Link

User Management

User Management provides features for Role Based Access Controls whereby you can create groups, assign roles to users, and assign users to groups.

By default, nothing will change any user’s access/roles that you have today so there is nothing you need to do unless desired. This means that All Users will be assigned the least restricted Owner role.

RBAC Component Definitions

  • Groups: Groups define which deployments are available to Users in the Group.
  • Roles: Pre-defined roles (Owner, Admin, Editor, Reader) which define permissions (e.g. Create, Read/view, Update, Delete) for each feature or application setting.
  • Users: Each user is assigned a Role (permissions on features/settings) and Users are members of one or more Groups to control which deployments they can access.

Groups

  • Groups define which deployments are available to Users in the Group.
  • The default group is All and has All deployments assigned to the group.
  • Groups can be added/edited/deleted by the Owner role (see Roles and Permissions below).
  • Group Management is available under the Gear pull-down menu for Account Settings.

Users

  • Each user is assigned a Role (permissions on features/settings) and Users are members of one or more Groups to control which deployments they can access.
  • Users belong to 1 or more groups.
  • Users can be added/edited/deleted by the Owner role (see Roles and Permissions below).
  • User Management is available under the Gear pull-down menu for Account Settings.

Roles

Note: Role permissions are pre-defined and not configurable.

Owner

  • Allows for billing and user management, including the creation and assignment of deployments in groups.
  • Includes all permissions of the Admin and Member roles.
  • Owner is the default role for a new user during initial account creation.
  • All existing users are Owner roles until changed (by another Owner).

Admin

  • Day-to-day configuration including setting up integrations and various application customizations.

Editor

  • Users allowed to edit (create, update, delete) objects, particularly incident type metadata. This role will be assigned to user of the role Member in a previous release

Reader

  • Users that are allowed read-only access to all but their own profile, e.g. to change their deployment selection or password

Permissions

Setting/Feature Owner Admin Editor Reader
Other Edit Edit Edit View
Inbound/Outbound Alerts Edit Edit None None
Custom eTypes Edit Edit None None
Time Preferences Edit Edit None None
Root Cause Report Settings Edit Edit None None
Advanced Edit Edit None None
Default Maps Edit Edit None None
Billing Edit None None None
User Management Edit None None None
Two-Factor Authentication Edit None None None
Log/Metrics Collector Setup View View View View
Ingest Activity View View None None
Deployments Edit View View View