Manage access permissions for Cortex XDR users.
Manage access permissions for Cortex XDR users.
Update a user's role, add a user to a user group, and view permissions based on the role and user groups assigned to the user.
If Scope-Based Access Control (SBAC) is enabled for the tenant, you can use specific tags to assign user permissions. For more information, see Manage user scope.
Note
You can only reduce the permissions of an Account Admin user via Cortex Gateway.
Select Settings → Configurations → Access Management → Users.
Right-click the relevant user, and select Edit User Permissions.
Tip
To apply the same settings to multiple users, select them, and then right-click and select Edit User Permissions.
Under Role, select the default or custom role.
(Optional) Under User Groups, add the user to a group.
(Optional) Under Show Accumulated Permissions:
Do one of the following:
Select all to view the combined permissions for every role and user group assigned to the user.
Select a specific role assigned to the user to view the available permissions for that role.
Under Components, expand each list to view the permissions to the various Cortex XDR components.
Under Datasets, there are two possibilities for viewing a user's dataset access permissions:
When dataset access management is enabled and the user has access to certain Cortex Query Language (XQL) datasets, the datasets are listed.
When dataset access management is disabled and users have access to all XQL datasets, the text No dataset has been selected is displayed.
Note
User permissions for components and datasets are based on the acess permissions set in the user role. For more information on editing these user role permissions, see Manage user roles.
(Optional) If Scope-Based Access Control is enabled for the tenant, click Scope and select a tag family and the corresponding tags.
Keep in mind the following:
Roles defined as administrator or a part of the admin group can't be scoped.
If you select a tag family without specific tags, permissions apply to all tags in the family.
The scope is based only on the selected tag families. If you scope only based on tags from Family A, then Family B is disregarded in scope calculations and is considered as allowed.
Click Save.
Use a CSV file to import users who belong to a Customer Support Portal account, and assign them roles that are defined in Cortex XDR. You can use the CSV template provided in Cortex XDR, or prepare a CSV file from scratch.
Select Settings → Configurations → Access Management → Users.
Click Import Multiple User Roles.
Do one of the following:
To use the CSV template, click Download example file, and replace the example values with your values.
Prepare a CSV file from scratch. Make sure the file includes these columns:
User email: Email address of the user belonging to a Customer Support Portal account, for example, john.smith1@exampleCompany.com.
Role name: Name of the role that you want to assign to this user, for example, Privileged Responder. The role must already exist in Cortex XDR.
Is an account role: A boolean value that defines whether the user is designated with an Account Admin role in Cortex Gateway. Set the value to TRUE; otherwise, the value is set to FALSE (default).
Locate the file and drag it to the dialog box.
Click Import.
View all of the permissions currently assigned to a user.
Select Settings → Configurations → Access Management → Users.
Right-click the relevant user, and select Edit User Permissions.
Tip
To apply the same settings to multiple users, select them, and then right-click and select Edit User Permissions.
Under Show Accumulated Permissions, do one of the following:
Select all to view the combined permissions for every role and user group assigned to the user.
Select a specific role assigned to the user to view the available permissions for that role.
Under Components, expand each list to view the permissions to the various Cortex XDR components.
Under Datasets, there are two possibilities for viewing a user's dataset access permissions:
When dataset access management is enabled and the user has access to certain Cortex Query Language (XQL) datasets, the datasets are listed.
When dataset access management is disabled and users have access to all XQL datasets, the text No dataset has been selected is displayed.
There might be instances where you want to hide a user from the list of users, for example, a user that has a Customer Support Portal Super User role but isn't active on your Cortex XDR tenant. Once you hide a user, they will no longer be displayed in the list of users when Show User Subset is selected on the Users page.
Select Settings+Configurations+Access Management+Users.
Right-click the relevant user, and select Hide User.
Select Settings+Configurations+Access Management+Users.
Right-click the relevant user, and select Edit User Permissions.
Tip
To apply the same settings to multiple users, select them, and then right-click and select Edit User Permissions.
Under User Groups, add the user to a group.
Click Save.
You cannot deactivate a user who has an Account Admin role.
Select Settings+Configurations+Access Management+Users.
Right-click the relevant user, and select Deactivate User.
Click Deactivate.
You cannot remove a user who has an Account Admin role.
Select Settings+Configurations+Access Management+Users.
Right-click the relevant user, and select Remove User Role.
Click Remove.