Roles allow you define what a user can manage and what data they can view. Permissions are granted to the role, and then the user is assigned to the role.
Log in to the Sentinel Web interface as a user in the administrator role.
Click Users in the toolbar.
Click Create in the Roles section to create a new role.
Use the following information to create the role:
Role name: Specify a unique name for the role. A role name should not exceed 40 characters.
Description: Specify a description of the role.
Users with this role can: Select the permissions that a role grants to users assigned to the role.
View all data: Select this option to allow users to view all the data in the Sentinel system. If you select this option, you must select one or more of the following permissions:
Manage Correlation Engine/Rules: Allows users to manage Correlation rules and all data associated with these rules. The Correlation feature is displayed in the Web interface only if this permission is selected.
Manage Reports: Allows users to view and manage the data in reports.
Manage and View Security Intelligence Dashboards: Allows user to view, create, and manage the Security Intelligence dashboards and the data displayed in the dashboards. The Security Intelligence option is displayed in the Web interface only if this permission is selected.
View Security Intelligence Dashboards: Allows user to view the Security Intelligence dashboards and the data displayed in the dashboards. The Security Intelligence option is displayed in the Web interface only if this permission is selected.
View the following data: Select this option to allow users to view only selected data in the Sentinel system.
Only events matching the filter: Allows users to view only the events returned by the specified search query. For example, if you set the filter value to sev:5, users with this permission can view only events of severity five in a search.
For more information about using filters, see Configuring Filters
in the NetIQ Sentinel User Guide.
Select one or more of the following permissions to use when viewing the filtered data:
View NetFlow data: Allows users to view and analyze the network flow data.
Search Remote Targets: When this permission is set on a role, all members of that role can perform searches on event sources that are in a distributed location.
For more information on distributed searching and reporting, see Section 18.0, Searching and Reporting Events in a Distributed Environment.
View asset data: Allows users to view asset data.
View asset vulnerability data: Allows users to view vulnerability data.
View data in the embedded database: Allows users to view the data in the embedded database.
View people browser: Allows users to view the data in the Identity Browser.
View system events: Allows users to view the Sentinel system events.
Incidents: Select one of the followings permissions that enable users to manage incidents:
View incidents assigned to user: Allows a user to view any incident that is assigned to them.
View or create incidents an add events to incidents: Allows users to create incidents and add events to the incidents.
Create, modify and execute actions on assigned incidents: Allows users to create, modify, and execute actions on incidents that are assigned to them.
Manage all aspects of incidents: create, modify and delete: Allows users to manage all incidents.
Miscellaneous: Assign miscellaneous permissions as necessary:
Create and use Active Views:
When this permission is set on a role, all members of this role can access and use Active Views in the Sentinel Control Center. For more information about Active Views, see Viewing Events
in the NetIQ Sentinel User Guide.
Manage Tags:
When this permission is set on a role, all members of this role can create, delete, and modify tags, and associate tags to different event sources. For more information about tags, see Configuring Tags
in the NetIQ Sentinel User Guide.
Proxy for Authorized Search Initiators: When this permission is set on a role, the members of this role can accept searches from remote targets. For more information, see Section 18.0, Searching and Reporting Events in a Distributed Environment.
Send NetFlow data: Allows users to send network flow data from the NetFLow Collector Manager to the Sentinel server.
Share search filters:
When this permission is set on a role, all members of this role can share search filters that they have created. For more information about sharing filters, see Configuring Filters
in the NetIQ Sentinel User Guide.
Solution Designer access: When this permission is set on a role, all members of this role can access Solution Designer. For more information, see Section 21.7, Solution Designer.
View and execute event actions:
When this permission is set on a role, all members of this role can view events and execute actions on the selected events. For more information, see Manually Performing Actions on Events
in the NetIQ Sentinel User Guide.
View detailed internal system state data: When this permission is set on a role, all members of this role can view detailed internal system state data by using a JMX client.
Click Save.
To create users for this role, see Section 4.4, Creating Users.