A user role is a set of role permissions. A role permission grants an administrator the ability to perform certain actions - e.g., add or remove an attachment from an existing incident, create a triggered alert rule, create or close an incident, etc. Roles are assigned to administrator profiles, which are, in turn, assigned to administrators. For more details on creating administrators and administrator profiles, see the section Administrators.
To create a role and assign certain permissions to it, follow these steps:
Task |
Description |
---|---|
Step 1. Create a role. |
In the User roles section, click Add and provide a name and description for the new role. |
Step 2. Add the desired permissions to the role just created. |
In the Role permissions section, select the desired permission, and click Add to add it to the role created earlier. |
The following role permissions can be added for users:
Name |
Description |
---|---|
Assignable user |
Users with this permission may be assigned to incidents. An assignee can be added during the creation or editing of an incident. |
Assign incidents |
The ability to assign incidents to other people. An assignee can be added during the creation or editing of an incident. |
Close incidents |
The ability to close an incident. It can often be a useful arrangement when developers resolve incidents and testers close them. You can close an incident in the Incidents --> <INC-N:Incident name> tab, where N is the ordinal number of the incident. An incident can only be closed from the states for which a transition to the "Closed" state is configured in the incident schema. For more details, see Incident Settings. |
Create incidents |
The ability to create incidents. Incidents can be created manually in the Incidents --> Incidents log tab or automatically when an analytics rule is triggered. For more details on how to create incidents, see the section Creating Security Incidents. |
Edit incidents |
The ability to edit incidents. You can edit an incident in the Incidents --> <INC-N:Incident name> tab, where N is the ordinal number of the incident. For more details, see the section Incident Details. |
Reopen incidents |
The ability to reopen incidents. You can reopen an incident in the Incidents --> <INC-N:Incident name> tab, where N is the ordinal number of the incident. |
Edit watchers |
The ability to add and remove watchers. Incident watchers can be added during the creation or editing of an incident. |
Add comments |
The ability to comment on incidents. You can comment on an incident in the Incidents --> <INC-N:Incident name> tab, where N is the ordinal number of the incident, in the Activity section. |
Delete all comments |
The ability to delete any comments made on incidents. You can view the comments for an incident in the Incidents --> <INC-N:Incident name> tab, where N is the ordinal number of the incident, in the Activity section. |
Delete own comments |
The ability to delete own comments made on incidents. You can view the comments for an incident in the Incidents --> <INC-N:Incident name> tab, where N is the ordinal number of the incident, in the Activity section. |
Edit all comments |
The ability to edit all comments made on incidents. You can view the comments for an incident in the Incidents --> <INC-N:Incident name> tab, where N is the ordinal number of the incident, in the Activity section. |
Edit own comments |
The ability to edit own comments made on incidents. You can view the comments for an incident in the Incidents --> <INC-N:Incident name> tab, where N is the ordinal number of the incident, in the Activity section. |
Create attachments |
The ability to create attachments to incidents. Attachments can be added to an incident in the Incidents tab during the creation or editing of the incident. The attachments are displayed in the Incidents --> <INC-N:Incident name> tab, where N is the ordinal number of the incident, in the Attachments section. |
Delete all attachments |
The ability to delete all attachments. The incident's attachments are displayed in the Incidents --> <INC-N:Incident name> tab, where N is the ordinal number of the incident, in the Attachments section. |
Delete own attachments |
The ability to delete own attachments. The incident's attachments are displayed in the Incidents --> <INC-N:Incident name> tab, where N is the ordinal number of the incident, in the Attachments section. |
Edit observables |
The ability to create and edit observables. Observables can be added in the Incidents --> <INC-N:Incident name> tab, where N is the ordinal number of the incident, in the Observables section. For more details on observables, see the section Incident Details. |
Update enrichments |
The ability to update observables' enrichments. The list of external enrichment services is available in the Libraries --> External enrichment services section of the General settings tab. For more details on external enrichment services, see the section External Enrichment Services. |
Generate report |
