Step 4. Set up users and roles - Administrator Guide - 8.5 - Cortex XSOAR - Cortex - Security Operations

Cortex XSOAR On-prem Documentation

Product
Cortex XSOAR
Version
8.5
Creation date
2024-03-10
Last date published
2024-11-28
Category
Administrator Guide
Solution
On-prem
Abstract

View the permissions, and predefined roles in Cortex XSOAR On-prem

Cortex XSOAR uses role-based access control (RBAC) to manage roles with specific permissions for controlling user access. RBAC helps manage access to Cortex XSOAR components, so that users, based on their roles, are granted the minimal access required to accomplish their tasks.

Task 1. Create roles

Roles enable you to define permissions for specific components, such as incident data, playbooks, scripts, and jobs. For example, you can create a role that allows users to edit the properties of incidents, but not delete incidents. You can create new roles or customize out-of-the-box roles.

If you assign one or more roles to an incident, only users with those roles can view and interact with the incident. For example, you might have an incident with sensitive data that should only be accessible to Tier-1 analysts and managers.

Roles can also be used to define permissions for integration commands. On the Integration Permissions page, you can assign roles to specific integration instances (all commands for that instance) or specific integration instance commands. For example, you could assign the Generic Export Indicators Service integration instance the Account Admin role, or you could restrict certain commands in the Core Rest API to a specific role. For more information, see Integration Permissions.

  1. Review out-of-the-box roles and role-based permissions.

  2. Create a role.

For more information about out-of-the-box roles, permissions, and how to create roles, see Roles management.

Task 2. User groups

While roles can be assigned directly to users, we recommend instead creating user groups. Each user group has a single role associated with it, but each user group can contain multiple users and user groups can be nested within each other, enabling you to further refine your RBAC requirements. Users can belong to multiple user groups.

For more information about user groups and how to create them, see User group management.

After adding users, assign users to user groups or assign users to direct roles.

Authentication

You can create users locally or by using SAML Single Sign-On (SSO) in the tenant. After you create users, they authenticate by either:

  • Using a username and password

  • Using SSO

For more information about setting up authentication, see Set up authentication.

Manage users

You can manage users including resetting passwords, sending invitations, and removing users.

By default, users do not have roles assigned and do not automatically have access to tenant data until you assign them a role or add them as members of a user group that has an assigned role.

For more information about how to manage users, see User management.User management