Manage Roles - User Guide - 2 - Cortex XPANSE - Cortex - Security Operations

Cortex Xpanse Expander User Guide
Product
Cortex XPANSE
Version
2
Creation date
2024-03-28
Last date published
2024-04-17
Category
User Guide
Solution
Cloud
Abstract

Cortex Xpanse enables you to manage roles in the Access Management console.

You can manage roles for a Cortex Xpanse tenant using the Access Management console.

On the Roles page, Cortex Xpanse lists the predefined user roles and custom-defined roles. Use roles to assign specific view and action access privileges to administrative user accounts. The way you configure administrative access depends on the security requirements of your organization. The built-in roles provide specific access rights that cannot be changed. The roles you create provide more granular access control.

The following is a description of the different columns in the Roles list view.

  • Role Name—Name of the role.

  • Created By—Displays either the email address of the user who created a custom role or for predefined roles one of the following options is displayed.

    • access-management-pan-icon.png Palo Alto Networks—Predefined role granting user permissions in all tenants.

    • access-management-xdr-icon.png <user email address> —A custom role created in the Cortex Xpanse Expander granting user permission to this specific tenant.

  • Description—Description of the role.

  • Creation Time—Date and time when the role was created. The field is available for only a custom role.

  • Update Time—Date and time of when the role was last updated. The field is available for only a custom role.

  • Custom—Displays a boolean value of either Yes or No to indicate whether the role is a custom role.

When creating a +New Role or editing an existing role, you can set the permissions for all Cortex Xpanse apps and services in the Components section of the Create Role window.

By assigning roles, you enforce the separation of viewing access and initiating actions among functional or regional areas of your organization.

In addition, Cortex Xpanse supports XQL dataset permission enforcement as part of managing roles or specific permissions using role-based access control (RBAC). The Datasets tab of the Create Role window is where you can enable or disable the access permissions for the various datasets listed. The Datasets permissions control the dataset access across the entire product components, as opposed to the Components RBAC tab, which controls access to a specific component. When a dataset component is enabled for a particular role, the Alert and Incidents pages display all the alerts and incidents, where information about the datasets is included. By default, the Enable dataset access management feature is disabled, and users have access to all datasets. Once you enable this feature, you need to define for each dataset type the access permissions you want to grant for the role.

  1. Select SettingsConfigurationsAccess ManagementRoles.

  2. Manage your Cortex Xpanse roles.

    Cortex Xpanse displays the roles available on your tenant. .

    In the Roles list view, the following options are available to help you manage roles.

    • Create a custom role based on a predefined user role.Predefined User Roles .Predefined User Roles

      1. Locate the predefined role that you want to base your custom role on, right-click, and select Save As New Role.

      2. Specify a Role Name and update the Description.

      3. In the Components tab, where the components are listed according to the sidebar navigation in Cortex Xpanse , update the role permissions for each Cortex Xpanse component to None, View, or View/Edit. Some components have an additional actions level to define.

        Note

        Users with a custom role that give the same permissions as Instance Administrator cannot be restricted using scope-based access control.

      4. In the Datasets tab, the Enable dataset access management permissions feature is disabled by default, and the user role has access to all datasets. By default, even if you are basing your role on a preexisting role with access to datasets, access management permissions are disabled unless you enable them. Once you enable this feature, you need to define for each dataset type the access permissions you want to grant for the role in any of the following ways, where the options differ depending on the dataset type.

        -Select Access All to enable this role to access all datasets that currently exist for this dataset type.

        -Select Future datasets to enable this role to access all datasets that will be created in the future for this dataset type.

        -Select access to choose the specific datasets that you want this role to be able to access for this dataset type. By default, the specific datasets are displayed. If not, select the expander icon (>) beside the dataset type to display the datasets that currently exist for this dataset type.

        To help you easily know whether the Enable dataset access management permissions feature is enabled or disabled without having to open the tab, the tab either displays as Datasets (Disabled) or Datasets (Enabled).

      5. Create the role.

    • Create and save a new role.

      1. Select New Role.

      2. Specify a Role Name and Description.

      3. In the Components tab, where the components are listed according to the sidebar navigation in Cortex Xpanse , update the role permissions for each Cortex Xpanse component to None, View, or View/Edit. Some components have an additional action level to define.

      4. In the Datasets tab, the Enable dataset access management permissions feature is disabled by default, and the user role has access to all datasets. By default, even if you are basing your role on a preexisting role with access to datasets, access management permissions are disabled unless you enable them. Once you enable this feature, you need to define for each dataset type the access permissions you want to grant for the role in any of the following ways, where the options differ depending on the dataset type.

        -Select Access All to enable this role to access all datasets that currently exist for this dataset type.

        -Select Future datasets to enable this role to access all datasets that will be created in the future for this dataset type.

        -Select access to choose the specific datasets that you want this role to be able to access for this dataset type. By default, the specific datasets are displayed. If not, select the expander icon (>) beside the dataset type to display the datasets that currently exist for this dataset type.

        To help you easily know whether the Enable dataset access management permissions feature is enabled or disabled without having to open the tab, the tab either displays as Datasets (Disabled) or Datasets (Enabled).

      5. Create the role.

    • Edit role permissions (only available for roles created in the tenant).

      1. Locate the custom role you want to edit, right-click, and select Edit Role.

      2. In the Components tab of the Edit Role window, where the components are listed according to the sidebar navigation in Cortex Xpanse , update the role permissions for each Cortex Xpanse component to None, View, or View/Edit. Some components have an additional action level to define.

      3. In the Datasets tab, you can enable and disable dataset access permissions for the various datasets listed as required.

      4. Edit the role.