User roles

KUMA users may have the following roles:

• General administrator—this role is designed for users who are responsible for the core functionality of KUMA systems. For example, they install system components, perform maintenance, work with services, create backups, and add users to the system. These users have full access to KUMA.
• Administrator—this role is for users responsible for the core functionality of KUMA systems owned by specific tenants.
• Analyst—this role is for users responsible for configuring the KUMA system to receive and process events of a specific tenant. They also create and tweak correlation rules.
• First line analyst—this role is for users responsible for configuring the KUMA system to receive and process events of a specific tenant. They also create and tweak correlation rules. Users with this role have fewer privileges than analysts.
• Operator—this role is for users dealing with immediate security threats of a specific tenant. A user with the operator role sees resources in a shared tenant through the REST API.

  User roles rights

  Web interface section and actions	General administrator	Administrator	Analyst	First line analyst	Operator	Comment
  Reports
  View and edit templates and reports	filled in	filled in	filled in	filled in	no	The first line analysts and analysts can: View and edit templates and reports that they created themselves. View reports sent to them by email. View predefined templates.
  Generate reports	filled in	filled in	filled in	filled in	no	The analysts can generate the reports they created or the predefined reports (from a template or a report). The analysts cannot generate reports sent to them by email.
  Export generated reports	filled in	filled in	filled in	filled in	no	The first line analysts and the analysts can upload: Reports that they created themselves. Predefined reports. Reports received by email.
  Delete templates and generated reports	filled in	filled in	filled in	filled in	no	The first line analysts and the analysts can delete the templates and reports they generated. The first line analysts and the analysts cannot delete: Predefined templates. Reports received by email. Only the general administrator can delete predefined templates and reports.
  Edit the settings for generating reports	filled in	filled in	filled in	filled in	no	The analysts can change the settings for generating predefined reports and the reports they created. The first line analysts can change the settings for generating the reports they created.
  Duplicate report template	filled in	filled in	filled in	filled in	no	The first line analysts and the analysts can duplicate their own reports and predefined reports.
  Receive the generated report by email	filled in	filled in	filled in	filled in	filled in	If a report is sent as a link, it is available to KUMA users only. If a report is sent as an attachment, it is available to all recipients in the list of email addresses.
  Dashboard
  View data on the dashboard and change layouts	filled in	filled in	filled in	filled in	filled in
  View the Universal layout	filled in	filled in	filled in	filled in	filled in
  Add layouts	filled in	filled in	filled in	filled in	no	This includes adding widgets to a layout. Only the general administrator can add a universal layout.
  Edit and rename layouts	filled in	filled in	filled in	only own	no	This includes adding, editing, and deleting widgets. Analysts may change/rename predefined layouts and layouts that were created using their account.
  Delete layouts	filled in	filled in	filled in	only own	no	Tenant administrators may delete layouts in the tenants available to them. Analysts may delete layouts that were created using their account. Only the general administrator can delete predefined layouts.
  Enable and disable the TV mode	filled in	filled in	filled in	filled in	filled in
  Resources → Services and Resources → Services → Active services
  View the list of active services	filled in	filled in	filled in	filled in	no	Only the general administrator can view and delete storage spaces. Access rights do not depend on the tenants selected in the menu.
  View the contents of the active list	filled in	filled in	filled in	filled in	no
  Import/export/clear the contents of the active list	filled in	filled in	filled in	filled in	no	First line analysts can: Export the contents of all the active lists they have access to. Import and clear the active lists they created.
  Create a set of resources for services	filled in	filled in	filled in	no	no	Analysts cannot create storages.
  Create a service under Resources → Services → Active services	filled in	filled in	no	no	no	Only the general administrator can create a service.
  Delete services	filled in	filled in	no	no	no
  Restart services	filled in	filled in	no	no	no
  Update the settings of services	filled in	filled in	filled in	no	no
  Reset certificates	filled in	filled in	no	no	no	A user with the administrator role can reset the certificates of services only in the tenants that are accessible to the user.
  Resources → Resources
  View the list of resources	filled in	filled in	filled in	filled in	no	Analysts cannot view the list of secret resources, but these resources are available to them when they create services.
  Add resources	filled in	filled in	filled in	filled in	no	Analysts cannot add secret resources.
  Duplicate resources	filled in	filled in	filled in	filled in	no	The first line analysts can duplicate a resource created by other users, including a set of service resources. However, the first line analysts cannot change the dependent resources in the copy of the set of service resources.
