Understanding Permissions - Users, Roles, and Assets
Sentinel offers standardized sets of permissions that can be assigned to a user for a given asset or set of assets. Standard roles include:
Security Operations Administrator
Details of the permissions associated with each role can be found here.
A given user may be assigned one or more roles. Each role will define the user’s permissions with regard to a particular set of assets, defined when the role is assigned to the user. That definition may be edited in the user management screens. A given user may have only one role with respect to a given asset.
In the diagram above, User 1 is a Sentinel Administrator for the asset named Elm. At the same time, User 1 is a SecOps Admin for the assets Beech and Acorn, and for the asset group Omega. However, for asset groups Epsilon and Delta, User 1 is only a Viewer. If there are other assets or asset groups, User 1 cannot access them at all, because no permissions have been assigned to User 1 for those assets.
|Each user-role-asset relationship is singular, a user may not have multiple roles with respect to the same asset. However, roles may be assigned to users for any combination of assets and asset groups.|
In keeping with good security practices generally, each user should be assigned only the role that is actually required for that user to do their job with respect to a given asset or asset group. Always grant the lowest level of permissions that is practical. For more detail on what permissions are associated with which role, see About User Roles.
|Also refer to Managing Groups.|