KUMA users may have the following roles:
User permissions for the Reports section
The Reports section and actions in this section |
General admin- |
Tenant admin- |
Tier 2 analyst |
Tier 1 analyst |
Junior analyst |
Manage |
Read shared resources |
Access to NCIRCC |
Access to CII |
Create report template |
yes |
yes |
yes |
yes |
no |
no |
no |
no |
no |
yes |
yes |
yes |
yes |
no |
no |
no |
no |
no |
|
yes |
yes |
yes |
yes |
no |
no |
no |
no |
no |
|
yes |
yes |
yes |
yes |
yes |
no |
no |
no |
no |
|
yes |
yes |
yes |
yes |
no |
no |
no |
no |
no |
|
yes |
yes |
yes |
yes |
yes |
no |
no |
no |
no |
|
yes |
yes |
yes |
yes |
no |
no |
no |
no |
no |
|
yes |
yes |
yes |
yes |
no |
no |
no |
no |
no |
|
yes |
yes |
yes |
yes |
no |
no |
no |
no |
no |
|
yes |
yes |
yes |
yes |
yes |
no |
no |
no |
no |
User permissions for the Dashboard section
The Dashboard section and actions in this section |
General admin- |
Tenant admin- |
Tier 2 analyst |
Tier 1 analyst |
Junior analyst |
Manage |
Read shared resources |
Access to NCIRCC |
Access to CII |
yes |
yes |
yes |
yes |
yes |
no |
no |
yes |
yes |
|
View the Universal layout |
yes |
yes |
yes |
yes |
yes |
no |
no |
yes |
yes |
yes |
yes |
yes |
yes |
no |
no |
no |
no |
no |
|
yes |
yes |
yes |
yes |
no |
no |
no |
no |
no |
|
yes |
yes |
yes |
yes |
no |
no |
no |
no |
no |
|
Enable and disable the TV mode |
yes |
yes |
yes |
yes |
yes |
no |
no |
yes |
yes |
User permissions for the Resources section
The Resources → Services & Resources → Services → Active services section and actions in this section |
General admin- |
Tenant admin- |
Tier 2 analyst |
Tier 1 analyst |
Junior analyst |
Manage |
Read shared resources |
Access to NCIRCC |
Access to CII |
yes |
yes |
yes |
yes |
yes |
no |
no |
yes |
yes |
|
View and delete partitions in storage |
yes |
no |
no |
no |
no |
no |
no |
no |
no |
Download service logs |
yes |
yes |
yes |
yes |
yes |
no |
no |
yes |
yes |
Copy the service ID |
yes |
yes |
yes |
yes |
yes |
no |
no |
yes |
yes |
Refresh the table of active services |
yes |
yes |
yes |
yes |
yes |
no |
no |
yes |
yes |
Go to Events |
yes |
yes |
yes |
yes |
yes |
no |
no |
yes |
yes |
View the contents of the active list |
yes |
yes |
yes |
yes |
no |
no |
no |
no |
no |
View the content of a context table |
yes |
yes |
yes |
yes |
no |
no |
no |
no |
no |
yes |
yes |
yes |
yes |
no |
no |
no |
no |
no |
|
yes |
yes |
yes |
yes |
no |
no |
no |
no |
no |
|
yes |
yes |
yes |
no |
no |
no |
no |
no |
no |
|
Create a service under Resources → Services → Active services |
yes |
yes |
no |
no |
no |
no |
no |
no |
no |
Delete services |
yes |
yes |
no |
no |
no |
no |
no |
no |
no |
View services that have the gray status |
yes |
no |
no |
no |
no |
no |
no |
no |
no |
Restart services |
yes |
yes |
no |
no |
no |
no |
no |
no |
no |
Update the settings of services |
yes |
yes |
yes |
no |
no |
no |
no |
no |
no |
yes |
yes |
no |
no |
no |
no |
no |
no |
no |
User permissions for the Data mining section
The Data mining section and actions in this section |
General admin- |
Tenant admin- |
Tier 2 analyst |
Tier 1 analyst |
Junior analyst |
