Agentic Assistant role-based access control - Configure permissions to access Cortex Agentic Assistant features. - Administrator Guide - Cortex XSIAM - Cortex

Agentic Assistant role-based access control - Configure permissions to access Cortex Agentic Assistant features. - Administrator Guide - Cortex XSIAM - Cortex - Security Operations

Cortex XSIAM 3.x Documentation

Product

Cortex XSIAM

Creation date

2025-07-15

Last date published

2026-06-11

Category

Administrator Guide

Abstract

Configure permissions to access Cortex Agentic Assistant features.

Instance and Account admins have full control over the permissions and access that users have to the Cortex Agentic Assistant. Cortex XSIAM uses role-based access control (RBAC) to manage access to the chat, as well as access to view, create, edit, delete, disable, and enable Agents and Actions in the Agents Hub.

By default, Instance and Account admins have full view/edit permissions enabled. When editing or creating other roles, in the Cortex Agentic Assistant → Agents section, you can select the following:

Permission	Description
View/Edit	When selected (and nothing else is checked in this section), the user role can only see actions and public agents in the Agents Hub, but cannot interact with agents. You can also select the following permissions: Interact with agents: Users can trigger Agents in the Cortex Agentic Assistant. Users can access their own agents, public agents and system agents. Manage actions: Users can view, create, update, and delete actions. Manage agents: Users can view, create, update, and delete their own custom agents. Agents admin: Users can view, create, update, and delete all actions and agents. Users can enable or disable system actions and agents.
View	N/A
None	The user role does not see any agents and can’t use the chat. The Agents Hub is not visible to the user. Cortex Agentic Assistant is only available for navigation and insights.

Permission

Description

View/Edit

When selected (and nothing else is checked in this section), the user role can only see actions and public agents in the Agents Hub, but cannot interact with agents.

You can also select the following permissions:

Interact with agents: Users can trigger Agents in the Cortex Agentic Assistant. Users can access their own agents, public agents and system agents.
Manage actions: Users can view, create, update, and delete actions.
Manage agents: Users can view, create, update, and delete their own custom agents.
Agents admin: Users can view, create, update, and delete all actions and agents. Users can enable or disable system actions and agents.

View

N/A

None

The user role does not see any agents and can’t use the chat. The Agents Hub is not visible to the user. Cortex Agentic Assistant is only available for navigation and insights.

Note

Agents are limited by the individual permissions of the user. For example, if users do not have sufficient permissions to isolate an endpoint, they cannot use an agent to isolate an endpoint.

The execution of system or custom actions that are based on integration commands can be restricted to specific roles using integration permissions.