User access reference information - Administrator Guide - Cortex XSIAM - Cortex - Security Operations

Cortex XSIAM Documentation

Cortex XSIAM
Creation date
Last date published
Administrator Guide

The following is a list of common fields on the Users page:



Show User Subset

Displays all users except for hidden users.

User Type

Indicates whether a user was defined in Cortex XSIAM using the Customer Support Portal, SSO (single sign-on) using your organization’s IdP, or both Customer Support Portal/SSO.

Direct XDR Role

Name of the role specifically assigned to a user. When a user does not have any Cortex XSIAM access permissions assigned specifically to them, the field displays No-Role.


Lists the groups to which a user belongs. Any group that was imported from Active Directory displays AD beside the group name.

If a user group has scoping permissions, the users in the group are granted permissions according to the user group settings, even if the user does not have configured scope settings.

Group Roles

Lists the group roles based on the groups to which a user belongs. Hovering over the group role displays the group associated with this role.


Only visible if Scope-Based Access Control is enabled for the tenant.

Lists the scope assigned to the user either directly or through a group, based on tags. The family includes the tag types and the related tags of the selected family.