Manage user access - Administrator Guide - Cortex XSIAM - Cortex - Security Operations

Cortex XSIAM Documentation

Product
Cortex XSIAM
Creation date
2024-03-06
Last date published
2024-05-22
Category
Administrator Guide
Abstract

Manage access permissions for Cortex XSIAM users.

Manage access permissions for Cortex XSIAM users.

Update a user's role, add a user to a user group, and view permissions based on the role and user groups assigned to the user.

If Scope-Based Access Control (SBAC) is enabled for the tenant, you can use specific tags to assign user permissions. For more information, see Manage user scope.

Note

You can only reduce the permissions of an Account Admin user via the Cortex Gateway.

  1. Select SettingsConfigurationsAccess ManagementUsers.

  2. Right-click the relevant user, and select Update User.

    Tip

    To apply the same settings to multiple users, select them, and then right-click and select Update User.

  3. Under Role, select the default or custom role.

  4. (Optional) Under User Groups, add the user to a group.

  5. (Optional) Under Show Accumulated Permissions:

    1. Do one of the following:

      • Select all to view the combined permissions for every role and user group assigned to the user.

      • Select a specific role assigned to the user to view the available permissions for that role.

    2. Under Components, expand each list to view the permissions.

  6. (Optional) If Scope-Based Access Control is enabled for the tenant, click Scope and select a tag family and the corresponding tags.

  7. Click Save.

Use a CSV file to import users who belong to a Customer Support Portal account, and assign them roles that are defined in Cortex XSIAM. You can use the CSV template provided in Cortex XSIAM, or prepare a CSV file from scratch.

  1. Select SettingsConfigurationsAccess ManagementUsers.

  2. Click Import Multiple User Roles.

  3. Do one of the following:

    • To use the CSV template, click Download example file, and replace the example values with your values.

    • Prepare a CSV file from scratch. Make sure the file includes these columns:

      • User email: Email address of the user belonging to a Customer Support Portal account, for example, john.smith1@exampleCompany.com.

      • Role name: Name of the role that you want to assign to this user, for example, Privileged Responder. The role must already exist in Cortex XSIAM.

      • Is an account role: A boolean value that defines whether the user is designated with an Account Admin role in the Cortex Gateway. Set the value to TRUE; otherwise, the value is set to FALSE (default).

  4. Locate the file and drag it to the dialog box.

  5. Click Import.

View all of the permissions currently assigned to a user.

  1. Select SettingsConfigurationsAccess ManagementUsers.

  2. Right-click the relevant user, and select Update User.

    Tip

    To apply the same settings to multiple users, select them, and then right-click and select Update User.

  3. Under Show Accumulated Permissions, do one of the following:

    • Select all to view the combined permissions for every role and user group assigned to the user.

    • Select a specific role assigned to the user to view the available permissions for that role.

  4. Under Components, expand each list to view the permissions.

There might be instances where you want to hide a user from the list of users, for example, a user that has a Customer Support Portal Super User role but isn't active on your Cortex XSIAM tenant. Once you hide a user, they will no longer be displayed in the list of users when Show User Subset is selected on the Users page.

  1. Select Settings+Configurations+Access Management+Users.

  2. Right-click the relevant user, and select Hide User.

  1. Select Settings+Configurations+Access Management+Users.

  2. Right-click the relevant user, and select Update User.

    Tip

    To apply the same settings to multiple users, select them, and then right-click and select Update User.

  3. Under User Groups, add the user to a group.

  4. Click Save.

You cannot deactivate a user who has an Account Admin role.

  1. Select Settings+Configurations+Access Management+Users.

  2. Right-click the relevant user, and select Deactivate User.

  3. Click Deactivate.

You cannot remove a user who has an Account Admin role.

  1. Select Settings+Configurations+Access Management+Users.

  2. Right-click the relevant user, and select Remove User Role.

  3. Click Remove.