Roles management - Administrator Guide - 8 - Cortex XSOAR - Cortex - Security Operations

Cortex XSOAR Cloud Documentation

Product
Cortex XSOAR
Version
8
Creation date
2024-03-07
Last date published
2024-11-28
Category
Administrator Guide
Solution
Cloud
Abstract

Configure roles in the Cortex tenant or Cortex Gateway.

You can assign the following permissions to various components in Cortex:

Permission

Description

None

No access to the specified component.

View

View, but not edit the specified component.

View/Edit

View and edit the specified component.

Out-of-the-box roles

Cortex products include the following out-of-the-box roles:

Role

Type

Description

Account Admin

Predefined

A super user role that is assigned directly to the user in Cortex Gateway or tenant and has full access to all Cortex products in your account, including all tenants added in the future. In Cortex Gateway, the Account Admin can assign roles for Cortex instances, and can also activate Cortex tenants specific to the product. This user has the same view/edit permissions in the tenant as the Instance Administrator.

Note

The user who activated the Cortex product is assigned the Account Admin role.

You can add the role to a user in Cortex Gateway or the tenant. If you need to remove the Account Admin role from a user, this can only be done in Cortex Gateway.

Only users with the Account Admin role can add or remove another Account Admin user role.

You cannot edit this role. You can copy the role by saving it as a new role and then change permissions.

Instance Administrator

Predefined

View/edit permissions for all components and access to all pages in the Cortex tenant. The Instance Administrator can also assign the Instance Administrator role to other users on the tenant. If the application has predefined or custom roles, the Instance Administrator can assign those roles to other users.

You cannot edit this role. You can copy the role by saving it as a new role and then change permissions.

Analyst

Custom

A mix of view and view/edit permissions for all components and access to all pages in the Cortex tenant.

Cortex products comes out-of-the-box with the following Analyst roles:

  • gateway-analyst.png Analyst role created in Cortex Gateway.

    This role applies to all tenants.

    In the Cortex tenant, you cannot edit this role, apart from changing advanced settings such as default dashboards.

    In Cortex Gateway, you can change permissions, apart from advanced settings. You can also delete the role (if not assigned to a user).

  • tenant-analyst.png Analyst role created in the tenant.

    This role is specific to the tenant. You can edit all permissions and delete the role (if not assigned to a user) in the tenant and Cortex Gateway. In Cortex Gateway, you cannot change advanced settings.

Read-Only

Custom

Read permissions for all components and pages in the Cortex tenant.

Cortex products comes out-of-the-box with the following Read-Only roles:

  • gateway-analyst.png Read-Only role created in Cortex Gateway.

    This role applies to all tenants.

    In the Cortex tenant, you cannot edit this role, apart from changing advanced settings such as default dashboards.

    In Cortex Gateway, you can change permissions, apart from advanced settings. You can also delete the role (if not assigned to a user).

  • tenant-analyst.png Read-Only role created in the tenant.

    This role is specific to the tenant. You can edit all permissions and delete the role (if not assigned to a user) in the tenant and Cortex Gateway. In Cortex Gateway, you cannot change advanced settings.

Note

By default, users do not have roles assigned. If no direct or user group role has been assigned, users have no permission to view or edit data in the Cortex tenant.

Next steps

Create roles or customize existing roles (recommended) in Cortex Gateway or the Cortex tenant.

Before you start creating or customizing roles, do the following:

  • Review the Role-based permissions in Cortex XSOAR topic.

  • Decide where you want to create roles (Cortex Gateway, the tenant, or both).

    Any roles and user groups created in Cortex Gateway are available for all tenants. In the Cortex tenant, all roles created in the tenant are specific to the tenant. Advanced settings such as default dashboards/queries and shifts can only be defined at the tenant level. Only user groups created on the tenant can be mapped to SAML groups when using SAML SSO.

  • Decide whether you want to assign roles to users directly or through membership in user groups (recommended) in Cortex Gateway or the Cortex tenant.