, 2018Last modified by RSA Information Design and Development on Jan 23, 2019
Version 4Show Document
  • Comment0
  • View in full screen mode
  

This topic describes access to the user interface that users assigned to the built-in NetWitness Platform roles have by default. 

Within NetWitness Platform, user access to each module, dashlet, and view is restricted based on the assigned permissions described in this topic. You can locate these role permissions in the Add or Edit Roles dialogs accessible from the Admin > Security > Roles tab.

In the Add or Edit Role dialogs, the tabs in the Permission section represent different areas of NetWitness Platform and show the available permissions for those areas. For example, the Administration tab shows the permissions available in the Admin view.

Note: There is no Configure tab in the Add/Edit Role dialogs that corresponds to the Configure view. To assign permissions in the Configure view, assign permissions to the views contained within the Configure view: Live Content (Live), Incident Rules (Incidents), Respond Notifications (Incidents, Respond-server, Integration server), ESA Rules (Alerting), Subscriptions (Live), and Custom Feeds (Live).

Note: To the left of the Administration tab is a tab marked with an asterisk (*). This tab indicates access to management of backend services only.

The tables that follow show the default permissions assigned to each NetWitness Platform user role:

  • Administrators

  • Respond Administrators

  • Data Privacy Officers (DPOs)
  • SOC Managers (SOC Mgrs)
  • Operators
  • Malware Analysts (MAs)
  • Analysts

Since the Administrators role has all of the permissions by default, it is not included in the tables.

Service Permissions Format for New Services

The service permissions for some new NetWitness Platform services contain three parts in the following format:

<service name>.<resource>.<action>

For example, for the investigate-server.metrics.read permission:

  • service name = investigate-server
  • resource = metrics
  • action = read

Users assigned this permission can read any metrics that the investigate-server service exposes.

Administration

The following table lists the permissions in the Administration tab assigned to each role. A blank field indicates that the role does not have the permission. The Administrators role has all of the permissions by default and is not listed.

                                                                                                                                                                                                                                                   
PermissionOperatorsAnalystsSOC MgrsMAsDPOs
Access Administration ModuleYesYesYesYesYes
Access Health & WellnessYesYesYesYesYes
Apply System UpdatesYes    
Can Opt In to Live Intelligence SharingYes    
Manage Advanced SettingsYes    
Manage ATD SettingsYes    
Manage AuditingYes   Yes
Manage EmailYes    
Manage Global AuditingYes   Yes
Manage Health & Wellness PolicyYes    
Manage LLSYes    
Manage LogsYes   Yes
Manage NotificationsYes    
Manage PluginsYes    
Manage PredicatesYes    
Manage ReconstructionYes    
Manage SecurityYes   Yes
Manage ServicesYes   Yes
Manage System SettingsYes    
Modify ESA SettingsYes    
Modify Event SourcesYes    
Modify HostsYes    
Modify ServicesYes   Yes
View Event SourcesYes Yes  
View Health & Wellness PolicyYesYesYes  
View Health & Wellness Stats BrowserYesYesYes Yes
View HostsYes   Yes
View ServicesYes   Yes

Admin-server

The following table describes the permissions in the Admin-server tab. The Administrators role has all of the permissions and is the only role granted permissions by default.

                                       
PermissionDescription
admin-server.configuration.managePermission to modify all service configuration parameters
admin-server.health.readPermission to view any health notifications that the service exposes
admin-server.logs.managePermission to change log-related configuration
admin-server.metrics.readPermission to view any metrics that the service exposes
admin-server.process.managePermission to start and stop the service
admin-server.security.managePermission to edit security-related resources (passwords, keys, and so on)
admin-server.security.readPermission to view security-related resources

Alerting

The following table lists the permissions in the Alerting tab assigned to each role. A blank field indicates that the role does not have the permission. The Administrators role has all of the permissions by default and is not listed.

                                                   
PermissionOperatorsAnalystsSOC MgrsMAsDPOs
Access Alerting ModuleYesYesYes Yes
Manage Rules  Yes Yes
View AlertsYesYesYes Yes
View Rules  Yes Yes

Cloud-gateway-server

The following table describes the permissions in the Cloud-gateway-server tab. The Administrators role has all of the permissions and is the only role granted permissions by default.

                                               
PermissionDescription
cloud-gateway-server.configuration.managePermission to modify all service cloud gateway parameters
cloud-gateway-server.health.readPermission to view any health notifications that the service exposes
cloud-gateway-server.logs.managePermission to change log-related configuration
cloud-gateway-server.metrics.readPermission to view any metrics that the service exposes
cloud-gateway-server.process.managePermission to start and stop the service
cloud-gateway-server.security.managePermission to edit security-related resources (passwords, keys, and so on)
cloud-gateway-server.security.readPermission to view security-related resources
cloud-gateway-server.uploadstream.managePermission to edit uploadstream configuration settings

cloud-gateway-server.uploadstream.read

Permission to view uploadstream configuration settings

Config-server

The following table describes the permissions in the Config-server tab. The Administrators role has all of the permissions and is the only role granted permissions by default.

                                           
PermissionDescription
config-server.*All permissions (everything below)
config-server.configuration.managePermission to modify all service configuration parameters
config-server.health.readPermission to view any health notifications that the service exposes
config-server.logs.managePermission to change log-related configuration
config-server.metrics.readPermission to view any metrics that the service exposes
config-server.process.managePermission to start and stop the service
config-server.security.managePermission to edit security-related resources (passwords, keys, and so on)
config-server.security.readPermission to view security-related resources

Content-server

The following table describes the permissions in the Content-server tab.

                       
PermissionDescription

content-server*

All permissions (everything below)

content-server.logparser.manage Permission to manage log parser configurations

content-server.logparser.read

Permission to view log parser configurations

 

The following table lists the permissions in the Content-server tab assigned to each role. A blank field indicates that the role does not have the permission. The Administrator role has all of the permissions by default and is not listed.

                                           
PermissionOperatorsAnalysts