Configure integration permissions - Administrator Guide - 8.5 - Cortex XSOAR - Cortex - Security Operations

Cortex XSOAR On-prem Documentation

Product
Cortex XSOAR
Version
8.5
Creation date
2024-03-10
Last date published
2024-11-28
Category
Administrator Guide
Solution
On-prem
Abstract

Integration permissions enable you to assign permissions to commands in integrations. Use role-based access control (RBAC) to assign commands.

You can use role-based access control (RBAC) to assign commands at the integration instance level. If you have multiple instances of the same integration, you can assign different roles (permission levels) for the same command in each instance.

Users who do not have permission to run a command, cannot do the following:

  • Run the command from the CLI.

  • Complete pending tasks in a Work Plan that uses the restricted command.

  • Edit arguments for playbook tasks that use the restricted command.

  • Select the command when editing a playbook.

  • Leverage the restricted command when executing a reputation command, such as IP, Domain, and File.

Note

To restrict access to integrations (not just commands), see Role-based permissions.

To view or edit integration permissions:

  1. Go to Settings & InfoSettingsIntegrationsIntegration Permissions.

    You can see a list of all enabled integrations.

  2. Select the integration.

    You can see the following:

    • INSTANCE: Lists all instances for the integration.

    • COMMANDS: Lists all commands for the integration.

    • PERMITTED ROLES: Lists the roles you can assign to the command.

  3. If you want to limit a command to a role, do the following:

    You may want limit potentially harmful commands, such as in Cortex XDR you may want to limit the ability to isolate endpoints.

    1. Click Edit.

    2. Go to the relevant command.

    3. In the PERMITTED ROLES, column, select the roles that you want to limit.

  4. Save the integration permissions.