The ability to generate and download/send reports. Incident reports can be created in the Incidents --> <INC-N:Incident name> tab, where N is the ordinal number of the incident. For more details, see the section Incident Details. |
Add triggered alerts/logs to incident |
The ability to add triggered alerts/logs in to the incident. Logs can be added in the Incidents --> <INC-N:Incident name> tab, where N is the ordinal number of the incident, in the Logs section. For more details on logs and triggered alerts, see the sections Analytics Search and Triggered Alerts, respectively. |
Remove all triggered alerts/logs from incident |
The ability to remove all triggered alerts/logs from the incident. Triggered alerts and logs are displayed in the Incidents --> <INC-N:Incident name> tab, where N is the ordinal number of the incident, in the Triggered alerts and Logs sections, respectively. For more details on logs and triggered alerts, see the sections Analytics Search and Triggered Alerts, respectively. |
Remove own triggered alerts/logs from incident |
The ability to remove own triggered alerts/logs from the incident. Triggered alerts and logs are displayed in the Incidents --> <INC-N:Incident name> tab, where N is the ordinal number of the incident, in the Triggered alerts and Logs sections, respectively. For more details on logs and triggered alerts, see the sections Analytics Search and Triggered Alerts, respectively. |
Create incident schema |
The ability to create incident schemas. Incident schemas are available in the Incident settings --> Incident schema section of the General settings tab. For more details, see the section Incident Settings. |
Edit incident schema |
The ability to edit incident schemas. Incident schemas are available in the Incident settings --> Incident schema section of the General settings tab. For more details, see the section Incident Settings. |
Delete incident schema |
The ability to delete incident schemas. Incident schemas are available in the Incident settings --> Incident schema section of the General settings tab. For more details, see the section Incident Settings. |
Set default incident schema |
The ability to set default incident schemas. In UserGate LogAn, one default incident schema is available in the Incident settings --> Incident schema section of the General settings tab. For more details, see the section Incident Settings. |
Create incident state |
The ability to create incident states. The list of incident states is displayed in the Incident settings --> Incident states section of the General settings tab. For more details, see the section Incident Settings. |
Edit incident state |
The ability to edit incident states. The list of incident states is displayed in the Incident settings --> Incident states section of the General settings tab. For more details, see the section Incident Settings. |
Delete incident state |
The ability to delete incident states. The list of incident states is displayed in the Incident settings --> Incident states section of the General settings tab. For more details, see the section Incident Settings. |
Create incident type |
The ability to create incident types. Incident types are available in the Incident settings --> Incident types section of the General settings tab. For more details, see the section Incident Settings. |
Edit incident type |
The ability to edit incident types. Incident types are available in the Incident settings --> Incident types section of the General settings tab. For more details, see the section Incident Settings. |
Delete incident type |
The ability to delete incident types. Incident types are available in the Incident settings --> Incident types section of the General settings tab. For more details, see the section Incident Settings. |
Create incident resolution |
The ability to create incident resolutions. The list of incident resolutions is displayed in the Incident settings --> Incident resolutions section of the General settings tab. For more details, see the section Incident Settings. |
Edit incident resolution |
The ability to edit incident resolutions. The list of incident resolutions is displayed in the Incident settings --> Incident resolutions section of the General settings tab. For more details, see the section Incident Settings. |
Delete incident resolution |
The ability to delete incident resolutions. The list of incident resolutions is displayed in the Incident settings --> Incident resolutions section of the General settings tab. For more details, see the section Incident Settings. |
Create response action |
The ability to create response actions. Response actions can be created in the Analytics --> Response actions tab. For more details, see the section Response Actions. |
Edit response action |
The ability to edit response actions. Response actions are displayed in the Analytics --> Response actions tab. For more details, see the section Response Actions. |
Delete response action |
The ability to delete response actions. Response actions are displayed in the Analytics --> Response actions tab. For more details, see the section Response Actions. |
Enable/disable response action |
