Predefined User Roles - User Guide - 2 - Cortex XPANSE - Cortex - Security Operations

Cortex Xpanse Expander User Guide

Product
Cortex XPANSE
Version
2
Creation date
2024-08-29
Last date published
2024-11-12
Category
User Guide
Solution
Cloud
Abstract

Use predefined roles to easily assign View and Edit permissions to Expander users.

Cortex Xpanse provides a set of predefined user roles that you can use to assign View and Edit permission to Cortex Xpanse users. Each predefined role extends a specific set of privileges to users. The permissions defined in the predefined roles cannot be changed, but you can save a predefined role as a new role and edit it as needed.

The following tables describe the permissions defined for each of the predefined roles. The tables are organized by section and component, which is how they are displayed in the Roles window at SettingsConfigurationsRoles<Role Name> .

Account Admin

The following table shows the permissions for the predefined role Account Admin.

Section

Component

Permissions

None

View

View/Edit

Dashboards & Reports

Dashboards

-

-

checkmark-n.png

Reports

-

-

checkmark-n.png

Incident Response

Alerts & Incidents

-

-

checkmark-n.png

Query Center

-

-

checkmark-n.png

Personal Query Library

-

-

checkmark-n.png

Playbooks

-

-

checkmark-n.png

Remediation Path Rules

-

-

checkmark-n.png

Attack Surface Rules

-

-

checkmark-n.png

Vulnerability Testing

-

-

checkmark-n.png

Assets

Network Configuration

-

-

checkmark-n.png

Asset Inventory

-

-

checkmark-n.png

Business Unit Overrides

-

-

checkmark-n.png

Websites

-

checkmark-n.png

-

Marketplace

Browse

-

-

checkmark-n.png

Configurations

Auditing

-

checkmark-n.png

-

Alert Notifications

-

-

checkmark-n.png

General Configuration

-

--

checkmark-n.png

Group Management

-

-

checkmark-n.png

Public API

-

-

checkmark-n.png

Incident Properties

-

-

checkmark-n.png

Integrations

-

-

checkmark-n.png

Analyst

The following table shows the permissions for the predefined role Analyst.

Section

Component

Permissions

None

View

View/Edit

Dashboards & Reports

Dashboards

-

-

checkmark-n.png

Reports

-

-

checkmark-n.png

Incident Response

Alerts & Incidents

-

-

checkmark-n.png

Query Center

-

-

checkmark-n.png

Personal Query Library

-

-

checkmark-n.png

Playbooks

-

-

checkmark-n.png

Remediation Path Rules

-

-

checkmark-n.png

Attack Surface Rules

-

-

checkmark-n.png

Vulnerability Testing

-

checkmark-n.png

-

Assets

Network Configuration

-

-

checkmark-n.png

Asset Inventory

-

-

checkmark-n.png

Business Unit Overrides

checkmark-n.png

-

-

Websites

-

checkmark-n.png

-

Marketplace

Browse

-

-

checkmark-n.png

Configurations

Auditing

checkmark-n.png

-

-

Alert Notifications

checkmark-n.png

-

-

General Configuration

-

checkmark-n.png

-

Group Management

checkmark-n.png

--

-

Public API

-

checkmark-n.png

-

Incident Properties

checkmark-n.png

-

-

Integrations

-

-

checkmark-n.png

Group Manager

The following table shows the permissions for the predefined role Group Manager.

Section

Component

Permissions

None

View

View/Edit

Dashboards & Reports

Dashboards

-

-

checkmark-n.png

Reports

-

-

checkmark-n.png

Incident Response

Alerts & Incidents

-

-

checkmark-n.png

Query Center

-

-

checkmark-n.png

Personal Query Library

-

-

checkmark-n.png

Playbooks

-

-

checkmark-n.png

Remediation Path Rules

-

checkmark-n.png

-

Attack Surface Rules

-

checkmark-n.png

-

Vulnerability Testing

-

checkmark-n.png

-

Assets

Network Configuration

--

-

checkmark-n.png

Asset Inventory

-

-

checkmark-n.png

Business Unit Overrides

-

-

checkmark-n.png

Websites

-

checkmark-n.png

-

Marketplace

Browse

-

-

checkmark-n.png

Configurations

Auditing

-

checkmark-n.png

-

Alert Notifications

-

checkmark-n.png

-

General Configuration

-

checkmark-n.png

-

Group Management

-

-

checkmark-n.png

Public API

-

-

checkmark-n.png

Incident Properties

checkmark-n.png

-

-

Integrations

-

checkmark-n.png

-

Instance Administrator

The following table shows the permissions for the predefined role Instance Administrator.

Note

Users with the Instance Administrator role (or custom roles that give the same permissions as Instance Administrator) cannot be restricted using scope-based access control.

