Roles allow you define what a user can manage and what data they can view. Permissions are granted to the role, and then the user is assigned to the role.
Log in to the Sentinel Web interface as a user in the administrator role.
Click in the toolbar.
Click in the section to create a new role.
Use the following information to create the role:
Role name: Specify a unique name for the role. A role name can not exceed 40 characters.
Description: Specify a description of the role. This description is displayed in the interface when a user selects the role.
Users with this role can: Select the permissions that a role grants to any user object assigned to the role.
View all data: Select this option to allow users to view all the data in the Sentinel system. If you select this option, you must select one or more of the following permissions:
Manage Correlation Engine/Rules: Allows users to manage Correlation rules and all data associated with these rules. The Correlation option is not displayed in the Web interface if this permission is not selected.
Manage Reports: Allows users to view and manage the data in reports.
Manage and View Security Intelligence Dashboards: Allows user to view, create, and manage the Security Intelligence dashboards as well as all of the data displayed in the dashboards. The Security Intelligence option is not displayed in the Web interface if this permission is not selected.
View Security Intelligence Dashboards: Allows user to view the Security Intelligence dashboards as well as all of the data displayed in the dashboards. The Security Intelligence option is not displayed in the Web interface if this permission is not selected.
View the following data: Select this option to allow users to view only selected data in the Sentinel system.
Only events matching the filter: Specify the Lucene search query in the text box. You can click the link to understand how to construct a valid Lucene search query. For example, if you set the filter value to sev:5, the user can view only events of severity five in a search.
For more information about using filters, see Configuring Filters
in the NetIQ Sentinel 7.0.1 User Guide.
Select one or more of the following permissions to use when viewing the filtered data:
Search Remote Targets: When this permission is set on a role, all members of that role can perform searches on event sources that are in a distributed location.
For more information on distributed searching and reporting, see Section 13.0, Searching and Reporting Events in a Distributed Environment.
View asset data: Allows users to view asset data.
View asset vulnerability data: Allows users to view vulnerability data.
View data in the embedded database: Allows users to view the data in the embedded database.
View people browser: Allows users to view the data through the Identity Browser.
View system events: Allows users to view the Sentinel system events.
Incidents: Select one of the followings permissions that enable users to manage incidents:
View incidents assigned to user: Allows a user to view any incident that is assigned to them.
View or create incidents an add events to incidents: Allows users to create incidents and add events to the incidents.
Create, modify and execute actions on assigned incidents: Allows users to create, modify, and execute actions on incidents that are assigned to them.
Manage all aspects of incidents: create, modify and delete: Allows the users to manage all incidents.
Miscellaneous: Assign miscellaneous permissions as necessary:
Create and use Active Views:
When this permission is set on a role, all members of this role can access and use the tab in the Sentinel Control Center. For more information about Active Views, see Viewing Events
in the NetIQ Sentinel 7.0.1 User Guide.
Manage Tags:
When this permission is set on a role, all members of this role can create, delete, and modify tags, and associate tags to different event sources. For more information on tags, see Configuring Tags
in the NetIQ Sentinel 7.0.1 User Guide.
Proxy for Authorized Search Initiators: When this permission is set on a role, the members of this role can accept searches from remote targets. For more information, see Section 13.0, Searching and Reporting Events in a Distributed Environment.
Share search filters:
When this permission is set on a role, all members of this role can share search filters that they have created. For more information about sharing filters, see Configuring Filters
in the NetIQ Sentinel 7.0.1 User Guide.
Solution Designer access: When this permission is set on a role, all members of this role can access the Solution Designer. For more information, see Section 1.4, Solution Designer.
View and execute event actions:
When this permission is set on a role, all members of this role can view events and execute actions on the selected events. For more information, see Manually Performing Actions on Events
in the NetIQ Sentinel 7.0.1 User Guide.
View detailed internal system state data: When this permission is set on a role, all members of this role can view detailed internal system state data by using a JMX client. For more information, see Section 1.3.10, Debugging.
Click .
To create users for this role, continue with Section 2.3, Creating Users.