Manage |
Read shared resources |
Access to NCIRCC |
Access to CII |
View the scheduler configuration |
yes |
yes |
yes |
no |
no |
no |
yes |
no |
no |
Create a scheduler |
yes |
yes |
yes |
no |
no |
no |
no |
no |
no |
Link storages and correlators |
yes |
yes |
yes |
no |
no |
no |
no |
no |
no |
Run |
yes |
yes |
yes |
no |
no |
yes |
no |
no |
no |
User permissions for the Resources configuration and Services configuration sections
The Resources → Resources configuration and Configuring services and actions in this section |
General admin- |
Tenant admin- |
Tier 2 analyst |
Tier 1 analyst |
Junior analyst |
Manage |
Read shared resources |
Access to NCIRCC |
Access to CII |
yes |
yes |
yes |
yes |
no |
yes |
yes |
no |
no |
|
yes |
yes |
yes |
yes |
no |
no |
no |
no |
no |
|
yes |
yes |
yes |
yes |
no |
yes |
no |
no |
no |
|
yes |
yes |
yes |
yes |
no |
yes |
no |
no |
no |
|
yes |
yes |
yes |
yes |
no |
yes |
no |
no |
no |
|
yes |
yes |
yes |
yes |
no |
yes |
no |
no |
no |
|
yes |
yes |
yes |
yes |
no |
yes |
no |
no |
no |
|
View the repository, import the resources from the repository |
yes |
yes |
yes |
no |
no |
no |
no |
no |
no |
yes |
yes |
yes |
yes |
no |
yes |
yes |
no |
no |
|
Export correlation rules to MITRE ATT&CK Navigator |
yes |
yes |
yes |
yes |
no |
no |
no |
no |
no |
Create and edit a resource configuration in the Shared tenant |
yes |
no |
no |
no |
no |
yes |
yes |
no |
no |
View a resource in the Shared tenant (including linking, export, duplication) |
yes |
no |
no |
no |
no |
yes |
yes |
no |
no |
User permissions for the List of event sources section
The Source status → List of event sources section and actions in this section |
General admin- |
Tenant admin- |
Tier 2 analyst |
Tier 1 analyst |
Junior analyst |
Manage |
Read shared resources |
Access to NCIRCC |
Access to CII |
View sources of events |
yes |
yes |
yes |
yes |
yes |
yes |
no |
yes |
yes |
Change sources of events |
yes |
yes |
yes |
no |
no |
yes |
no |
no |
no |
Delete sources of events |
yes |
yes |
yes |
no |
no |
yes |
no |
no |
no |
User permissions for the Monitoring policies section
The Source status → Monitoring policies section and actions in this section |
General admin- |
Tenant admin- |
Tier 2 analyst |
Tier 1 analyst |
Junior analyst |
Manage |
Read shared resources |
Access to NCIRCC |
Access to CII |
View monitoring policies |
yes |
yes |
yes |
yes |
yes |
yes |
yes |
yes |
yes |
Create monitoring policies |
yes |
yes |
yes |
no |
no |
yes |
no |
no |
no |
yes |
yes |
yes |
no |
no |
yes |
no |
no |
no |
|
yes |
yes |
yes |
no |
no |
yes |
no |
no |
no |
User permissions for the Assets section
The Assets section and actions in this section |
General admin- |
Tenant admin- |
Tier 2 analyst |
Tier 1 analyst |
Junior analyst |
Manage |
Read shared resources |
Access to NCIRCC |
Access to CII |
Assets |
|
|
|
|
|
|
|
|
|
View the list of assets |
yes |
yes |
yes |
yes |
yes |
no |
no |
yes |
yes |
yes |
yes |
yes |
yes |
yes |
yes |
yes |
yes |
yes |
|
yes |
yes |
yes |
yes |
no |
no |
no |
no |
no |
|
yes |
no |
no |
no |
no |
no |
no |
no |
no |
|
Link assets to an asset category of the Shared tenant |
