Create an automation role#
It is a good idea to have one or more dedicated user, groups, and roles, as necessary, to handle automation tasks that interact with external products or components of your system:
Automation roles group sets of permissions to define and to constrain the actions automation users are allowed to perform.
Automation groups bring together automation users, and they define which platform areas, features, and functionality are accessible to automation users.
Automation users handle automation and integration tasks – based on the automation role they are assigned and the automation groups they are members of – such as authentication, data exchange through outgoing and incoming feeds, or automatic entity creation as a follow-up action on a specific event.
Create the automation role#
Note
Required fields are marked with an asterisk (*).
To create and to add a new role:
In the side navigation bar select Settings > User management > Roles > Create role +.
The role editor is displayed.
To create a new automation role:
In the side navigation bar select Settings > User management.
Select the Roles tab, and then select Create role + to create a new role.
The role editor is displayed.
Under Create role, define the following configuration settings:
In the Name field, enter a short, clear, and descriptive name to identify the automation role.
Example: External systems integrator
In the Description field, enter a short, free-form description to clarify the purpose and the scope of the automation role.
Example: Allows implementing data exchange interoperability between the platform and an external system.
From the Permissions drop-down menu, select the actions the role is allowed to perform, and the platform objects the role can act on.
Alternatively:
Start typing a permission name in the autocomplete text input field.
Select one or more filtered permissions from the matching result list.
To remove a selection, go to the item(s) you want to remove, and select the cross icon x.
To remove all selections at once, select the cross icon x next to the drop-down menu arrow in the input field.
Alternatively, select Unselect all options.
To store your changes, select Save; to discard them, select Cancel.
Assign permissions to the automation role#
The automation role for a platform-to-platform integration through a TAXII feed requires read access to:
Data sources: incoming feeds, groups
Feeds: incoming and outgoing feeds
TAXII services: discovery, collection, inbox or poll.
The following overview includes the minimum set of permissions an automation role should be granted to manage basic data exchange through a TAXII outgoing -> TAXII incoming feed configuration.
If your automation user role should also interact with other platform features such as datasets and workspaces, you can integrate this basic permission set with the default permissions granted to the default Threat Analyst role.
To view permissions for the the default Threat Analyst role:
In the side navigation bar select Settings > User management > Roles
To sort items by column header:
Under Role name, select Threat Analyst.
In the Threat Analyst detail pane, in the Overview tab, you can view a list of permissions granted to the role.
These are guidelines, and therefore not mandatory.
You may need to tweak the automation role permissions based on trial and error hands-on experience to best suit your environment.
Basic permission set for the automation role#
Sender automation role |
Receiver automation role |
Required |
Notes |
---|---|---|---|
|
|
Yes |
Different permissions between sender and receiver automation roles are highlighted in bold. |
|
See notes |
The sender automation user role must have also these permissions if:
|
|
modify outgoing-feeds |
See notes |
The receiver automation user role must have also this permission if:
|
Note
When you assign permissions to a role, either to modify an existing role or to define a new role, make sure you understand what permissions are and how they work in the platform.
For more information, see: