Manage Roles - Administrator Guide - 8 - Cortex XSOAR - Cortex - Security Operations

Cortex XSOAR Administrator Guide

Product
Cortex XSOAR
Version
8
Creation date
2023-11-02
Last date published
2024-04-11
Category
Administrator Guide
Solution
Cloud
Abstract

Understand and manage roles in Cortex XSOAR, including predefined roles - Instance Administrator, Analyst, and Read-Only.

A role is a set of permissions that determine which actions and resources users within that role are granted access to in Cortex XSOAR. Users are assigned to at least one role, depending on their required level of access.

In the Roles page, you can view the predefined and custom defined user roles. Use roles to assign specific view and action access privileges. The way you configure access depends on the security requirements of your organization. When clicking on the role, you can view the permissions that you have assigned to the role. If you right click on a role, you can do the following:

  • Copy the role by saving as a new role

  • Edit the role

  • Remove the role

  • Copy text to clipboard

  • Copy an entire row

Note

If the role refers to being created by a Palo Alto Networks it is a predefined role.

When you create or edit a role, you can add permissions and permission levels, define shift periods, set default dashboards, etc.

Cortex XSOAR has the following predefined roles:

Role

Default Permissions

Instance Administrator

View/Edit permissions for all components and access to all pages.

Instance Administrators have the same permissions as Account Admin. Account Admin is the role assigned in the CSP and has access to all Cortex XSOAR instances and not just limited to one Cortex XSOAR tenant.

Analyst

Mix of View and View/Edit permissions for all components and access to all pages.

Read-Only

Read permissions for all components and access to all pages.

The predefined roles provide specific access rights that cannot be changed.

Permissions

You can assign the following permissions to various components in Cortex XSOAR:

Permission

Description

None

No access to the specified component.

View

Can view but not edit the specified component.

View/Edit

Can view and edit the specified component.

Permission Levels

You can set permission levels for each component, such as incidents, indicators, jobs, scripts, etc. For more information, see Role-based Permission Levels.