RBAC permission levels for Cortex XSOAR components, including investigations, jobs, scripts, playbooks, and settings. Category permission levels for user roles.
When editing or creating new roles, you can set permission levels (RBAC) for specific components (such as playbooks, scripts, jobs, etc.) and set page access, define shifts, etc.
You can only create, edit, copy, or delete a role if you have administration (Instance/Account) permissions. You cannot change the Instance Administrator role permission.
The Components Tab
Sets the permission level generally for data related to investigations, dashboards, and reports. If you select none, the user role cannot view and edit incidents, indicators, dashboards, and reports.
When View/Edit is selected, you can limit the following permissions:
If you want to enable chat in the War Room, but exclude permissions for everything else, you should give the role View/Edit permissions under Collected Data but remove all other granular data permissions. Also remove permissions in Integrations (under Settings). This leaves the role with access to chat only.
Limits permissions when editing, creating, or deleting an indicator in an exclusion list.
Limits permissions for creating, editing and deleting playbooks.
You can also add, change, and remove roles from a playbook when clicking Settings in the Playbooks page.
Limits permissions for managing scripts. If the role has read/write permissions, you can enable user roles to create scripts that run as a Super User.
In the Scripts page, you can define which roles are permitted to run a script, and according to which role the script executes.
Limits permissions for managing jobs. Roles that have read permissions to content items, retain partial read access. If you do not want to retain partial read access, set the permission to none.
You can set the following permissions for Marketplace.
You can set the permission level according to the following:
Select the pages you want the user role to have access.
If you select None in the Data section, even though you allow page access, the user role cannot access those pages. For example, if you allow page access to Dashboards, but DATA is set to none, the user role cannot access the Dashboards page.
The Advanced Tab
Select the default dashboards for each role. If a user has not modified their dashboard, these dashboards are added automatically, otherwise users can add these dashboards to their existing dashboards.
PRE-SET ROLE QUERIES
Select the Preset Query per Role for each of the available components.
To define a shift period to the role, click Add Shift.
Weekly shifts start on Sunday and are specified in the UTC time zone.