Section

Component

Permissions

None

View

View/Edit

Dashboards & Reports

Dashboards

-

-

checkmark-n.png

Reports

-

-

checkmark-n.png

Incident Response

Alerts & Incidents

-

-

checkmark-n.png

Query Center

-

-

checkmark-n.png

Personal Query Library

-

-

checkmark-n.png

Playbooks

-

-

checkmark-n.png

Remediation Path Rules

-

-

checkmark-n.png

Attack Surface Rules

-

-

checkmark-n.png

Vulnerability Testing

-

-

checkmark-n.png

Assets

Network Configuration

--

-

checkmark-n.png

Asset Inventory

-

-

checkmark-n.png

Business Unit Overrides

-

-

checkmark-n.png

Websites

-

checkmark-n.png

-

Marketplace

Browse

-

-

checkmark-n.png

Configurations

Auditing

-

checkmark-n.png

-

Alert Notifications

-

-

checkmark-n.png

General Configuration

-

-

checkmark-n.png

Group Management

-

-

checkmark-n.png

Public API

-

-

checkmark-n.png

Incident Properties

-

-

checkmark-n.png

Integrations

-

-

checkmark-n.png

Privileged IT Admin

The following table shows the permissions for the predefined role Privileged IT Admin.

Section

Component

Permissions

None

View

View/Edit

Dashboards & Reports

Dashboards

checkmark-n.png

-

-

Reports

checkmark-n.png

-

-

Incident Response

Alerts and Incidents

checkmark-n.png

-

-

Query Center

checkmark-n.png

-

-

Personal Query Library

checkmark-n.png

-

-

Playbooks

-

-

checkmark-n.png

Remediation Path Rules

checkmark-n.png

-

-

Attack Surface Rules

checkmark-n.png

-

-

Vulnerability Testing

-

-

checkmark-n.png

Assets

Network Configuration

checkmark-n.png

-

-

Asset Inventory

checkmark-n.png

--

-

Business Unit Overrides

checkmark-n.png

-

-

Websites

checkmark-n.png

-

-

Marketplace

Browse

-

-

checkmark-n.png

Configurations

Auditing

checkmark-n.png

-

-

Alert Notifications

checkmark-n.png

-

-

General Configuration

-

-

checkmark-n.png

Group Management

checkmark-n.png

-

-

Public API

-

-

checkmark-n.png

Incident Properties

checkmark-n.png

-

-

Integrations

-

-

checkmark-n.png

Security Engineer

The following table shows the permissions for the predefined role Security Engineer.

Section

Component

Permissions

None

View

View/Edit

Dashboards & Reports

Dashboards

-

-

checkmark-n.png

Reports

-

-

checkmark-n.png

Incident Response

Incidents and Alerts

-

-

checkmark-n.png

Query Center

-

-

checkmark-n.png

Personal Query Library

-

-

checkmark-n.png

Playbooks

-

-

checkmark-n.png

Remediation Path Rules

-

--

checkmark-n.png

Attack Surface Rules

-

-

checkmark-n.png

Vulnerability Testing

-

-

checkmark-n.png

Assets

Network Configuration

-

checkmark-n.png

-

Asset Inventory

-

checkmark-n.png

-

Business Unit Overrides

checkmark-n.png

-

-

Websites

-

checkmark-n.png

-

Marketplace

Browse

-

checkmark-n.png

-

Configurations

Auditing

checkmark-n.png

-

-

Alert Notifications

checkmark-n.png

-

-

General Configuration

-

checkmark-n.png

-

Group Management

checkmark-n.png

-

-

Public API

-

checkmark-n.png

-

Incident Properties

checkmark-n.png

-

-

Integrations

-

checkmark-n.png

-

Viewer

The following table shows the permissions for the predefined role Viewer.

Section

Component

Permissions

None

View

View/Edit

Dashboards & Reports

Dashboards

-

checkmark-n.png

-

Reports

-

checkmark-n.png

-

Incident Response

Alerts and Incidents

-

checkmark-n.png

-

Query Center

-

checkmark-n.png

-

Personal Query Library

-

checkmark-n.png

-

Playbooks

-

checkmark-n.png

-

Remediation Path Rules

-

checkmark-n.png

-

Attack Surface Rules

-

checkmark-n.png

-

Vulnerability Testing

-

checkmark-n.png

-

Assets

Network Configuration

-

checkmark-n.png

-

Asset Inventory

-

checkmark-n.png

-

Business Unit Overrides

checkmark-n.png

-

-

Websites

-

checkmark-n.png

-

Marketplace

Browse

-

checkmark-n.png

-

Configurations

Auditing

-

checkmark-n.png

-

Alert Notifications

-

checkmark-n.png

-

General Configuration

-

checkmark-n.png

-

Group Management

checkmark-n.png

-

-

Public API

-

checkmark-n.png

-

Incident Properties

checkmark-n.png

-

-

Integrations

-

checkmark-n.png

-