  Edit resources	filled in	filled in	filled in	filled in	no
  Create/edit/delete resources in a shared tenant	filled in	no	no	no	no
  Delete resources	filled in	filled in	filled in	filled in	no	Analysts cannot delete secret resources. The first line analysts can delete only their own resources.
  Import resources	filled in	filled in	filled in	no	no	Only the general administrator can import resources to a shared tenant.
  View the repository, import the resources from the repository	filled in	filled in	filled in	no	no	Only the general administrator can import resources to a shared tenant.
  Export resources	filled in	filled in	filled in	no	no	This includes resources from a shared tenant.
  View/edit collector or correlator drafts	filled in	filled in	filled in	filled in	no	The user may only access their own drafts, regardless of the selected tenant. The list of drafts is generated based on those that belong to the user.
  Source status → List of event sources
  View sources of events	filled in	filled in	filled in	filled in	filled in
  Change sources of events	filled in	filled in	filled in	no	no
  Delete sources of events	filled in	filled in	filled in	no	no
  Source status → Monitoring policies
  View monitoring policies	filled in	filled in	filled in	filled in	filled in
  Create monitoring policies	filled in	filled in	filled in	no	no
  Edit monitoring policies	filled in	filled in	filled in	no	no	Only the general administrator can edit the predefined monitoring policies.
  Delete monitoring policies	filled in	filled in	filled in	no	no	Predefined policies cannot be removed.
  Assets
  View assets and asset categories	filled in	filled in	filled in	filled in	filled in	This includes shared tenant categories.
  Add/edit/delete asset categories	filled in	filled in	filled in	filled in	no	Within the tenant available to the user.
  Add asset categories in a shared tenant	filled in	no	no	no	no	This includes editing and deleting shared tenant categories.
  Link assets to an asset category of the shared tenant	filled in	filled in	filled in	filled in	no
  Add assets	filled in	filled in	filled in	filled in	no
  Edit assets	filled in	filled in	filled in	filled in	no
  Delete assets	filled in	filled in	filled in	filled in	no
  Import assets from Kaspersky Security Center	filled in	filled in	filled in	filled in	no
  Start tasks on assets in Kaspersky Security Center	filled in	filled in	filled in	filled in	no
  Run tasks on Kaspersky Endpoint Detection and Response assets	filled in	filled in	filled in	filled in	no
  Confirm updates to fix the asset vulnerabilities and accept the licensing agreements	filled in	filled in	no	no	no
  Run the tasks on the assets in KEDR	filled in	filled in	filled in	filled in	no
  Editing custom fields of the assets (Settings → Assets)	filled in	filled in	filled in	filled in	no
  Alerts
  View the list of alerts	filled in	filled in	filled in	filled in	filled in
  Change the severity of alerts	filled in	filled in	filled in	filled in	filled in
  Open the details of alerts	filled in	filled in	filled in	filled in	filled in
  Assign responsible users	filled in	filled in	filled in	filled in	filled in
  Close alerts	filled in	filled in	filled in	filled in	filled in
  Add comments to alerts	filled in	filled in	filled in	filled in	filled in
  Attach an event to alerts	filled in	filled in	filled in	filled in	filled in
  Detach an event from alerts	filled in	filled in	filled in	filled in	filled in
  Edit and delete someone else's filters	filled in	filled in	no	no	no	Analysts and operators can edit or delete only their own filter resources.
  Incidents
  View the list of incidents	filled in	filled in	filled in	filled in	filled in
  Create blank incidents	filled in	filled in	filled in	filled in	filled in
  Manually create incidents from alerts	filled in	filled in	filled in	filled in	filled in
  Change the severity of incidents	filled in	filled in	filled in	filled in	filled in
  Open the incident details	filled in	filled in	filled in	filled in	filled in	Incident details display data from only those tenants to which the user has access.
  Assign executors	filled in	filled in	filled in	filled in	filled in
  Close incidents	filled in	filled in	filled in	filled in	filled in
  Add comments to incidents	filled in	filled in	filled in	filled in	filled in
  Attach alerts to incidents	filled in	filled in	filled in	filled in	filled in
  Detach alerts from incidents	filled in	filled in	filled in	filled in	filled in
  Edit and delete someone else's filters	filled in	filled in	no	no	no	Analysts and operators can edit or delete only their own filter resources.
  Export incidents to RuCERT	filled in	filled in	filled in	filled in	filled in	The export function is always available to the general administrator. Other users can perform export if the "Can interact with RuCERT" check box is selected in their profile. In the case of hierarchical KUMA deployment, interaction with RuCERT is performed from the main KUMA node.