yes |
yes |
yes |
yes |
no |
yes |
yes |
no |
no |
Add assets |
yes |
yes |
yes |
yes |
no |
no |
no |
no |
no |
Edit assets |
yes |
yes |
yes |
yes |
no |
no |
no |
no |
no |
Delete assets |
yes |
yes |
yes |
yes |
no |
no |
no |
no |
no |
Import assets from Kaspersky Security Center |
yes |
yes |
yes |
yes |
no |
no |
no |
no |
no |
Start tasks on assets in Kaspersky Security Center |
yes |
yes |
yes |
yes |
no |
no |
no |
no |
no |
Run tasks to move an asset to a Kaspersky Security Center administration group |
yes |
yes |
yes |
yes |
no |
no |
no |
no |
no |
Run tasks on assets in Kaspersky Endpoint Detection and Response |
yes |
yes |
yes |
yes |
no |
no |
no |
no |
no |
Initiating the change of asset status in KICS for Networks |
yes |
yes |
yes |
yes |
no |
no |
no |
no |
no |
Confirm updates to fix the asset vulnerabilities and accept the licensing agreements |
yes |
yes |
no |
no |
no |
no |
no |
no |
no |
Editing CII categorization in the asset card |
yes |
no |
no |
no |
no |
no |
no |
no |
yes |
Editing custom fields of assets (Settings → Other → Assets) |
yes |
yes |
yes |
yes |
no |
no |
no |
no |
no |
User permissions for the Alerts section
The Alerts section and actions in this section |
General admin- |
Tenant admin- |
Tier 2 analyst |
Tier 1 analyst |
Junior analyst |
Manage |
Read shared resources |
Access to NCIRCC |
Access to CII |
View the list of alerts |
yes |
yes |
yes |
yes |
yes |
no |
no |
yes |
yes |
Change the severity of alerts |
yes |
yes |
yes |
yes |
yes |
no |
no |
yes |
yes |
Open the details of alerts |
yes |
yes |
yes |
yes |
yes |
no |
no |
yes |
yes |
Assign responsible users |
yes |
yes |
yes |
yes |
yes |
no |
no |
yes |
yes |
Close alerts |
yes |
yes |
yes |
yes |
yes |
no |
no |
yes |
yes |
Add comments to alerts |
yes |
yes |
yes |
yes |
yes |
no |
no |
yes |
yes |
Attach an event to alerts |
yes |
yes |
yes |
yes |
yes |
no |
no |
yes |
yes |
Detach an event from alerts |
yes |
yes |
yes |
yes |
yes |
no |
no |
yes |
yes |
yes |
yes |
no |
no |
no |
no |
no |
no |
no |
User permissions for the Incidents section
The Incidents section and actions in this section |
General admin- |
Tenant admin- |
Tier 2 analyst |
Tier 1 analyst |
Junior analyst |
Manage |
Read shared resources |
Access to NCIRCC |
Access to CII |
View the list of incidents |
yes |
yes |
yes |
yes |
yes |
no |
no |
yes |
yes |
Create blank incidents |
yes |
yes |
yes |
yes |
yes |
no |
no |
yes |
yes |
Manually create incidents from alerts |
yes |
yes |
yes |
yes |
yes |
no |
no |
yes |
yes |
Change the severity of incidents |
yes |
yes |
yes |
yes |
yes |
no |
no |
yes |
yes |
yes |
yes |
yes |
yes |
yes |
no |
no |
yes |
yes |
|
Assign executors |
yes |
yes |
yes |
yes |
yes |
no |
no |
yes |
yes |
Close incidents |
yes |
yes |
yes |
yes |
yes |
no |
no |
yes |
yes |
Add comments to incidents |
yes |
yes |
yes |
yes |
yes |
no |
no |
yes |
yes |
Attach alerts to incidents |
yes |
yes |
yes |
yes |
yes |
no |
no |
yes |
yes |
Detach alerts from incidents |
yes |
yes |
yes |
yes |
yes |
no |
no |
yes |
yes |
yes |
yes |
no |
no |
no |
no |
no |
no |
no |
|
yes |
no |
