Configure roles in the Cortex tenant or Cortex Gateway.
You can assign the following permissions to various components in Cortex:
Permission | Description |
---|---|
None | No access to the specified component. |
View | View, but not edit the specified component. |
View/Edit | View and edit the specified component. |
Out-of-the-box roles
Cortex products include the following out-of-the-box roles:
Role | Type | Description |
---|---|---|
Account Admin | Predefined | A super user role that is assigned directly to the user in Cortex Gateway or tenant and has full access to all Cortex products in your account, including all tenants added in the future. In Cortex Gateway, the Account Admin can assign roles for Cortex instances, and can also activate Cortex tenants specific to the product. This user has the same view/edit permissions in the tenant as the Instance Administrator. NoteThe user who activated the Cortex product is assigned the Account Admin role. You can add the role to a user in Cortex Gateway or the tenant. If you need to remove the Account Admin role from a user, this can only be done in Cortex Gateway. Only users with the Account Admin role can add or remove another Account Admin user role. You cannot edit this role. You can copy the role by saving it as a new role and then change permissions. |
Instance Administrator | Predefined | View/edit permissions for all components and access to all pages in the Cortex tenant. The Instance Administrator can also assign the Instance Administrator role to other users on the tenant. If the application has predefined or custom roles, the Instance Administrator can assign those roles to other users. You cannot edit this role. You can copy the role by saving it as a new role and then change permissions. |
Analyst | Custom | A mix of view and view/edit permissions for all components and access to all pages in the Cortex tenant. Cortex products comes out-of-the-box with the following Analyst roles:
|
Read-Only | Custom | Read permissions for all components and pages in the Cortex tenant. Cortex products comes out-of-the-box with the following Read-Only roles:
|
Note
By default, users do not have roles assigned. If no direct or user group role has been assigned, users have no permission to view or edit data in the Cortex tenant.
Next steps
Create roles or customize existing roles (recommended) in Cortex Gateway or the Cortex tenant.
Before you start creating or customizing roles, do the following:
Review the Role-based permissions in Cortex XSOAR topic.
Decide where you want to create roles (Cortex Gateway, the tenant, or both).
Any roles and user groups created in Cortex Gateway are available for all tenants. In the Cortex tenant, all roles created in the tenant are specific to the tenant. Advanced settings such as default dashboards/queries and shifts can only be defined at the tenant level. Only user groups created on the tenant can be mapped to SAML groups when using SAML SSO.
Decide whether you want to assign roles to users directly or through membership in user groups (recommended) in Cortex Gateway or the Cortex tenant.