Create an automation role

It is a good idea to have one or more dedicated user, groups, and roles, as necessary, to handle automation tasks that interact with external products or components of your system:

  • Automation roles group sets of permissions to define and to constrain the actions automation users are allowed to perform.

  • Automation groups bring together automation users, and they define which platform areas, features, and functionality are accessible to automation users.

  • Automation users handle automation and integration tasks – based on the automation role they are assigned and the automation groups they are members of – such as authentication, data exchange through outgoing and incoming feeds, or automatic entity creation as a follow-up action on a specific event.

Create the automation role


Required fields are marked with an asterisk ( * ).

To create and to add a new role:

  1. In the side navigation bar click > User management > Roles > (Create role).
    The role editor is displayed.

To create a new automation role:

  1. In the side navigation bar click > User management.

  2. Click the Roles tab, and then click (Create role) to create a new role.
    The role editor is displayed.

Under Create role, define the following configuration settings:

  1. In the Name field, enter a short, clear, and descriptive name to identify the automation role.
    Example: External systems integrator

  2. In the Description field, enter a short, free-form description to clarify the purpose and the scope of the automation role.
    Example: Allows implementing data exchange interoperability between the platform and an external system.

  3. From the Permissions drop-down menu, select the actions the role is allowed to perform, and the platform objects the role can act on.
    Alternatively:

    • Start typing a permission name in the autocomplete text input field.

    • Select one or more filtered permissions from the matching result list.

    To remove a selection, go to the item(s) you want to remove, and click the cross icon .
    To remove all selections at once, click the cross icon next to the drop-down menu arrow in the input field.
    Alternatively, click Unselect all options.

  4. To store your changes, click Save; to discard them, click Cancel.

Assign permissions to the automation role

The automation role for a platform-to-platform integration through a TAXII feed requires read access to:

  • Data sources: incoming feeds, groups

  • Feeds: incoming and outgoing feeds

  • TAXII services: discovery, collection, inbox or poll.

The following overview includes the minimum set of permissions an automation role should be granted to manage basic data exchange through a TAXII outgoing TAXII incoming feed configuration.

If your automation user role should also interact with other platform features such as datasets and workspaces, you can integrate this basic permission set with the default permissions granted to the default Threat Analyst role.
To view permissions for the the default Threat Analyst role:

  1. In the side navigation bar click > User management > Roles.
    To sort items by column header:

    1. Click the header of the column whose content you want to sort.

    2. Click or to sort the content in either ascending or descending order, respectively.

  2. Under Role name, select Threat Analyst.

  3. In the Threat Analyst detail pane, in the Overview tab, you can view a list of permissions granted to the role.

These are guidelines, and therefore not mandatory.
You may need to tweak the automation role permissions based on trial and error hands-on experience to best suit your environment.

Basic permission set for the automation role


Sender automation role

Receiver automation role

Required

Notes

  • read configurations

  • read content-blocks

  • read content-types

  • read destinations

  • read entities

  • read extracts

  • read intel-sets

  • read outgoing-feeds

  • read sources

  • read taxii-services

  • read transports

  • read configurations

  • read content-blocks

  • read content-types

  • read destinations

  • read entities

  • read extracts

  • read incoming-feeds

  • read intel-sets

  • read sources

  • read taxii-services

  • read transports

Yes

Different permissions between sender and receiver automation roles are highlighted in bold.

  • modify incoming-feeds

  • modify taxii-services


See notes

The sender automation user role must have also these permissions if:

  • A platform-to-platform data exchange implementation uses a TAXII inbox outgoing feed TAXII inbox incoming feed setup.

  • A TAXII inbox outgoing feed uses Basic authentication.


  • modify outgoing-feeds

See notes

The receiver automation user role must have also this permission if:

  • A platform-to-platform data exchange implementation uses a TAXII inbox outgoing feed TAXII inbox incoming feed setup.

  • A TAXII inbox incoming feed uses Basic authentication.

About permissions

Permission purpose

Permissions provide granular user access control to platform functionality, assets, and resources.

Permission names

Permission names are descriptive:

  • A verb describes the type of action the permission grants

  • A noun or noun phrase describes the platform object that the action can be carried out on.

  • Format: ${type of action} ${object of the action}

  • Example: modify entities

Permission organization

Permissions are grouped in roles.

  • Roles act as containers for sets of permissions.

  • They define the set of capabilities and actions users can carry out in the platform.

  • Users can be granted one or more roles.

Permission usage

  • Permissions are predefined in the platform. They are not editable or configurable.
    You can either grant permissions to, or revoke them from roles.

Permission actions

Permissions allow two types of action:

  • Modify: a modification permission that allows to read, create, update, and delete platform data.

  • Read: a read-only permission that grants access to platform data, without allowing any modifications.

View permissions

To display a list of the available platform permissions:

  1. In the side navigation bar click > User management > Permissions.

  2. To sort items by column header:

    1. Click the header of the column whose content you want to sort.

    2. Click or to sort the content in either ascending or descending order, respectively.

When you assign permissions to a role, either to modify an existing role or to define a new role, make sure you understand what permissions are and how they work in the platform.
For more information, see: