Create an automation group#

It is a good idea to have one or more dedicated user, groups, and roles, as necessary, to handle automation tasks that interact with external products or components of your system:

  • Automation roles group sets of permissions to define and to constrain the actions automation users are allowed to perform.

  • Automation groups bring together automation users, and they define which platform areas, features, and functionality are accessible to automation users.

  • Automation users handle automation and integration tasks – based on the automation role they are assigned and the automation groups they are members of – such as authentication, data exchange through outgoing and incoming feeds, or automatic entity creation as a follow-up action on a specific event.

An automation group should include all the allowed data sources the automation users in the group need to access.

Platform data sources can be:

  • Incoming feeds

  • Enrichers

  • Groups

Create the automation group#

Note

Required fields are marked with an asterisk (*).

To create and to add a new group, do the following:

  1. In the left navigation, select Settings Settings > User management > Groups tab.

  2. Go to the upper-left corner, and select **.

    **The group editor is displayed.

To create a new automation user group:

  1. In the left navigation, select Settings Settings > User management.

  2. Select the Groups tab, and then select Create group + to create a new user group.

    The group editor is displayed.

Under Create group,define the following configuration settings:

  1. In the Name field enter a short, clear, and descriptive name to identify the automation user group.

    Example: Integration automation group

  2. In the Description field enter a short, free-form description to clarify the purpose and the scope of the automation user group.

    Example: Automation group to integrate and exchange data with external systems and services through incoming and/or outgoing feeds

  3. Under Allowed sources, select + Add or + More to define the data sources the automation group can access, and the TLP-based access level.

    1. From the Sources drop-down menu, select one or more data sources the automation user group and its members can access to retrieve data from.

      Data sources can be existing incoming feeds and enrichers, as well as existing platform user groups.

      If you do not specify any data source, the current group becomes the default allowed data source.

      Note

      • Role-based permissions define:

        • The type of actions users are allowed to perform.

        • The type of objects users are allowed to interact with.

      • Group-based Allowed sources and TLP define:

        • Specific platform data, assets, and resources users are allowed to access.

    2. From the TLP drop-down menu, select a Traffic Light Protocol color to filter data accordingly.

      Default value: Red

    3. Select + Add or + More to add new rows as needed, where you can enter additional criteria.

  4. From the Source reliability drop-down menu, select a reliability value to filter data source by.

    The automation user group is granted access only to data whose source reliability matches the filter value you set here.

  5. From the Allowed roles drop-down menu Group admin settings, select one or more roles that group admins can assign to member users of the groups they are admin of.

    Alternatively:

    • Start typing a role name in the autocomplete text input field.

    • Select one or more filtered roles from the matching result list.

    To remove a selection, go to the item(s) you want to remove, and select the cross icon x.

    To remove all selections at once, select the cross icon x next to the drop-down menu arrow Drop-down menu arrow in the input field.

    Alternatively, select Unselect all options.

    Group admins can assign to the users of the groups they manage only the role subset you define here.

    This setting protects from unwanted privilege escalation by limiting the set of role-based permissions group admins can grant to their group members.

  6. To access additional save options, select the down arrow Drop-down menu arrow on the Save button:

    • Select Save and new to save the current data or configuration for the item you are working on, and to create a new item of the same type right away.

      For example, a new dataset, feed, policy, rule, task, or workspace.

    • Select Save and duplicate to save the current data for the item you are working on, and to create a new prepopulated copy of the same item, which you can use as a template or a blueprint to speed up repetitive manual work.