User Roles and Role Permissions

A user role is a set of role permissions. A role permission grants an administrator the ability to perform certain actions -- e.g., add or remove an attachment from an existing incident, create a triggered alert rule, create or close an incident, etc. Roles are assigned to administrator profiles, which are, in turn, assigned to administrators. For more details on creating administrators and administrator profiles, see the section Administrators.

To create a role and assign certain permissions to it, follow these steps:

Name

Description

Step 1. Create a role.

In the User roles section, click Add and provide a name and description for the new role.

Step 2. Add the desired permissions to the role just created.

In the Role permissions section, select the desired permission, and click Add to add it to the role created earlier.

The following role permissions can be added for users:

Name

Description

Assignable user

Users with this permission may be assigned to incidents.

An assignee can be added during the creation or editing of an incident.

Assign incidents

The ability to assign incidents to other people.

An assignee can be added during the creation or editing of an incident.

Close incidents

The ability to close an incident. It can often be a useful arrangement when developers resolve incidents and testers close them.

You can close an incident in the Incidents ➜ tab, where N is the ordinal number of the incident. An incident can only be closed from the states for which a transition to the "Closed" state is configured in the incident schema. For more details, see Incident Settings.

Create incidents

The ability to create incidents.

Incidents can be created manually in the IncidentsIncidents log tab or automatically when an analytics rule is triggered. For more details on how to create incidents, see the section Creating Security Incidents.

Edit incidents

The ability to edit incidents.

You can edit an incident in the Incidents ➜ tab, where N is the ordinal number of the incident. For more details, see the section Incident Details.

Reopen incidents

The ability to reopen incidents.

You can reopen an incident in the Incidents ➜ tab, where N is the ordinal number of the incident.

Edit watchers

The ability to add and remove watchers.

Incident watchers can be added during the creation or editing of an incident.

Add comments

The ability to comment on incidents.

You can comment on an incident in the Incidents ➜ tab, where N is the ordinal number of the incident, in the Activity section.

Delete all comments

The ability to delete any comments made on incidents.

You can view the comments for an incident in the Incidents ➜ tab, where N is the ordinal number of the incident, in the Activity section.

Delete own comments

The ability to delete own comments made on incidents.

You can view the comments for an incident in the Incidents ➜ tab, where N is the ordinal number of the incident, in the Activity section.

Edit all comments

The ability to edit all comments made on incidents.

You can view the comments for an incident in the Incidents ➜ tab, where N is the ordinal number of the incident, in the Activity section.

Edit own comments

The ability to edit own comments made on incidents.

You can view the comments for an incident in the Incidents ➜ tab, where N is the ordinal number of the incident, in the Activity section.

Create attachments

The ability to create attachments to incidents.

Attachments can be added to an incident in the Incidents tab during the creation or editing of the incident. The attachments are displayed in the Incidents ➜ tab, where N is the ordinal number of the incident, in the Attachments section.

Delete all attachments

The ability to delete all attachments.

The incident's attachments are displayed in the Incidents ➜ tab, where N is the ordinal number of the incident, in the Attachments section.

Delete own attachments

The ability to delete own attachments.

The incident's attachments are displayed in the Incidents ➜ tab, where N is the ordinal number of the incident, in the Attachments section.

Edit observables

The ability to create and edit observables.

Observables can be added in the Incidents ➜ tab, where N is the ordinal number of the incident, in the Observables section. For more details on observables, see the section Incident Details.

Update enrichments

The ability to update observables' enrichments.

The list of external enrichment services is available under Libraries ➜ External enrichment services on the Settings tab. For more details on external enrichment services, see the section External Enrichment Services.

Generate report

The ability to generate and download/send reports.

Incident reports can be created in the Incidents ➜ tab, where N is the ordinal number of the incident. For more details, see the section Incident Details.

Add triggered alerts/logs to incident

The ability to add triggered alerts/logs in to the incident.

Logs can be added in the Incidents ➜ tab, where N is the ordinal number of the incident, in the Logs section. For more details on logs and triggered alerts, see the sections Analytics Search and Triggered Alerts, respectively.

Remove all triggered alerts/logs from incident

The ability to remove all triggered alerts/logs from the incident.

Triggered alerts and logs are displayed in the Incidents ➜ tab, where N is the ordinal number of the incident, in the Triggered alerts and Logs sections, respectively. For more details on logs and triggered alerts, see the sections Analytics Search and Triggered Alerts, respectively.

Remove own triggered alerts/logs from incident

The ability to remove own triggered alerts/logs from the incident.

Triggered alerts and logs are displayed in the Incidents ➜ tab, where N is the ordinal number of the incident, in the Triggered alerts and Logs sections, respectively. For more details on logs and triggered alerts, see the sections Analytics Search and Triggered Alerts, respectively.

Create incident schema

The ability to create incident schemas.

