The self service read-only users feature provides users who do not have an account and at least one role mapped in Cortex XSOAR the ability to access Cortex XSOAR in a very limited capacity.
Self service read-only users can:
View their own incidents
Add notes and attachments to their incidents
View the dashboards created for them by the administrator
An example of an incident that a self-service read-only user could create is to report that they lost their laptop.
Self-service read-only users can only view their own data. They cannot:
start an investigation
create dashboards or reports
change anything in incidents they create
To create notes, the self-service read-only user must mark the
Mark as a note option.
It is recommended, but not required, that self-service read-only users have an existing account in the company’s enterprise directory and Cortex XSOAR is configured to authenticate and authorize read-only users using the same enterprise directory with LDAP, AD, or SAML authentication protocols.
A user is considered as a self-service read-only user if the user has no role associated with the Cortex XSOAR users settings.
To enable the self-service read-only user feature, Cortex XSOAR administrators need to:
Set server configuration parameters to:
Allow authenticated users without roles to access the home page.
Define the list of dashboards such users have access to.
Create self-service read-only incident types. Since self-service read-only users cannot initiate an investigation, the playbooks associated with these incident types should run automatically.
Create self-service read-only users if no enterprise directory is configured with Cortex XSOAR.
Create incident layouts for self-service read-only users and allow self-service read-only users to access the incidents tabs containing such layouts.
Create and share dashboards for self-service read-only users.