Role-Based Access Control (RBAC)

Overview

Role-based access control (RBAC) enables an administrator to tailor access to Chronicle features based on an employee's role in your organization. To navigate to the RBAC profile and settings pages, click the icon on the top right corner to open the drop-down menu and select Settings.

Settings Settings

Profile

The Profile page displays the information from the user's profile.

Profile

Profile

Users & Groups

The Users & Groups page enables an administrator to configure RBAC.

  1. Click the Users & Groups link in the left navigation pane. A list of users and groups are displayed on the USERS AND GROUPS page with the columns: USER/GROUP, TYPE and ASSIGNED ROLE.

    Users and Groups

    Users and Groups

  2. Click ASSIGN NEW to open the Assign Role pop-up window. From this window you can complete the following tasks:

    • Assign a new user or users to a role.
    • Assign a new group or groups to a role.

    The available roles are:

    • Default
    • ViewerWithNoDetectAccess
    • Viewer
    • Editor
    • Administrator

    Once you have added your user or group IDs and selected the appropriate role from the ASSIGN ROLE drop-down menu, click ASSIGN.

    As you assign roles, be aware of the following:

    • You cannot change the assigned role of an existing user or group using this pop-up window.
    • Chronicle manages the mapping between users and groups and roles. There is no verification of whether the user or the group exists in the customer's IdP.
    • Use caution if the user or group ID contains special characters that, depending on the text source, might use UTF-8 encoding. Once you click ASSIGN, Google recommends that you verify that the new assignment has been saved correctly.

    Assigning Roles

    Assigning Roles to Users and Groups

  3. You can change the role of an existing user or group by selecting a new role from the drop-down menu corresponding to that user or group in the ASSIGNED ROLE column.

    Change Roles

    Changing the Assigned Role for a User or Group

  4. You can change the default role assigned to new users and groups from the role drop-down menu in the top right corner.

  5. You can delete a user or a group by clicking on the trash-can icon which appears on the far right side of the user or group row as you hover over it.

    Delete User or Group

    Deleting a User or Group

Roles and Permissions

Roles

Roles are associated with a set of product permissions. Assigning a role to a user grants the user the permissions associated with that role.

Chronicle includes the following predefined roles:

  • Administrator—Manages the role-based access control policies for your enterprise. Can also edit or view any Chronicle page.
  • Editor—Can edit Chronicle pages, including the ability to create and edit rules for the Detection Engine.
  • Viewer—Can view any Chronicle page, but cannot make any changes.
  • ViewerWithNoDetectAccess—Can view all Chronicle pages that do not include detections (principally the Rules and Reference Lists pages).

RBAC applications include the following:

  • Create and assign roles based on the job responsibilities.
  • Create and assign roles based on tenancies or organizations.
  • Assign temporary roles to analysts for investigating an issue.

Permissions

Permissions provide the authorization needed to perform a single controlled action in Chronicle, including (see the user interface for the complete list of permissions):

  • View rule
  • Modify rule
  • Edit feedback
  • Edit reference list
  • View RBAC permissions

If a user does not have permissions for an action, the associated functionality is disabled. For example, if the user has the Viewer role, they are unable to create a new rule (the NEW button is disabled in the Rules Editor), duplicate a rule (the Duplicate option is disabled), or modify an existing rule.

To view the roles and permissions available to users and groups, complete the following:

  1. Click the Roles link in the left navigation pane.

  2. Select a role from the Roles column to view the permissions granted for that role. The permissions associated with each role cannot be changed.

    Roles

    Roles

The default role for newly added users and groups is Viewer. If you select one of the other roles (for example, Editor), the SET AS DEFAULT control becomes available. This enables you to make that role the default instead.