It is a good idea to have one or more dedicated user, groups, and roles, as necessary, to handle automation tasks that interact with external products or components of your system:
Automation roles group sets of permissions to define and to constrain the actions automation users are allowed to perform.
Automation groups bring together automation users, and they define which platform areas, features, and functionality are accessible to automation users.
Automation users handle automation and integration tasks – based on the automation role they are assigned and the automation groups they are members of – such as authentication, data exchange through outgoing and incoming feeds, or automatic entity creation as a follow-up action on a specific event.
An automation group should include all the allowed data sources the automation users in the group need to access.
Platform data sources can be:
Create the automation group
Required fields are marked with an asterisk ( * ).
To create and to add a new group, do the following:
In the , click > User management > Groups tab.
Go to the upper-left corner, and click .
The group editor is displayed.
To create a new automation user group:
In the side navigation bar click > User management.
Click the Groups tab, and then click (Create group) to create a new user group.
The group editor is displayed.
Under Create group,define the following configuration settings:
In the Name field enter a short, clear, and descriptive name to identify the automation user group.
Example: Integration automation group
In the Description field enter a short, free-form description to clarify the purpose and the scope of the automation user group.
Example: Automation group to integrate and exchange data with external systems and services through incoming and/or outgoing feeds
Under Allowed sources, click Add or More to define the data sources the automation group can access, and the TLP-based access level.
From the Sources drop-down menu, select one or more data sources the automation user group and its members can access to retrieve data from.
Data sources can be existing incoming feeds and enrichers, as well as existing platform user groups.
If you do not specify any data source, the current group becomes the default allowed data source.
Role-based permissions define:
The type of actions users are allowed to perform.
The type of objects users are allowed to interact with.
Group-based Allowed sources and TLP define:
Specific platform data, assets, and resources users are allowed to access.
From the TLP drop-down menu, select a Traffic Light Protocol color to filter data accordingly.
Default value: Red
Click Add or More to add new rows as needed, where you can enter additional criteria.
From the Source reliability drop-down menu, select a reliability value to filter data source by.
The automation user group is granted access only to data whose source reliability matches the filter value you set here.
From the Allowed roles drop-down menu Group admin settings, select one or more roles that group admins can assign to member users of the groups they are admin of.
Start typing a role name in the autocomplete text input field.
Select one or more filtered roles from the matching result list.
To remove a selection, go to the item(s) you want to remove, and click the cross icon .
To remove all selections at once, click the cross icon next to the drop-down menu arrow in the input field.
Alternatively, click Unselect all options.
Group admins can assign to the users of the groups they manage only the role subset you define here.
This setting protects from unwanted privilege escalation by limiting the set of role-based permissions group admins can grant to their group members.
To store your changes, click Save; to discard them, click Cancel.
To access additional save options, click the down arrow on the Save button:
Click Save and new to save the current data or configuration for the item you are working on, and to create a new item of the same type right away.
For example, a new dataset, feed, policy, rule, task, or workspace.
Click Save and duplicate to save the current data for the item you are working on, and to create a new prepopulated copy of the same item, which you can use as a template or a blueprint to speed up repetitive manual work.