Aware 2.0 - Creating a Role

Updated

This article contains information on implementing Role-Based Access Control (RBAC), including creating roles, assigning permissions, managing data access sets, and associating users to roles for secure and efficient access management.

 

Before implementing Role-Based Access Controls (RBAC), you should identify the roles required by your organization, considering your users, the tasks they need to perform, and the data they need to access.

 

There are three steps to implement RBAC. These steps can be done in any order, but we recommend following this sequence:

  1. Create your Data Access Sets.
  2. Create your users.
  3. Create your Roles.

 

Creating your Roles

In Role-Based Access Control (RBAC), permissions and data access are assigned to Roles, based on the responsibilities of that Role and the data that needs to be accessed. Users can view the roles associated with a user from their profile by navigating to System Settings > User Management. Users can also see their Roles and descriptions by navigating to System Settings > Roles.

 

 

Creating a New Role

To create a new role, navigate to System Settings > Roles > +New Role.

 

 

Enter Role Name

  • Enter Role name
  • Must be unique
  • Maximum of 100 characters
  • Not case sensitive
  • Special characters are allowed with no restrictions on the characters
  • Required field

 

Enter Role Description

  • Maximum of 255 characters
  • Special characters are allowed with no restrictions on the characters
  • Not case sensitive
  • Does not need to be unique
  • Optional field, but very helpful in determining which roles to assign to users

 

 

  1. Click Permissions.
  2. Select which Signal, Search, and Discover permissions you want to assign to the role.

     

     

  3. For Signal, the following permissions are available:
  • Signal Admin: Allows complete Data Access as well as access to all Policies and Rules in Signal.
  • Manage Policies: This option allows the creation, editing, and deletion of authorized Signal policies. Selecting this also sets the Manage Rules and View Policies and Rules permissions.
  • Policy Creators: can create policies and invite other Creators and Event Managers to policies they created or have been invited to. They can see which users are given permissions to a policy they created or have been invited to, modify the roles of Creators and Event Managers (for example, upgrade an Event Manager’s permission level to Creator), and add and remove Creators and Event Managers on a policy they created or have been invited to.
  • Manage Rules: This option allows the creation, editing, and deletion of rules associated with authorized Signal policies. Selecting this also sets the View Policies and Rules permission.
  • Manage Events: This option allows taking action (tombstoning, deleting, exporting, etc.) on events associated with authorized Signal policies. Selecting this also sets the View Policies and Rules and View Events permissions. Event managers can view and manage events for policies to which they have been invited. They cannot create policies or see policies they have not been invited to, and they have no invite capability.
  • View Policies and Rules: This permission allows you to view Signal policies and their associated rules. It can be set independently.
  • View Events: This option allows you to view events associated with authorized Signal policies. Selecting this also sets the View Policies and Rules permission.

 

For Search and Discover, the following permissions are available:

  • Search and Discover Admin: Allows complete Data Access as well as access to all searches
  • Manages Searches: If your role is a Search Manager, you have Manage Searches and View Searches permissions by default. These allow you to create a new search for any Data Access Set you are authorized to access, and to view and rerun any search you can access. However, you cannot mark or export results. An Aware Admin can add Manage Search Results permission or make you a Search Admin, Search Result Manager, or Search Viewer.
  • Manage Search Results: If your role is Search Result Manager, you have Manage Search Results and View Searches permissions by default. These allow you to view and mark results for any search you are authorized to access and export its results. However, you cannot create a new search, update an existing one, or rerun one. An Aware Admin can add Manage Searches permission or make you a Search Admin, Search Manager, or Search Viewer.
  • View Searches: If your role is Search Viewer, you have View Searches permission by default. This allows you to view searches you are authorized to access, along with their results. However, you cannot create a new search, rerun prior searches, or mark or export results of prior searches. An Aware Admin can add Manage Search Results and/or Manage Searches permission or make you a Search Admin, Search Manager, or Search Result Manager.
  1. Select Data Access.
  2. Click Add Data Access Set.

 

 

  1. Select the Data Access Sets that you want to associate with this Role.
  2. You can also select the New Data Access Set to create a new Data Access Set.
  3. When you select a Data Access Set, its contents are displayed in the right panel. You can further expand on each platform to display the sources that have been selected for this Data Access Set. You can only view the contents of the Data Access Set in this screen; you cannot modify its contents.
  4. Click Select Access Set to add the selected Data Access Set to the Role.
  5. To add another Data Access Set, click Add Data Access Set.

 

 

  • When finished adding Data Access Sets to the role, click Users.
  • Select users from the list.
  • When finished select Save Role.

Related to

Was this article helpful?
0 out of 0 found this helpful

Comments

0 comments

Please sign in to leave a comment.