Kaspersky Unified Monitoring and Analysis Platform

User roles

KUMA users may have the following roles:

• General administrator—this role is designed for users who are responsible for the core functionality of KUMA systems. For example, they install system components, perform maintenance, work with services, create backups, and add users to the system. These users have full access to KUMA.
• Administrator—this role is for users responsible for the core functionality of KUMA systems owned by specific tenants.
• Analyst—this role is for users responsible for configuring the KUMA system to receive and process events of a specific tenant. They also create and tweak correlation rules.
• Operator—this role is for users dealing with immediate security threats of a specific tenant.

  User roles rights

  Web interface section and actions	General administrator	Administrator	Analyst	Operator	Comment
  Reports
  View and edit templates and reports	yes	yes	yes	no	Analysts can: View and edit templates and reports that they created themselves. View reports sent to them by email. View predefined templates.
  Generate reports	yes	yes	yes	no	Analysts can generate reports that they created themselves or that are predefined (from a template or report). Analysts cannot generate reports sent to them by email.
  Export generated reports	yes	yes	yes	no	Analysts can export the following: Reports that they created themselves. Predefined reports. Reports received by email.
  Delete templates and generated reports	yes	yes	yes	no	Analysts can delete the templates and reports that they generated themselves. Analysts should not delete: Predefined templates. Reports received by email. Only the general administrator can delete predefined templates and reports.
  Edit the settings for generating reports	yes	yes	yes	no	Analysts may change the settings for generating reports that they created themselves or that are predefined.
  Duplicate report template	yes	yes	yes	no	Analysts can duplicate predefined report templates and report templates that they created themselves.
  Dashboard
  View data on the dashboard and change layouts	yes	yes	yes	yes
  Add layouts	yes	yes	yes	no	This includes adding widgets to a layout.
  Edit and rename layouts	yes	yes	yes	no	This includes adding, editing, and deleting widgets. Analysts may change/rename predefined layouts and layouts that were created using their account.
  Delete layouts	yes	yes	yes	no	Tenant administrators may delete layouts in the tenants available to them. Analysts may delete layouts that were created using their account. Only the general administrator can delete predefined layouts.
  Resources → Services and Resources → Services → Active services
  View the list of active services	yes	yes	yes	no	Only the general administrator can view and delete storage spaces. Access rights do not depend on the tenants selected in the menu.
  View the contents of the active list	yes	yes	yes	no
  Import/export/clear the contents of the active list	yes	yes	yes	no
  Create a set of resources for services	yes	yes	yes	no	Analysts cannot create storages.
  Create a service under Resources - Services - Active services	yes	yes	no	no
  Delete services	yes	yes	no	no
  Restart services	yes	yes	no	no
  Update the settings of services	yes	yes	yes	no
  Reset certificates	yes	yes	no	no	A user with the administrator role can reset the certificates of services only in the tenants that are accessible to the user.
  Resources → Resources
  View the list of resources	yes	yes	yes	no*	Analysts cannot view the list of secret resources, but these resources are available to them when they create services.
  Add resources	yes	yes	yes	no	Analysts cannot add secret resources.
  Edit resources	yes	yes	yes	no	Analysts cannot change secret resources.
  Create/edit/delete resources in a shared tenant	yes	no	no	no
  Delete resources	yes	yes	yes	no	Analysts cannot delete secret resources.
  Import resources	yes	yes	yes	no	Only the general administrator can import resources to a shared tenant.
  Export resources	yes	yes	yes	no	This includes resources from a shared tenant.
  View/edit collector or correlator drafts	yes	yes	yes	no	The user may only access their own drafts, regardless of the selected tenant. The list of drafts is generated based on those that belong to the user.
  Sources status → List of event sources
  View sources of events	yes	yes	yes	yes
  Change sources of events	yes	yes	yes	no	Edit source name, assign monitoring policy, disable monitoring policy.
  Delete sources of events	yes	yes	yes	no
  Sources status → Monitoring policies
  View monitoring policies	yes	yes	yes	yes
  Create monitoring policies	yes	yes	yes	no
  Edit monitoring policies	yes	yes	yes	no	Only the general administrator can edit the predefined monitoring policies.
  Delete monitoring policies	yes	yes	yes	no	Predefined policies cannot be removed.
  Assets
  View assets and asset categories	yes	yes	yes	yes	This includes shared tenant categories.
  Add/edit/delete asset categories	yes	yes	yes	no	Within the tenant available to the user.
  Add asset categories in a shared tenant	yes	no	no	no	This includes editing and deleting shared tenant categories.
  Attach assets to an asset category of the shared tenant	yes	yes	yes	no
  Add assets	yes	yes	yes	no
  Edit assets	yes	yes	yes	no
  Delete assets	yes	yes	yes	no
  Import assets from Kaspersky Security Center	yes	yes	yes	no
  Launch tasks in the asset within Kaspersky Security Center	yes	yes	yes	no
  Alerts
  View the list of alerts	yes	yes	yes	yes
  Change the priority of alerts	yes	yes	yes	yes
  Open the details of alerts	yes	yes	yes	yes
  Assign responsible users	yes	yes	yes	yes
  Close alerts	yes	yes	yes	yes
  Add comments to alerts	yes	yes	yes	yes
  Attach an event to alerts	yes	yes	yes	yes
  Detach an event from alerts	yes	yes	yes	yes
