Understand the Available Permissions
Some permissions are available for any deployed product. Other permissions depend on the capabilities that you have deployed.
Reports Permissions
The following table lists the permissions available when you add the Reports feature.
| Function | Permissions | In the Reports Portal, allows users to… |
|---|---|---|
| Reports | Report Admin |
View dashboards and reports Create subfolders Schedule reports Create data worksheets, dashboards, and reports View Admin reports |
| Reports | Design Reports |
View dashboards and reports Create subfolders Schedule reports Create data worksheets, dashboards, and reports |
| Reports | Schedule Reports |
View dashboards and reports Create subfolders Schedule reports |
| Reports | View Reports |
View dashboards and reports Create subfolders |
User Management Permissions
The following table lists the permissions needed to manage users.
| Function | Permissions | Allows users to… |
|---|---|---|
|
User Management |
View Users |
View the list of all active and inactive users |
|
User Management |
View users Assign roles to users Assign users to groups |
|
|
User Management |
Activate /Deactivate Users |
View users Change the status of a user that you manage |
|
User Management |
Change User Password |
View users Change the password of a user that you manage |
|
User Management |
Change User Email |
View users Change the email associated with a user |
|
User Management |
Assign Roles to Users |
View users Assign roles that you currently have to users that you manage |
|
User Management |
Assign Users to Groups |
View users View account groups Add and remove users from account groups that you currently manage Assign users who are members of account groups that you manage to any other account group |
|
User Management |
Manage Groups |
View account groups Create account groups You are automatically added to the account groups that you create. Delete account groups that you currently manage Add and remove managers for account groups that you currently manage Add and remove users from account groups that you currently manage Assign users who are members of account groups that you manage to any other account group |
|
User Management |
View roles Create roles You are automatically added to the account groups that you create. Add and remove users from roles that you have Add and remove any permission assigned to you from roles that you currently have Delete roles that you currently have |
ArcSight Permissions
The following table lists the permissions available when you deploy an ArcSight capability such as Log Management and Compliance.
| Function | Permission | Allows users to… | Available with… |
|---|---|---|---|
| ArcMC |
ArcMC System Admin Not available in the ArcSight SaaS environment |
Perform System Admin functions |
Common services |
| ArcMC |
ArcMC Operation Admin Not available in the ArcSight SaaS environment |
Perform all Operations functions, but does not have access to System Admin |
Common services |
| ArcMC |
ArcMC System Viewer Not available in the ArcSight SaaS environment |
Read only access to System Admin functions |
Common services |
| ArcMC |
ArcMC Operation Viewer Not available in the ArcSight SaaS environment |
Read only access to Operations functions |
Common services |
| Case Management | View Own Cases | Allows a user to view the cases assigned to them | Common services |
| Case Management | View All Cases | Allows a user to view all cases | Common services |
| Case Management | Work on Cases | Allows a user modify cases and trigger manual actions | Common services |
| Case Management | Close Cases | Allows a user to close cases | Common services |
| Case Management | Create Manual Cases | Allows a user to create a new manual case | Common services |
| Case Management | Add Scope Items | Allows a user to add a new scope item on a case | Common services |
| Dashboards | Share a dashboard |
With the Manage Roles permission, share the current dashboard with any role Without the Manage Roles permission, share the current dashboard with any of the roles associated with the user’s role |
Common services |
| Operations Management |
Get Registration URL Available only in the ArcSight SaaS environment |
Generate a URL that the system uses to register connected components with AToMS | Real-time Threat Detection |
| Operations Management |
Access Database Monitoring-Overview |
View high-level, summary information about the workload and health of the database |
Capabilities that require the ArcSight Database |
| Operations Management |
Access Database Monitoring-Details In the ArcSight SaaS environment, available only to the System Operations Administrator |
View details about the health of the individual components of the distributed database system |
Capabilities that require the ArcSight Database |
| Operations Management | Manage Storage Groups |
Create and manage storage groups |
Common services |
| Operations Management |
Manage Kafka Available only in the ArcSight SaaS environment |
Access Kafka Manager for Transformation Hub |
Transformation Hub |
| Searches | Execute Search |
Execute searches using fieldsets, custom ranges dates, and search operators |
Common services |
| Searches | Export Search Results |
Export the search results in csv format |
Common services |
| Searches | Never Expire Search Results |
Configure search results to never expire |
Log Management and Compliance |
| Searches |
Never Expire Session for Real-time Searches Available only in the ArcSight SaaS environment |
Configure the session for a real-time search to not expire while you are logged out |
Real-time Threat Detection |
| Searches | Manage Scheduled Searches |
Create and manage scheduled searches |
Common services |
| Searches | Import / Export Search Queries |
Import and export search queries |
Log Management and Compliance |
| Searches | Import / Export Search Criteria |
Import and export search criteria |
Log Management and Compliance |
| Searches |
Perform Event Integrity Check When Multi-tenancy is enabled, available only for a provider |
Run an Event Integrity Check and view the results |
Log Management and Compliance |
| Searches | Manage Outlier Models and Scoring |
Create and delete Outliers models Build and pause the scoring processes |
Log Management and Compliance |
| Searches | Manage Lookup Lists |
Add, configure, view, and delete lookup lists |
Common services |
| Searches | Manage Fieldsets |
Create, edit, and delete fieldsets |
Common services |
| Searches | Manage Search Queries/Criteria |
Create, clone, edit, delete,and view all previously saved search queries and search criteria View and clone all out-of-the-box search queries |
Common services |
| Searches |
Logger Data Migration |
Execute a data migration from Logger into the ArcSight Database |
Common services |
| SOAR Configuration | Manage SOAR Playbooks | Allows a user to view and update SOAR playbooks | Common services |
| SOAR Configuration | Manage SOAR Integrations | Allows a user to view and update SOAR integrations and related configurations | Common services |
| SOAR Configuration | Monitor SOAR System | Allows a user to view SOAR status pages and pending items in queues | Common services |
| SOAR Configuration | Configure SOAR Parameters | Allows a user to view and update SOAR configurations | Common services |