Integration permissions enable you to restrict running commands to specific roles in integrations.
You can use role-based access control (RBAC) to restrict running commands to specific roles at the integration instance level. If you have multiple instances of the same integration, you can assign different roles (permission levels) for the same command in each instance.
For example, you may want limit the roles that can run potentially harmful commands, such as in Cortex XDR you may want to allow only certain roles to isolate endpoints.
Users who do not have permission to run a command cannot do the following:
Run the command from the CLI.
Complete pending tasks in a Work Plan that uses the restricted command.
Edit arguments for playbook tasks that use the restricted command.
Select the command when editing a playbook.
Leverage the restricted command when executing a reputation command, such as IP, Domain, and File.
If you have multiple instances of the same integration, you can assign different roles (permission levels) for the same command in each instance.
Note
To restrict access to integrations (not just commands), see Role-based permissions in Cortex XSOAR.
To view or edit integration permissions:
Go to
→ → → .You can see a list of all enabled integrations.
Select the integration.
You can see the following:
INSTANCE: Lists all instances for the integration.
COMMANDS: Lists all commands for the integration.
PERMITTED ROLES: Lists the roles that have permission to run the command. Default is No Restrictions.
For a specific command, restrict the roles that can run the command.
Go to the relevant command.
Click Edit.
In the PERMITTED ROLES, column, select the roles that you want to allow running the command.
Save the integration permissions.