  Send files to RuCERT	filled in	filled in	filled in	filled in	filled in
  Download files sent to RuCERT	filled in	filled in	filled in	filled in	filled in
  Export additional incident data to RuCERT upon request	filled in	filled in	filled in	filled in	filled in
  Send messages to RuCERT	filled in	filled in	filled in	filled in	filled in
  View messages from RuCERT	filled in	filled in	filled in	filled in	filled in
  View incident data exported to RuCERT	filled in	filled in	filled in	filled in	filled in
  Events
  View the list of events	filled in	filled in	filled in	filled in	filled in
  Search events	filled in	filled in	filled in	filled in	filled in
  Open the details of events	filled in	filled in	filled in	filled in	filled in
  Open statistics	filled in	filled in	filled in	filled in	filled in
  Conduct a retroscan	filled in	filled in	filled in	no	no
  Export events to a TSV file	filled in	filled in	filled in	filled in	filled in
  Edit and delete someone else's filters	filled in	filled in	no	no	no	Analysts and operators can edit or delete only their own filter resources.
  Start ktl enrichment	filled in	filled in	filled in	filled in	no
  Run tasks on Kaspersky Endpoint Detection and Response assets in event details	filled in	filled in	filled in	filled in	no
  Create presets	filled in	filled in	filled in	filled in	filled in
  Delete presets	filled in	filled in	filled in	filled in	filled in	The first line analysts and the operators can delete only their own presets.
  View and use presets	filled in	filled in	filled in	filled in	filled in
  Settings → Users
  View the list of users	filled in	no	no	no	no
  Add a user	filled in	no	no	no	no
  Edit a user	filled in	no	no	no	no
  Generate token	filled in	filled in	filled in	filled in	filled in	All users can generate their own tokens. The general administrator can generate a token for any user.
  Change access rights for a token	filled in	filled in	no	no	no	The general administrator can change access rights for any user, tenant administrators can change only their own access rights.
  View the data of their own profile	filled in	filled in	filled in	filled in	filled in
  Edit the data of their own profile	filled in	filled in	filled in	filled in	filled in	The user role is not available for change.
  Settings → LDAP server
  View the LDAP connection settings	filled in	filled in	filled in	filled in	no
  Edit the LDAP connection settings	filled in	filled in	no	no	no
  Delete the configuration of an entire tenant from the settings	filled in	filled in	no	no	no
  Import assets	filled in	filled in	no	no	no
  Settings → Tenants						This section is available only to the general administrator.
  View the list of tenants	filled in	no	no	no	no
  Add tenants	filled in	no	no	no	no
  Change tenants	filled in	no	no	no	no
  Disable tenants	filled in	no	no	no	no
  Settings → Domain authorization						This section is available only to the general administrator.
  View the Active Directory connection settings	filled in	no	no	no	no
  Edit the Active Directory connection settings	filled in	no	no	no	no
  Add filters based on roles for tenants	filled in	no	no	no	no
  Run tasks in Active Directory	filled in	filled in	filled in	no	no
  Settings → General						This section is available only to the general administrator.
  View the SMTP connection settings	filled in	no	no	no	no
  Edit the SMTP connection settings	filled in	no	no	no	no
  Settings → License						This section is available only to the general administrator.
  View the list of added license keys	filled in	no	no	no	no
  Add license keys	filled in	no	no	no	no
  Delete license keys	filled in	no	no	no	no
  Settings → Kaspersky Security Center
  View the list of successfully integrated Kaspersky Security Center servers	filled in	filled in	filled in	filled in	no
  Add Kaspersky Security Center connections	filled in	filled in	no	no	no
  Delete Kaspersky Security Center connections	filled in	filled in	no	no	no
  Delete the configuration of an entire tenant from the settings	filled in	filled in	no	no	no
  Start the tasks for importing Kaspersky Security Center assets	filled in	filled in	no	no	no
  Settings → Kaspersky Industrial CyberSecurity for Networks
  View a list of KICS for Networks servers with which integration has been configured	filled in	filled in	no	no	no
  Add and modify the settings of KICS for Networks integration	filled in	filled in	no	no	no
  Delete the settings of KICS for Networks integration	filled in	filled in	no	no	no
  Run the tasks to import assets from the KICS for Networks settings	filled in	filled in	no	no	no
  Settings → Kaspersky Automated Security Awareness Platform
  View the ASAP integration settings	filled in	no	no	no	no
  Edit the ASAP integration settings	filled in	no	no	no	no
  View information from ASAP in the user details window	filled in	filled in	filled in	filled in	filled in
  Assign users to an ASAP learning group	filled in	filled in	filled in	filled in	no
  Settings → Kaspersky Endpoint Detection and Response
  View the connection settings	filled in	filled in	filled in	filled in	no
  Add, edit and disconnect the connections when the distributed solution mode is enabled	filled in	no	no	no	no
  Enable the distributed solution mode	filled in	no	no	no	no
  Add connections when the distributed solution mode is disabled	filled in	filled in	no	no	no
  Delete the connections when the distributed solution mode is disabled	filled in	filled in	no	no	no
  Delete the configuration of an entire tenant from the settings	filled in	filled in	no	no	no
  Settings → Kaspersky CyberTrace						This section is available only to the general administrator.