Incident schemas are available under Incident settings ➜ Incident schema in the Settings tab. For more details, see the section Incident Settings.

Edit incident schema

The ability to edit incident schemas.

Incident schemas are available under Incident settings ➜ Incident schema in the Settings tab. For more details, see the section Incident Settings.

Delete incident schema

The ability to delete incident schemas.

Incident schemas are available under Incident settings ➜ Incident schema in the Settings tab. For more details, see the section Incident Settings.

Set default incident schema

The ability to set default incident schemas.

In UserGate LogAn, one default incident schema is available under Incident settings ➜ Incident schema in the Settings tab. For more details, see the section Incident Settings.

Create incident state

The ability to create incident states.

The list of incident states is displayed under Incident settings ➜ Incident states in the Settings tab. For more details, see the section Incident Settings.

Edit incident state

The ability to edit incident states.

The list of incident states is displayed under Incident settings ➜ Incident states in the Settings tab. For more details, see the section Incident Settings.

Delete incident state

The ability to delete incident states.

The list of incident states is displayed under Incident settings ➜ Incident states in the Settings tab. For more details, see the section Incident Settings.

Create incident type

The ability to create incident types.

Incident types are available in the Incident settings ➜ Incident types section of the General settings tab. For more details, see the section Incident Settings.

Edit incident type

The ability to edit incident types.

Incident types are available in the Incident settings ➜ Incident types section of the General settings tab. For more details, see the section Incident Settings.

Delete incident type

The ability to delete incident types.

Incident types are available in the Incident settings ➜ Incident types section of the General settings tab. For more details, see the section Incident Settings.

Create incident resolution

The ability to create incident resolutions.

The list of incident resolutions is displayed in the Incident settings ➜ Incident resolutions section of the General settings tab. For more details, see the section Incident Settings.

Edit incident resolution

The ability to edit incident resolutions.

The list of incident resolutions is displayed in the Incident settings ➜ Incident resolutions section of the General settings tab. For more details, see the section Incident Settings.

Delete incident resolution

The ability to delete incident resolutions.

The list of incident resolutions is displayed in the Incident settings ➜ Incident resolutions section of the General settings tab. For more details, see the section Incident Settings.

Create analytics rule

The ability to create analytics rules.

Analytics rules can be created in the Analytics ➜ Analytics rules tab. For more details, see the Analytics section.

Delete analytics rule

The ability to delete analytics rules.

Analytics rules are displayed in the Analytics ➜ Analytics rules tab. For more details, see the Analytics section.

Edit analytics rule

The ability to edit analytics rules.

Analytics rules are displayed in the Analytics ➜ Analytics rules tab. For more details, see the Analytics section.

Enable/disable analytics rule

The ability to enable or disable analytics rules.

Analytics rules are displayed in the Analytics ➜ Analytics rules tab. For more details, see the Analytics section.

Execute analytics rule

The ability to execute an analytics rule not in real time.

Analytics rules are displayed in the Analytics ➜ Analytics rules tab. For more details, see the Analytics section.

Create response action

The ability to create response actions.

Response actions can be created in the Analytics --> Response actions tab. For more details, see the section Response Actions.

Edit response action

The ability to edit response actions.

Response actions are displayed in the Analytics --> Response actions tab. For more details, see the section Response Actions.

Delete response action

The ability to delete response actions.

Response actions are displayed in the Analytics --> Response actions tab. For more details, see the section Response Actions.

Enable/disable response action

The ability to enable or disable response actions.

Response actions are displayed in the Analytics --> Response actions tab. For more details, see the section Response Actions.

Create a UserGate sensor

The ability to create UserGate sensors.

UserGate sensors can be created under Sensors ➜ UserGate sensors in the Settings tab. For more details, see UserGate Sensors.

Edit a UserGate sensor

The ability to edit UserGate sensors.

UserGate sensors are available under Sensors ➜ UserGate sensors in the Settings tab. For more details, see UserGate Sensors.

Enable/disable a UserGate sensor

The ability to enable/disable UserGate sensors.

UserGate sensors are available under Sensors ➜ UserGate sensors in the Settings tab. For more details, see UserGate Sensors.

Delete a UserGate sensor

The ability to delete UserGate sensors.

UserGate sensors are available under Sensors ➜ UserGate sensors in the Settings tab. For more details, see UserGate Sensors.

Create SNMP sensor

The ability to create SNMP sensors.

SNMP sensors can be created under Sensors ➜ SNMP sensors in the General settings tab. For more details, see the SNMP Sensors section.

Edit SNMP sensors

The ability to edit SNMP sensors.

SNMP sensors are available under Sensors ➜ SNMP sensors in the General settings tab. For more details, see the SNMP Sensors section.

Enable/disable SNMP sensor

The ability to enable/disable SNMP sensors.