  Edit and delete someone else's filters	yes	yes	no	no
  Incidents
  View the list of incidents	yes	yes	yes	yes
  Create blank incidents	yes	yes	yes	yes
  Manually create incidents from alerts	yes	yes	yes	yes
  Change the priority of incidents	yes	yes	yes	yes
  Open the details of incidents	yes	yes	yes	yes	Incident details display data from only those tenants to which the user has access.
  Assign executors	yes	yes	yes	yes
  Close incidents	yes	yes	yes	yes
  Add comments to incidents	yes	yes	yes	yes
  Attach alerts to incidents	yes	yes	yes	yes
  Detach alerts from incidents	yes	yes	yes	yes
  Edit and delete someone else's filters	yes	yes	no	no
  Export incidents to RuCERT	yes	yes	yes	yes
  Events
  View the list of events	yes	yes	yes	yes
  Search events	yes	yes	yes	yes
  Open the details of events	yes	yes	yes	yes
  Open statistics	yes	yes	yes	yes
  Conduct a retroscan	yes	yes	yes	no
  Export events to a TSV file	yes	yes	yes	yes
  Edit and delete someone else's filters	yes	yes	no	no
  Start ktl enrichment	yes	yes	yes	no
  Settings → Users					This section is available only to the general administrator.
  View the list of users	yes	no	no	no
  Add a user	yes	no	no	no
  Edit a user	yes	no	no	no
  View the data of their own profile	yes	yes	yes	yes
  Edit the data of their own profile	yes	yes	yes	yes	The user role is not available for change.
  Settings → LDAP
  View the LDAP connection settings	yes	yes	no	no
  Edit the LDAP connection settings	yes	yes	no	no
  Settings → Tenants					This section is available only to the general administrator.
  View the list of tenants	yes	no	no	no
  Add tenants	yes	no	no	no
  Change tenants	yes	no	no	no
  Disable tenants	yes	no	no	no
  Settings → Active directory					This section is available only to the general administrator.
  View the Active Directory connection settings	yes	no	no	no
  Edit the Active Directory connection settings	yes	no	no	no
  Add filters based on roles for tenants	yes	no	no	no
  Settings → Notifications					This section is available only to the general administrator.
  View the SMTP connection settings	yes	no	no	no
  Edit the SMTP connection settings	yes	no	no	no
  Settings → License					This section is available only to the general administrator.
  View the list of added licenses	yes	no	no	no
  Add licenses	yes	no	no	no
  Delete licenses	yes	no	no	no
  Settings → KSC
  View the list of successfully integrated Kaspersky Security Center servers	yes	yes	no	no
  Add Kaspersky Security Center connections	yes	yes	no	no
  Delete Kaspersky Security Center connections	yes	yes	no	no
  Settings → CyberTrace					This section is available only to the general administrator.
  View the CyberTrace integration settings	yes	no	no	no
  Edit the CyberTrace integration settings	yes	no	no	no
  Settings → R-Vision					This section is available only to the general administrator.
  View R-Vision IRP integration settings	yes	no	no	no
  Change R-Vision IRP integration settings	yes	no	no	no
  Settings → KTL					This section is available only to the general administrator.
  View the Threat Lookup integration settings	yes	no	no	no
  Edit the Threat Lookup integration settings	yes	no	no	no
  Settings → Alerts
  View the parameters	yes	yes	yes	no
  Edit the parameters	yes	yes	yes	no
  Settings → Incidents → Automatic linking of alerts to incidents
  See the settings	yes	no	no	no
  Edit the settings	yes	no	no	no
  Settings → Incidents → Incident types
  View the categories reference	yes	yes	no	no
  View the categories charts	yes	yes	no	no
  Add categories	yes	yes	no	no	Available if the user has the administrator role in at least one tenant.
  Edit categories	yes	yes	no	no	Available if the user has the administrator role in at least one tenant.
  Delete categories	yes	yes	no	no	Available if the user has the administrator role in at least one tenant.
  Settings → RuCERT
  View the parameters	yes	no	no	no
  Edit the parameters	yes	no	no	no
  Metrics
  Open metrics	yes	no	no	no
  Task manager
  View a list of your own tasks	yes	yes	yes	yes	The section and tasks are not tied to a tenant. The tasks are available only to the user who created them.
  Finish your own tasks	yes	yes	yes	yes
  Restart your own tasks	yes	yes	yes	yes
  View a list of all tasks	yes	no	no	no
  Finish any task	yes	no	no	no
  Restart any task	yes	no	no	no
  CyberTrace					This section is not displayed in the web interface unless CyberTrace integration is configured under Settings → CyberTrace.
  Open the section	yes	no	no	no
  Access to the data of tenants
  Access to tenants	yes	yes	yes	yes	A user has access to the main tenant if its name is indicated in the settings blocks of the roles assigned to the user account. The access level depends on which role is indicated for the tenant. Permissions to access the main tenant do not include access to all tenants, but only provide access to the data of the main tenant.
  Main tenant	yes	yes	yes	yes	A shared tenant is used to store shared resources that must be available to all tenants. Although services cannot be owned by the shared tenant, these services may utilize resources that are owned by the shared tenant. These services are still owned by their respective tenants. Events, alerts and incidents cannot be shared. Permissions to access the shared tenant: Read/write—only the general administrator. Read—all other users, including users that have permissions to access the main tenant.
  Shared tenant	yes	yes	yes	yes	A user has access to the main tenant if its name is indicated in the settings blocks of the roles assigned to the user account. The access level depends on which role is indicated for the tenant. Permissions to access the main tenant do not grant access to other tenants.

* A user with the operator role sees resources in a shared tenant through the REST API .