Abstract
Manage user roles that are assigned to Cortex XDR users or user groups in Cortex XDR Access Management.
Notice
Managing Roles requires an Account Admin or Instance Administrator role. For more information, see Predefined user roles.
Manage user roles that are assigned to Cortex XDR users or user groups in Cortex XDR Access Management. User roles enable you to define the type of access and actions a user can perform.
You can only set dataset access permissions from a user role in Cortex XDR Access Management. When creating user roles from the Cortex Gateway, these settings are disabled. By default, dataset access management is disabled, and users have access to all datasets. If you enable dataset access management, you must configure access permissions for each dataset type, and for each user role. When a dataset component is enabled for a particular role, the Alert and Incidents pages include information about datasets.
Select Settings+Configurations+Access Management+Roles.
Click New Role.
Under Role Name, enter a name for the user role.
(Optional) Under Description, enter a description for the user role.
Under Components, expand each list and select the permissions for each of the components. For more information, Role-based Permission Levels for Cortex XDR/XSIAM.
Under Datasets (Disabled), you have two options for setting the Cortex Query Language (XQL) dataset access permissions for the user role:
Set the user role with access to all XQL datasets by leaving the dataset access management as disabled (default).
Set the user role with limited access to certain XQL datasets by selecting the Enable dataset access management toggle and selecting the datasets under the different dataset category headings.
Click Save.
Select Settings+Configurations+Access Management+Roles.
Right-click the relevant user role, and select Edit Role.
(Optional) Under Role Name, modify the name for the user role.
(Optional) Under Description, enter a description for the user role or modify the current description.
Under Components, expand each list and select the permissions for each of the components. For more information, Role-based Permission Levels for Cortex XDR/XSIAM.
Under Datasets, you have two options for setting the Cortex Query Language (XQL) dataset access permissions for the user role:
Set the user role with access to all XQL datasets by disabling the Enable dataset access management toggle.
Set the user role with limited access to certain XQL datasets by selecting the Enable dataset access management toggle and selecting the datasets under the different dataset category headings.
Click Save.
Select Settings+Configurations+Access Management+Roles.
Right-click the relevant user role, and select Save As New Role.
(Optional) Under Role Name, modify the name for the user role.
(Optional) Under Description, enter a description for the user role or modify the current description.
Under Components, expand each list and select the permissions for each of the components. For more information, Role-based Permission Levels for Cortex XDR/XSIAM.
Under Datasets, you have two options for setting the Cortex Query Language (XQL) dataset access permissions for the user role:
Set the user role with access to all XQL datasets by disabling the Enable dataset access management toggle.
Set the user role with limited access to certain XQL datasets by selecting the Enable dataset access management toggle and selecting the datasets under the different dataset category headings.
Click Save.