Access management permissions - Configure access to the tenant's user administration and authentication settings. - Administrator Guide - Cortex XSIAM - Cortex

Access management permissions - Configure access to the tenant's user administration and authentication settings. - Administrator Guide - Cortex XSIAM - Cortex - Security Operations

Cortex XSIAM 3.x Documentation

Product

Cortex XSIAM

Creation date

2025-07-15

Last date published

2026-06-16

Caution

SSO Configuration Risk: Granting View/Edit access allows users to modify the tenant's Single Sign-On (SSO) and authentication settings. Misconfigurations can cause tenant-wide lockouts. Ensure only authorized identity or infrastructure administrators hold this permission.
Auditing is Mandatory: It is highly recommended that any user managing access also has visibility into the Auditing module to track changes.
IT Admin: Unlike other modules, IT Admins require full View/Edit access here for user provisioning and SSO duties.

Permission	Description	Roles Example
None	No access to Access Management.	SOC Tier-1 and 2 Analysts and Threat Hunter: No need to manage users or roles.
View	Read-only access to users, roles, and groups.	SOC Tier-3 Analyst: May need to understand team structure. Security Engineer: Should understand role structure but not manage users
View/Edit	Full access to create, modify, and delete users, roles, and groups, including configuring SSO settings.

Consider adding the following permissions:

Permission	Permission Level	Reason
Auditing	View	Track user and role changes for compliance; critical for access control audit trails. Strongly recommended.
Cases & Issues	View	Understand case workflows when configuring role permissions for case management. Recommended.
General Configuration	View	System settings context when managing platform access. Recommended.
Dashboards	Enabled	View user activity dashboards and access patterns. Recommended.
Query Center	View	Query user activity data for access reviews. Recommended.