SNMP sensors are available under Sensors ➜ SNMP sensors in the General settings tab. For more details, see the SNMP Sensors section.

Delete a SNMP sensor

The ability to delete SNMP sensors.

SNMP sensors are available under Sensors ➜ SNMP sensors in the General settings tab. For more details, see the SNMP Sensors section.

Create WMI sensor

The ability to create WMI sensors.

WMI sensors can be created under Sensors ➜ WMI sensors in the General settings tab. For more details, see the section WMI Sensors.

Edit WMI sensors

The ability to edit WMI sensors.

WMI sensors are available under Sensors ➜ WMI sensors in the General settings tab. For more details, see the section WMI Sensors.

Enable/disable WMI sensor

The ability to enable/disable WMI sensors.

WMI sensors are available under Sensors ➜ WMI sensors in the General settings tab. For more details, see the section WMI Sensors.

Delete a WMI sensor

The ability to delete WMI sensors.

WMI sensors are available under Sensors ➜ WMI sensors in the General settings tab. For more details, see the section WMI Sensors.

Add SNMP MIB file

The ability to add SNMP MIB files.

MIB files can be added under Sensors ➜ SNMP MIB management in the General settings tab. For more details, see the SNMP MIB Management section.

Delete SNMP MIB file

The ability to delete SNMP MIB files.

MIB files are displayed under Sensors ➜ SNMP MIB management in the General settings tab. For more details, see the SNMP MIB Management section.

Create Syslog rule

The ability to create Syslog rules.

Syslog rules can be created in the Log Collector ➜ Syslog section of the General settings tab.

Delete Syslog rule

The ability to delete Syslog rules.

Syslog rules are displayed in the Log Collector ➜ Syslog section of the General settings tab.

Edit Syslog rule and Syslog connector

The ability to edit Syslog rules and configure Syslog.

The created Syslog rules are available in the Log Collector ➜ Syslog section of the General settings tab.

Enable/disable Syslog rule

The ability to enable or disable Syslog rules.

Syslog rules are available in the Log Collector ➜ Syslog section of the General settings tab.

Create email group

The ability to create emails and email groups.

Emails and email groups can be created in the Libraries ➜ Emails section of the General settings tab. For more details, see the section Phones.

Edit email group

The ability to edit emails and email groups.

Emails and email groups are available in the Libraries ➜ Emails section of the General settings tab. For more details, see the section Phones.

Delete email group

The ability to delete emails and email groups.

Emails and email groups are available in the Libraries ➜ Emails section of the General settings tab. For more details, see the section Phones.

Create phone groups

The ability to create phones and phone groups.

Phones and phone groups can be created in the Libraries ➜ Phones section of the General settings tab. For more details, see the section Phones.

Edit phone group

The ability to edit phones and phone groups.

Phones and phone groups are available in the Libraries ➜ Phones section of the General settings tab. For more details, see the section Phones.

Delete phone group

The ability to delete phones and phone groups.

Phones and phone groups are available in the Libraries ➜ Phones section of the General settings tab. For more details, see the section Phones.

Create notification profile

The ability to create notification profiles.

In the Libraries ➜ Notification profiles section of the General settings tab, you can create two types of profiles: SMPP and SMTP. For more details on notification profiles, see the section Notification Profiles.

Edit notification profile

The ability to edit notification profiles.

The list of profiles is available in the Libraries ➜ Notification profiles section of the General settings tab. For more details on notification profiles, see the section Notification Profiles.

Delete notification profile

The ability to edit notification profiles.

The list of profiles is available in the Libraries ➜ Notification profiles section of the General settings tab. For more details on notification profiles, see the section Notification Profiles.

Create triggered alert category

The ability to create triggered alert categories.

Triggered alert categories can be created in the Libraries ➜ Triggered alert categories section of the General settings tab. For more details on triggered alert categories, see the section Triggered Alert Categories.

Edit triggered alert category

The ability to edit triggered alert categories.

The list of triggered alert categories is available in the Libraries ➜ Triggered alert categories section of the General settings tab. For more details on triggered alert categories, see the section Triggered Alert Categories.

Delete triggered alert category

The ability to delete triggered alert categories.

The list of triggered alert categories is available in the Libraries ➜ Triggered alert categories section of the General settings tab. For more details on triggered alert categories, see the section Triggered Alert Categories.

Edit enrichment setting

The ability to edit an enrichment setting.

The list of external enrichment services is available in the Libraries ➜ External enrichment services section of the General settings tab. For more details on external enrichment services, see the section External Enrichment Services.

Enable/disable enrichment service

The ability to enable/disable enrichment services.

The list of external enrichment services is available in the Libraries ➜ External enrichment services section of the General settings tab. For more details on external enrichment services, see the section External Enrichment Services.

After a role has been created, it can be assigned to administrator profiles.