Merge pull request #2046 from SEKOIA-IO/doc/intake_restricted_role

Add documentation segregated data access
SEKOIA-IO · Oct 10, 2024 · d5bf1f0 · d5bf1f0
2 parents 3ca8f72 + b3a4a5f
commit d5bf1f0
Show file tree

Hide file tree

Showing 5 changed files with 58 additions and 2 deletions.
diff --git a/docs/assets/user_center/restricted_intake_list.png b/docs/assets/user_center/restricted_intake_list.png
diff --git a/docs/assets/user_center/specific_intakes.png b/docs/assets/user_center/specific_intakes.png
diff --git a/docs/getting_started/intake_restricted_roles.md b/docs/getting_started/intake_restricted_roles.md
@@ -0,0 +1,49 @@
+# Intake Restricted roles
+
+Intake restricted roles allow organizations to segregate user access by datasources.
+
+Not all teams need access to the same data. For example, a network infrastructure team may only require access to network logs, whereas a security team needs broader access across all logs to monitor for threats.
+
+Intake restricted roles enable organizations to compartmentalize data streams so that only users with the appropriate permissions can access specific subsets of data, efficiently manage responsibilities and ensure data confidentiality.
+
+## Creating an intake restricted role
+
+To create an `intake restricted role`, follow these steps:
+
+1. Go to Settings > Workspace > Roles
+2. Click on the Add New Role button
+3. Provide role details:
+    - Role name: Enter a name for the new role
+    - Description: Write a description between 10 and 1000 characters to explain the purpose and responsibilities associated with this role
+4. Click on the `specific intakes` label to restrict access to a specific list of intakes
+
+    ![specific intakes](/assets/user_center/specific_intakes.png)
+
+5. Select the intakes to authorize for this role and click on the `Next` button
+
+    ![intake list](/assets/user_center/restricted_intake_list.png)
+
+4. Choose the specific permissions you want to assign to this role. These permissions will define what actions users with this role can perform
+5. Click `Save` to create the role. The new role will now appear in the roles listing.
+
+## Assigning the intake restricted role to users
+
+Once the `intake restricted role` is created, you can assign it to existing users:
+
+1. Navigate to the Workspace users page in the settings menu
+2. Select the user you want to assign the role to
+3. Attribute the new custom role to the user and save your changes
+
+## Important considerations
+
+### Limited permissions
+
+With Intake restricted roles, permissions selection is limited to `alerts`, `CTI`, `Dashboards` and `events` due to the nature of this role.
+
+### Disabling built-in roles
+
+When you assign a custom role to a user, any built-in roles previously assigned to that user will be disabled. Ensure that the custom role includes all necessary permissions for the user’s responsibilities.
+
+### Exclusive Intake restricted roles
+
+You can assign only one intake restricted role per user. Intake restricted cannot be combined with built-in or custom roles.
diff --git a/docs/getting_started/roles.md b/docs/getting_started/roles.md
@@ -20,10 +20,16 @@ Based on user feedback, we plan to introduce more built-in roles to accommodate
 
 ## Custom Roles
 
-In addition to built-in roles, each admin may create Custom roles. These will work in conjunction with built-in roles, providing even more flexibility for user access control.
+In addition to built-in roles, each admin may create Custom roles. These allow to select specific permissions for a role, providing even more flexibility for user access control.
 
 Please refer to this section to learn [how to create custom roles](custom_roles.md).  
 
+## Intake Restricted Roles
+
+Admin may also create Intake restricted roles to segregate user access by datasources. These roles enable organizations to compartmentalize data streams so that only users with the appropriate permissions can access specific subsets of data in a read-only mode. However with Intake restricted roles, the list of available permissions is limited due to the nature of the role.
+
+Please refer to this section to learn [how to create intake restricted roles](intake_restricted_roles.md).  
+
 ## Permissions
 
 You can discover all permissions associated either to built-in or custom roles directly from the UI in `Settings > Worskpace Roles`. 

diff --git a/mkdocs.yml b/mkdocs.yml
@@ -53,8 +53,9 @@ nav:
     - Manage users: getting_started/manage_users.md
     - Deactivate inactive users: getting_started/inactive_users.md
     - Roles and permissions:
-      - Build-in roles: getting_started/roles.md
+      - Built-in roles: getting_started/roles.md
       - Custom roles: getting_started/custom_roles.md
+      - Intake Restricted roles: getting_started/intake_restricted_roles.md
   - Notifications:
     - Create and manage notifications: getting_started/notifications-Listing_Creation.md
     - Notification examples: getting_started/notifications-Examples.md