  View the CyberTrace integration settings	filled in	no	no	no	no
  Edit the CyberTrace integration settings	filled in	no	no	no	no
  Settings → IRP / SOAR						This section is available only to the general administrator.
  View the settings for integration with IRP / SOAR	filled in	no	no	no	no
  Edit the IRP/SOAR integration settings	filled in	no	no	no	no
  Settings → Kaspersky Threat Lookup						This section is available only to the general administrator.
  View the Threat Lookup integration settings	filled in	no	no	no	no
  Edit the Threat Lookup integration settings	filled in	no	no	no	no
  Settings → Alerts
  View the parameters	filled in	filled in	filled in	filled in	no
  Edit the parameters	filled in	filled in	filled in	no	no
  Delete the configuration of an entire tenant from the settings	filled in	filled in	filled in	no	no
  Settings → Incidents → Automatic linking of alerts to incidents
  View the parameters	filled in	filled in	filled in	filled in	no
  Edit the parameters	filled in	no	no	no	no
  Settings → Incidents → Incident types
  View the categories reference	filled in	filled in	filled in	filled in	no
  View the categories charts	filled in	filled in	filled in	filled in	no
  Add categories	filled in	filled in	no	no	no
  Edit categories	filled in	filled in	no	no	no
  Delete categories	filled in	filled in	no	no	no
  Settings → RuCERT
  View the parameters	filled in	no	no	no	no
  Edit the parameters	filled in	no	no	no	no
  Settings → Hierarchy
  View the parameters	filled in	no	no	no	no
  Edit the parameters	filled in	no	no	no	no
  View incidents from child nodes	filled in	filled in	filled in	no	filled in	All users of the parent node have access to the incidents in the child nodes.
  Settings → Asset audit
  Create, clone and edit the settings	filled in	filled in	filled in	no	no
  View the parameters	filled in	filled in	filled in	filled in	no
  Delete settings	filled in	filled in	no	no	no
  Settings → Repository update
  View the parameters	filled in	filled in	filled in	no	no
  Edit the parameters	filled in	no	no	no	no
  Start the repository update task manually	filled in	filled in	filled in	no	no
  Settings → Assets
  Add, edit, and delete the asset fields	filled in	no	no	no	no
  Metrics
  Open metrics	filled in	no	no	no	no
  Task manager
  View a list of your own tasks	filled in	filled in	filled in	filled in	filled in	The section and tasks are not tied to a tenant. The tasks are available only to the user who created them.
  Finish your own tasks	filled in	filled in	filled in	filled in	filled in
  Restart your own tasks	filled in	filled in	filled in	filled in	filled in
  View a list of all tasks	filled in	no	no	no	no
  Finish any task	filled in	no	no	no	no
  Restart any task	filled in	no	no	no	no
  CyberTrace						This section is not displayed in the web interface unless CyberTrace integration is configured under Settings → CyberTrace.
  Open the section	filled in	no	no	no	no
  Access to the data of tenants
  Access to tenants	filled in	filled in	filled in	filled in	filled in	A user has access to the tenant if its name is indicated in the settings blocks of the roles assigned to the user account. The access level depends on which role is indicated for the tenant.
  Shared tenant	filled in	filled in	filled in	filled in	filled in	A shared tenant is used to store shared resources that must be available to all tenants. Although services cannot be owned by the shared tenant, these services may utilize resources that are owned by the shared tenant. These services are still owned by their respective tenants. Events, alerts and incidents cannot be shared. Permissions to access the shared tenant: Read/write—only the general administrator. Read—all other users, including users that have permissions to access the main tenant.
  Main tenant	filled in	filled in	filled in	filled in	filled in	A user has access to the main tenant if its name is indicated in the settings blocks of the roles assigned to the user account. The access level depends on which role is indicated for the tenant. Permissions to access the main tenant do not grant access to other tenants.

Page top