Set up and configure roles and user groups in Cortex XSOAR. Configure authentication, and manage and create users.
Cortex uses role-based access control (RBAC) to manage roles with specific permissions for controlling user access. RBAC helps manage access to components, so that users, based on their roles, are granted the minimal access required to accomplish their tasks.
Roles
Roles enable you to define permissions for specific components, such as incident data, playbooks, scripts, and jobs. For example, you can create a role that allows users to edit the properties of incidents, but not delete incidents. You can create new roles or customize out-of-the-box roles.
If you assign one or more roles to an incident, only users with those roles can view and interact with the incident. For example, you might have an incident with sensitive data that should only be accessible to Tier-1 analysts and managers.
Roles can also be used to define permissions for integration commands. On the
page, you can assign roles to specific integration instances (all commands for that instance) or specific integration instance commands. For example, you could assign the integration instance the Account Admin role, or you could restrict certain commands in the to a specific role. For more information, see Integration Permissions.User groups
While roles can be assigned directly to users, we recommend instead creating user groups. Each user group has a single role associated with it, but each user group can contain multiple users and user groups can be nested within each other, enabling you to further refine your RBAC requirements. Users can belong to multiple user groups.
Nested roles
Cortex XSOAR 8 uses group nesting, where the group with higher permissions includes the permissions of the group with lower permissions, but as a subset of the group with lower permissions. For example, the Admin user group is included as a subset of the Analyst user group, as shown in the following graphic. The Admin role includes the permissions of the Analyst role, the same as in Cortex XSOAR 6.
For example, Content Developer and Analyst user groups include Employee user group permissions, and are nested in the Employee user group.
Authentication
You can create users locally or by using SAML Single Sign-On (SSO) in the tenant. After you create users, they authenticate by either:
Using a username and password
Using SSO
Manage users
You can manage users including resetting passwords, sending invitations, and removing users.
By default, users do not have roles assigned and do not automatically have access to tenant data until you assign them a role or add them as members of a user group that has an assigned role.