Manage roles

Configure and manage user roles and their sets of permissions to control user access to specific Intelligence Center areas and resources and their ability to modify them.

About roles

Roles group sets of permission to control:

  • What actions users can carry out: read-only or read-write

  • What Intelligence Center resources users can view or touch: entities, observables, datasets, and so on.

  • Where in the Intelligence Center users can perform the allowed actions: graph, workspaces, feeds, and so on.

To edit roles, users require:

  • The checkbox Administrator to be checked in the Edit user view.

  • Or a non-admin access level that includes the modify roles permissions.

EclecticIQ Intelligence Center manages and controls resource access and consumption by defining access profiles at different access tiers with the following characteristics:

  • Users: individual Intelligence Center consumers.
    They can access the Intelligence Center by signing in with their designated account credentials, such as user name and password.
    Example: mhamilton / Apollo11

  • Groups: multiple users brought together under a common umbrella.
    They share the same access rights to selected allowed data sources, such as specific datasets, feeds, enrichers, as well as other groups.
    Example: Threat analysts
    User groups enable controlling user group members' access to specific Intelligence Center data, assets, and resources through the following mechanisms:

    • Allowed sources: data origins of content stored in the Intelligence Center.
      Selecting an allowed data source for a group means that all group members can access Intelligence Center content that the data source in question is the producer of.
      Data sources can be existing incoming feeds, enrichers, as well as other user groups.
      Example: Entities from Feed A

    • TLP: TLP stands for Traffic Light Protocol.
      TLP color codes flag information to provide handling and sharing guidelines.
      You can assign a TLP color value to restrict access to the following Intelligence Center items:

      • Entities.

      • Data you receive via incoming and send out via outgoing feeds.

      • Data created by users belonging to the groups associated with allowed data sources.

  • Roles: the expected functions assigned to an individual user or to a group of users.
    Roles represent sets of actions users can be tasked with.
    Roles group sets of permissions to define the allowed read and modify behaviors that are appropriate to the functions they are related to.
    Example: Team lead

  • Permissions: rules and policies constraining user scope.
    Permissions delimit scope by defining the types of action users are authorized to carry out.
    For example: read; modify (that is, create, edit, and delete.)

About permissions

Permission purpose

Permissions provide granular user access control to Intelligence Center functionality, assets, and resources.

Permission names

Permission names are descriptive:

  • A verb describes the type of action the permission grants

  • A noun or noun phrase describes the Intelligence Center object that the action can be carried out on.

  • Format: ${type of action} ${object of the action}

  • Example: modify entities

Permission organization

Permissions are grouped in roles.

  • Roles act as containers for sets of permissions.

  • They define the set of capabilities and actions users can carry out in the Intelligence Center.

  • Users can be granted one or more roles.

Permission usage

  • Permissions are predefined in the Intelligence Center. They are not editable or configurable.
    You can either grant permissions to, or revoke them from roles.

Permission actions

Permissions allow two types of action:

  • Modify: a modification permission that allows to read, create, update, and delete Intelligence Center data.

  • Read: a read-only permission that grants access to Intelligence Center data, without allowing any modifications.

View permissions

To display a list of the available Intelligence Center permissions:

  1. In the side navigation bar click > User management > Permissions.

  2. To sort items by column header:

    1. Click the header of the column whose content you want to sort.

    2. Click or to sort the content in either ascending or descending order, respectively.

  • Role-based permissions define:

    • The type of actions users are allowed to perform.

    • The type of objects users are allowed to interact with.

  • Group-based Allowed sources and TLP define:

    • Specific Intelligence Center data, assets, and resources users are allowed to access.

When you assign permissions to a role, either to modify an existing role or to define a new role, make sure you understand what permissions are and how they work in the Intelligence Center.
For more information, see:

View roles

To view a list of the available roles in the Intelligence Center:

  1. In the side navigation bar click , select User management, and click the Roles tab.
    The Roles view shows the existing roles.

  2. To view details about a specific role, in the Roles overview click anywhere in the row corresponding to the role you want to review.
    The role detail pane slides in from the side of the screen.

  3. In the role detail pane, click Overview to see a list of permissions associated with the role.
    You can sort the items on the view by column header.
    To do so, click the column header you want to base the data sorting on.
    An upward-pointing or a downward-pointing arrow in the header indicates ascending and descending sort order, respectively.

The permissions on the list should map the typical tasks normally associated with the role.
For example, an administrator role should be granted a broader range of permissions and access rights than a standard user.

Click History to display an overview in reverse chronological order of the actions performed on the role since its creation.
This reference view enables you to inspect what happened to the role (the action), who did it (the user who carried out the action), and when it happened (the date and time).

Create roles

To create a new role:

  1. In the side navigation bar click > User management.

  2. Click the Roles tab, and then click (Create role) to create a new role.
    The role editor is displayed.

Under Create role, define the following configuration settings:

  1. In the Name field, enter a short, clear, and descriptive name to identify the automation role.
    Example: Team manager

  2. In the Description field, enter a short, free-form description to clarify the purpose and the scope of the role.
    Example: Team managers supervise a large team or multiple smaller teams. They provide strategic guidance to keep teams and their members aligned to corporate goals and objectives.

  3. From the Permissions drop-down menu, select the actions the role is allowed to perform, and the Intelligence Center objects the role can act on.

    • Start typing a permission name in the autocomplete text input field.

    • Select one or more filtered permissions from the matching result list.

    To remove a selection, go to the item(s) you want to remove, and click the cross icon .
    To remove all selections at once, click the cross icon next to the drop-down menu arrow in the input field.
    Alternatively, click Unselect all options.

  4. To store your changes, click Save; to discard them, click Cancel.

Edit roles

  1. Go to the row of the role you want to modify, click , and select Edit to open the role editor.

  2. Alternatively, click anywhere in the row of the role you want to modify.

  3. At the bottom of the Role detail pane, click Edit to open the role editor.

  4. Change the role details as necessary.

  5. To store your changes, click Save; to discard them, click Cancel.

Delete roles

  1. Go to the row of the role you want to delete, click , and select Delete.

  2. Alternatively, click anywhere in the row of the role you want to delete.

  3. At the bottom of the Role detail pane, click Delete.

  4. In the confirmation dialog, click Delete to confirm the action.
    The role is deleted from the Intelligence Center.