Credentials permissions - Configure Credential permissions (under Integrations). - Administrator Guide - Cortex XSIAM - Cortex

Credentials permissions - Configure Credential permissions (under Integrations). - Administrator Guide - Cortex XSIAM - Cortex - Security Operations

Cortex XSIAM 3.x Documentation

Product

Cortex XSIAM

Creation date

2025-07-15

Last date published

2026-06-11

Note

To view the Credentials page, users require the following view permissions:

Integrations
Data Sources
External Issue Mapping

Without these permissions, users can't view the Credentials page.

For more information, see Manage credentials

Permission	Description	Role Example
View	Enables backend API read access to credential sets (e.g., for automation or API-based workflows). If users have access to the Credentials page, they can view a list of stored credential sets and their names. Users can't create, modify, or delete credential sets.	SOC Tier-1, 2, and 3 Analysts: May need to verify credential status/credential configurations. Threat Hunter: Verify integration authentication.
View/Edit	If users have access to the Credentials page, they can manage credential sets, including creating, deleting, and editing credentials.	Security Engineer: Manage integration credentials.

Permission

Description

Role Example

View

Enables backend API read access to credential sets (e.g., for automation or API-based workflows).

If users have access to the Credentials page, they can view a list of stored credential sets and their names. Users can't create, modify, or delete credential sets.

SOC Tier-1, 2, and 3 Analysts: May need to verify credential status/credential configurations.
Threat Hunter: Verify integration authentication.

View/Edit

If users have access to the Credentials page, they can manage credential sets, including creating, deleting, and editing credentials.

Security Engineer: Manage integration credentials.

Credentials often serve as dependencies for other automation and integration tasks. Consider adding these permissions:

Permission	Permission Level	Reason
Integrations	View or View/Edit	View: Core permission to access the Credentials page. Required. View/Edit: Highly Recommended. Users who manage credentials typically also need to configure integration instances that reference those credentials.
Data Sources	View	View: Core permission to access the Credentials page. Required.
External Issue Mapping	View	View: Core permission to access the Credentials page. Required.
Playbooks	Enabled	Strongly recommended to view integrations that use the stored credentials.
Scripts	Enabled	Strongly recommended to view scripts that may use credentials for external API calls.
Marketplace	View	Recommended. Allows browsing and installing integration content packs from the Marketplace, which may include integrations that use credential sets.
Audit	View	Recommended to track credential creation, modification, and usage for security compliance.