Understanding Permissions - Users, Roles, and Assets
The Continuous Dynamic Portal offers standardized sets of permissions that can be assigned to a user for a given asset or set of assets. Standard roles include:
-
Viewer
-
Developer
-
Security Operator
-
Security Operations Administrator
-
Sentinel Administrator
Details of the permissions associated with each role can be found here.
A given user may be assigned one or more roles. Each role will define the user’s permissions with regard to a particular set of assets, defined when the role is assigned to the user. That definition may be edited in the user management screens. A given user may have only one role with respect to a given asset.
In the diagram above, User 1 is a Sentinel Administrator for the asset named Elm. At the same time, User 1 is a SecOps Admin for the assets Beech and Acorn, and for the asset group Omega. However, for asset groups Epsilon and Delta, User 1 is only a Viewer. If there are other assets or asset groups, User 1 cannot access them at all, because no permissions have been assigned to User 1 for those assets.
Each user-role-asset relationship is singular, a user may not have multiple roles with respect to the same asset. However, roles may be assigned to users for any combination of assets and asset groups. |
In keeping with good security practices generally, each user should be assigned only the role that is actually required for that user to do their job with respect to a given asset or asset group. Always grant the lowest level of permissions that is practical. For more detail on what permissions are associated with which role, see About User Roles.
Video Tutorial - User Management Tab
Also refer to Managing Groups. |