The ability to enable or disable response actions. Response actions are displayed in the Analytics --> Response actions tab. For more details, see the section Response Actions. |
Create WMI sensor |
The ability to create WMI sensors. UserGate, SNMP, SNMP MIB, and WMI sensors can be created in the Sensors section of the General settings tab. For more details, see the section Sensors. |
Edit WMI sensors |
The ability to edit WMI sensors. UserGate, SNMP, SNMP MIB, and WMI sensors are available in the Sensors section of the General settings tab. For more details, see the section Sensors. |
Enable/disable WMI sensor |
The ability to enable/disable WMI sensors. UserGate, SNMP, SNMP MIB, and WMI sensors are available in the Sensors section of the General settings tab. For more details, see the section Sensors. |
Create Syslog rule |
The ability to create Syslog rules. Syslog rules can be created in the Libraries --> Syslog applications section of the General settings tab. |
Edit Syslog rule and Syslog connector |
The ability to edit Syslog rules. The created Syslog rules are available in the Libraries --> Syslog applications section of the General settings tab. |
Enable/disable Syslog rule |
The ability to enable or disable Syslog rules. Syslog rules are available in the Libraries --> Syslog applications section of the General settings tab. |
Create email group |
The ability to create emails and email groups. Emails and email groups can be created in the Libraries --> Emails section of the General settings tab. For more details, see the section Emails. |
Edit email group |
The ability to edit emails and email groups. Emails and email groups are available in the Libraries --> Emails section of the General settings tab. For more details, see the section Emails. |
Delete email group |
The ability to delete emails and email groups. Emails and email groups are available in the Libraries --> Emails section of the General settings tab. For more details, see the section Emails. |
Create phone groups |
The ability to create phones and phone groups. Phones and phone groups can be created in the Libraries --> Phones section of the General settings tab. For more details, see the section Phones. |
Edit phone group |
The ability to edit phones and phone groups. Phones and phone groups are available in the Libraries --> Phones section of the General settings tab. For more details, see the section Phones. |
Delete phone group |
The ability to delete phones and phone groups. Phones and phone groups are available in the Libraries --> Phones section of the General settings tab. For more details, see the section Phones. |
Create notification profile |
The ability to create notification profiles. In the Libraries --> Notification profiles section of the General settings tab, you can create two types of profiles: SMPP and SMTP. For more details on notification profiles, see the section Notification Profiles. |
Edit notification profile |
The ability to edit notification profiles. The list of profiles is available in the Libraries --> Notification profiles section of the General settings tab. For more details on notification profiles, see the section Notification Profiles. |
Delete notification profile |
The ability to edit notification profiles. The list of profiles is available in the Libraries --> Notification profiles section of the General settings tab. For more details on notification profiles, see the section Notification Profiles. |
Create triggered alert category |
The ability to create triggered alert categories. Triggered alert categories can be created in the Libraries --> Triggered alert categories section of the General settings tab. For more details on triggered alert categories, see the section Triggered Alert Categories. |
Edit triggered alert category |
The ability to edit triggered alert categories. The list of triggered alert categories is available in the Libraries --> Triggered alert categories section of the General settings tab. For more details on triggered alert categories, see the section Triggered Alert Categories. |
Delete triggered alert category |
The ability to delete triggered alert categories. The list of triggered alert categories is available in the Libraries --> Triggered alert categories section of the General settings tab. For more details on triggered alert categories, see the section Triggered Alert Categories. |
Edit enrichment setting |
The ability to edit an external enrichment service. The list of external enrichment services is available in the Libraries --> External enrichment services section of the General settings tab. For more details on external enrichment services, see the section External Enrichment Services. |
Enable/disable enrichment service |
The ability to enable/disable an enrichment service. The list of external enrichment services is available in the Libraries --> External enrichment services section of the General settings tab. For more details on external enrichment services, see the section External Enrichment Services. |
After a role has been created, it can be assigned to administrator profiles.