Abstract
Manage user roles that are assigned to Cortex XDR users or user groups in Cortex XDR Access Management.
Prerequisite
Managing user roles in Cortex XDR Access Management requires View/Edit RBAC permissions for Access Management (under Configurations). Account Admin and Instance Administrator roles are granted this permission by default. For more information, see Predefined user roles in Set up users, groups, and roles.
Manage user roles that are assigned to Cortex XDR users, user groups, or API keys. User roles enable you to define the type of access and actions a user can perform.
You can only set dataset access permissions from a user role in Cortex XDR Access Management for the tenant. When creating user roles from the Cortex Gateway, these settings are disabled. By default, dataset access management is disabled, and users have access to all datasets. If you enable dataset access management, you must configure access permissions for each dataset type, and for each user role. When a dataset component is enabled for a particular role, the Issues and Cases pages include information about datasets.
Select → → → .
Click New Role.
Under Role Name, enter a name for the user role.
(Optional) Under Description, enter a description for the user role.
Under Components, expand each list and select the permissions for each of the components.
Under Datasets (Disabled), you have two options for setting the Cortex Query Language (XQL) dataset access permissions for the user role:
Set the user role with access to all XQL datasets by leaving the dataset access management as disabled (default).
Set the user role with limited access to certain XQL datasets by selecting the Enable dataset access management toggle and selecting the datasets under the different dataset category headings.
Click Save.
Select → → → .
Right-click the relevant user role, and select Edit Role.
(Optional) Under Role Name, modify the name for the user role.
(Optional) Under Description, enter a description for the user role or modify the current description.
Under Components, expand each list and select the permissions for each of the components.
Under Datasets, you have two options for setting the Cortex Query Language (XQL) dataset access permissions for the user role:
Set the user role with access to all XQL datasets by disabling the Enable dataset access management toggle.
Set the user role with limited access to certain XQL datasets by selecting the Enable dataset access management toggle and selecting the datasets under the different dataset category headings.
Click Save.
Select → → → .
Right-click the relevant user role, and select Save As New Role.
(Optional) Under Role Name, modify the name for the user role.
(Optional) Under Description, enter a description for the user role or modify the current description.
Under Components, expand each list and select the permissions for each of the components.
Under Datasets, you have two options for setting the Cortex Query Language (XQL) dataset access permissions for the user role:
Set the user role with access to all XQL datasets by disabling the Enable dataset access management toggle.
Set the user role with limited access to certain XQL datasets by selecting the Enable dataset access management toggle and selecting the datasets under the different dataset category headings.
Click Save.