Manage roles#

Configure and manage user roles and their sets of permissions to control user access to specific Intelligence Center areas and resources and their ability to modify them.

About roles#

Roles group sets of permission to control:

  • What actions users can carry out: read-only or read-write

  • What Intelligence Center resources users can view or touch: entities, observables, datasets, and so on.

  • Where in EclecticIQ Intelligence Center users can perform the allowed actions: graph, workspaces, feeds, and so on.

Note

To edit roles, users require:

  • The checkbox Administrator to be checked in the Edit user view.

  • Or a non-admin access level that includes the modify roles permissions.

EclecticIQ Intelligence Center manages and controls resource access and consumption by defining access profiles at different access tiers with the following characteristics:

  • Users: individual Intelligence Center consumers.

    They can access EclecticIQ Intelligence Center by signing in with their designated account credentials, such as user name and password.

    Example: mhamilton / Apollo11

  • Groups: multiple users brought together under a common umbrella.

    They share the same access rights to selected allowed data sources, such as specific datasets, feeds, enrichers, as well as other groups.

    Example: Threat analysts

    User groups enable controlling user group members’ access to specific Intelligence Center data, assets, and resources through the following mechanisms:

    • Allowed sources: data origins of content stored in EclecticIQ Intelligence Center.

      Selecting an allowed data source for a group means that all group members can access Intelligence Center content that the data source in question is the producer of.

      Data sources can be existing incoming feeds, enrichers, as well as other user groups.

      Example: Entities from Feed A

    • TLP: TLP stands for Traffic Light Protocol.

      TLP color codes flag information to provide handling and sharing guidelines.

      You can assign a TLP color value to restrict access to the following Intelligence Center items:

      • Entities.

      • Data you receive via incoming and send out via outgoing feeds.

      • Data created by users belonging to the groups associated with allowed data sources.

  • Roles: the expected functions assigned to an individual user or to a group of users.

    Roles represent sets of actions users can be tasked with.

    Roles group sets of permissions to define the allowed read and modify behaviors that are appropriate to the functions they are related to.

    Example: Team lead

  • Permissions: rules and policies constraining user scope.

    Permissions delimit scope by defining the types of action users are authorized to carry out.

    For example: read; modify (that is, create, edit, and delete.)

About permissions#

Permission purpose

Permissions provide granular user access control to Intelligence Center functionality, assets, and resources.

Permission names

Permission names are descriptive:

  • A verb describes the type of action the permission grants

  • A noun or noun phrase describes EclecticIQ Intelligence Center object that the action can be carried out on.

  • Format: ${type of action} ${object of the action}

  • Example: modify entities

Permission organization

Permissions are grouped in roles.

  • Roles act as containers for sets of permissions.

  • They define the set of capabilities and actions users can carry out in EclecticIQ Intelligence Center.

  • Users can be granted one or more roles.

Permission usage

  • Permissions are predefined in EclecticIQ Intelligence Center. They are not editable or configurable.

  • You can either grant permissions to, or revoke them from roles.

Permission actions

Permissions allow two types of action:

  • Modify: a modification permission that allows to read, create, update, and delete Intelligence Center data.

  • Read: a read-only permission that grants access to Intelligence Center data, without allowing any modifications.

View permissions

To display a list of the available Intelligence Center permissions:

  1. In the side navigation bar click Settings > User management > Permissions.

  2. To sort items by column header:

    • Click the header of the column whose content you want to sort.

    • Click Sort in ascending order or Sort in descending order to sort the content in either ascending or descending order, respectively.

Note

  • Role-based permissions define:

  • The type of actions users are allowed to perform.

  • The type of objects users are allowed to interact

    with.

  • Group-based Allowed sources and TLP define:

  • Specific Intelligence Center data, assets, and resources

    users are allowed to access.

When you assign permissions to a role, either to modify an existing role or to define a new role, make sure you understand what permissions are and how they work in EclecticIQ Intelligence Center.

For more information, see:

View roles#

To view a list of the available roles in EclecticIQ Intelligence Center:

  1. In the side navigation bar click Settings, select User management, and click the Roles tab.

    The Roles view shows the existing roles.

  2. To view details about a specific role, in the Roles overview click anywhere in the row corresponding to the role you want to review.

    The role detail pane slides in from the side of the screen.

  3. In the role detail pane, click Overview to see a list of permissions associated with the role.

    You can sort the items on the view by column header.

    To do so, click the column header you want to base the data sorting on.

    An upward-pointing or a downward-pointing arrow in the header indicates ascending and descending sort order, respectively.

The permissions on the list should map the typical tasks normally associated with the role.

For example, an administrator role should be granted a broader range of permissions and access rights than a standard user.

Click History to display an overview in reverse chronological order of the actions performed on the role since its creation.

This reference view enables you to inspect what happened to the role (the action), who did it (the user who carried out the action), and when it happened (the date and time).

Create roles#

To create a new role:

  1. In the side navigation bar click Settings > User management.

  2. Click the Roles tab, and then click + (Create role) to create a new role.

    The role editor is displayed.

Under Create role, define the following configuration settings:

  1. In the Name field, enter a short, clear, and descriptive name to identify the automation role.

    Example: Team manager

  2. In the Description field, enter a short, free-form description to clarify the purpose and the scope of the role.

    Example: Team managers supervise a large team or multiple smaller teams. They provide strategic guidance to keep teams and their members aligned to corporate goals and objectives.

  3. From the Permissions drop-down menu, select the actions the role is allowed to perform, and EclecticIQ Intelligence Center objects the role can act on.

    Alternatively:

    • Start typing a permission name in the autocomplete text input field.

    • Select one or more filtered permissions from the matching result list.

    To remove a selection, go to the item(s) you want to remove, and click the cross icon X.

    To remove all selections at once, click the cross icon X next to the drop-down menu arrow Drop-down menu arrow in the input field.

    Alternatively, click Unselect all options.

  4. To store your changes, click Save; to discard them, click Cancel.

Edit roles#

  1. Go to the row of the role you want to modify, click More, and select Edit to open the role editor.

  2. Alternatively, click anywhere in the row of the role you want to modify.

  3. At the bottom of the Role detail pane, click Edit to open the role editor.

  4. Change the role details as necessary.

  5. To store your changes, click Save; to discard them, click Cancel.

Delete roles#

  1. Go to the row of the role you want to delete, click More, and select Delete.

  2. Alternatively, click anywhere in the row of the role you want to delete.

  3. At the bottom of the Role detail pane, click Delete.

  4. In the confirmation dialog, click Delete to confirm the action.

    The role is deleted from EclecticIQ Intelligence Center.