diff --git a/docs/assets/user_center/restricted_intake_list.png b/docs/assets/user_center/restricted_intake_list.png new file mode 100644 index 0000000000..7a709e10f7 Binary files /dev/null and b/docs/assets/user_center/restricted_intake_list.png differ diff --git a/docs/assets/user_center/specific_intakes.png b/docs/assets/user_center/specific_intakes.png new file mode 100644 index 0000000000..87d74ea9ce Binary files /dev/null and b/docs/assets/user_center/specific_intakes.png differ diff --git a/docs/getting_started/intake_restricted_roles.md b/docs/getting_started/intake_restricted_roles.md new file mode 100644 index 0000000000..9c8b218b99 --- /dev/null +++ b/docs/getting_started/intake_restricted_roles.md @@ -0,0 +1,49 @@ +# Intake Restricted roles + +Intake restricted roles allow organizations to segregate user access by datasources. + +Not all teams need access to the same data. For example, a network infrastructure team may only require access to network logs, whereas a security team needs broader access across all logs to monitor for threats. + +Intake restricted roles enable organizations to compartmentalize data streams so that only users with the appropriate permissions can access specific subsets of data, efficiently manage responsibilities and ensure data confidentiality. + +## Creating an intake restricted role + +To create an `intake restricted role`, follow these steps: + +1. Go to Settings > Workspace > Roles +2. Click on the Add New Role button +3. Provide role details: + - Role name: Enter a name for the new role + - Description: Write a description between 10 and 1000 characters to explain the purpose and responsibilities associated with this role +4. Click on the `specific intakes` label to restrict access to a specific list of intakes + + ![specific intakes](/assets/user_center/specific_intakes.png) + +5. Select the intakes to authorize for this role and click on the `Next` button + + ![intake list](/assets/user_center/restricted_intake_list.png) + +4. Choose the specific permissions you want to assign to this role. These permissions will define what actions users with this role can perform +5. Click `Save` to create the role. The new role will now appear in the roles listing. + +## Assigning the intake restricted role to users + +Once the `intake restricted role` is created, you can assign it to existing users: + +1. Navigate to the Workspace users page in the settings menu +2. Select the user you want to assign the role to +3. Attribute the new custom role to the user and save your changes + +## Important considerations + +### Limited permissions + +With Intake restricted roles, permissions selection is limited to `alerts`, `CTI`, `Dashboards` and `events` due to the nature of this role. + +### Disabling built-in roles + +When you assign a custom role to a user, any built-in roles previously assigned to that user will be disabled. Ensure that the custom role includes all necessary permissions for the user’s responsibilities. + +### Exclusive Intake restricted roles + +You can assign only one intake restricted role per user. Intake restricted cannot be combined with built-in or custom roles. \ No newline at end of file diff --git a/docs/getting_started/roles.md b/docs/getting_started/roles.md index 3f8a04ffc1..399eb8539e 100644 --- a/docs/getting_started/roles.md +++ b/docs/getting_started/roles.md @@ -20,10 +20,16 @@ Based on user feedback, we plan to introduce more built-in roles to accommodate ## Custom Roles -In addition to built-in roles, each admin may create Custom roles. These will work in conjunction with built-in roles, providing even more flexibility for user access control. +In addition to built-in roles, each admin may create Custom roles. These allow to select specific permissions for a role, providing even more flexibility for user access control. Please refer to this section to learn [how to create custom roles](custom_roles.md). +## Intake Restricted Roles + +Admin may also create Intake restricted roles to segregate user access by datasources. These roles enable organizations to compartmentalize data streams so that only users with the appropriate permissions can access specific subsets of data in a read-only mode. However with Intake restricted roles, the list of available permissions is limited due to the nature of the role. + +Please refer to this section to learn [how to create intake restricted roles](intake_restricted_roles.md). + ## Permissions You can discover all permissions associated either to built-in or custom roles directly from the UI in `Settings > Worskpace Roles`. diff --git a/mkdocs.yml b/mkdocs.yml index 0448f07f96..6a4eb9ccb9 100644 --- a/mkdocs.yml +++ b/mkdocs.yml @@ -53,8 +53,9 @@ nav: - Manage users: getting_started/manage_users.md - Deactivate inactive users: getting_started/inactive_users.md - Roles and permissions: - - Build-in roles: getting_started/roles.md + - Built-in roles: getting_started/roles.md - Custom roles: getting_started/custom_roles.md + - Intake Restricted roles: getting_started/intake_restricted_roles.md - Notifications: - Create and manage notifications: getting_started/notifications-Listing_Creation.md - Notification examples: getting_started/notifications-Examples.md