no |
no |
no |
no |
no |
yes |
no |
|
yes |
no |
no |
no |
no |
no |
no |
yes |
no |
|
yes |
no |
no |
no |
no |
no |
no |
yes |
no |
|
yes |
no |
no |
no |
no |
no |
no |
yes |
no |
|
yes |
no |
no |
no |
no |
no |
no |
yes |
no |
|
yes |
no |
no |
no |
no |
no |
no |
yes |
no |
|
View incident data exported to NCIRCC |
yes |
no |
no |
no |
no |
no |
no |
yes |
no |
User permissions for the Events section
The Events section and actions in this section |
General admin- |
Tenant admin- |
Tier 2 analyst |
Tier 1 analyst |
Junior analyst |
Manage |
Read shared resources |
Access to NCIRCC |
Access to CII |
View the list of events |
yes |
yes |
yes |
yes |
yes |
no |
no |
yes |
yes |
Search events |
yes |
yes |
yes |
yes |
yes |
no |
no |
yes |
yes |
Open the details of events |
yes |
yes |
yes |
yes |
yes |
no |
no |
yes |
yes |
Open statistics |
yes |
yes |
yes |
yes |
yes |
no |
no |
yes |
yes |
Perform a retroscan |
yes |
yes |
yes |
no |
no |
no |
no |
no |
no |
Export events to a TSV file |
yes |
yes |
yes |
yes |
yes |
no |
no |
yes |
yes |
View filters (search query) |
yes |
yes |
yes |
yes |
yes |
yes |
yes |
yes |
yes |
Add (save) filter |
yes |
yes |
yes |
yes |
yes |
yes |
no |
yes |
yes |
yes |
yes |
no |
no |
no |
no |
no |
no |
no |
|
Delete own filters |
yes |
yes |
yes |
yes |
yes |
yes |
no |
yes |
yes |
Delete other users' filters |
yes |
yes |
no |
no |
no |
no |
no |
no |
no |
Start ktl enrichment |
yes |
yes |
yes |
yes |
no |
no |
no |
no |
no |
Run tasks on Kaspersky Endpoint Detection and Response assets in event details |
yes |
yes |
yes |
yes |
no |
no |
no |
no |
no |
Create presets |
yes |
yes |
yes |
yes |
yes |
yes |
no |
yes |
yes |
yes |
yes |
yes |
yes |
yes |
yes |
no |
yes |
yes |
|
View and use presets |
yes |
yes |
yes |
yes |
yes |
yes |
yes |
yes |
yes |
User permissions for the Users and actions section
The Settings → Access → Users section and actions in this section |
General admin- |
Tenant admin- |
Tier 2 analyst |
Tier 1 analyst |
Junior analyst |
Manage |
Read shared resources |
Access to NCIRCC |
Access to CII |
View the list of users |
yes |
no |
no |
no |
no |
no |
no |
no |
no |
Add a user |
yes |
no |
no |
no |
no |
no |
no |
no |
no |
Edit a user |
yes |
no |
no |
no |
no |
no |
no |
no |
no |
yes |
yes |
yes |
yes |
yes |
yes |
yes |
yes |
yes |
|
yes |
yes |
yes |
yes |
yes |
yes |
yes |
yes |
yes |
|
View the data of their own profile |
yes |
yes |
yes |
yes |
yes |
yes |
yes |
yes |
yes |
yes |
yes |
yes |
yes |
yes |
yes |
yes |
yes |
yes |
User permissions for the LDAP server section
The Settings → Integrations → LDAP server section and actions in this section |
General admin- |
Tenant admin- |
Tier 2 analyst |
Tier 1 analyst |
Junior analyst |
Manage |
Read shared resources |
Access to NCIRCC |
Access to CII |
View the LDAP connection settings |
yes |
yes |
yes |
yes |
no |
no |
no |
no |
no |
Edit the LDAP connection settings |
yes |
yes |
no |
no |
no |
no |
no |
no |
no |
Delete the configuration of an entire tenant from the settings |
yes |
yes |
no |
no |
no |
no |
no |
no |
no |
Import assets |
yes |
yes |
no |
no |
no |
no |
no |
no |
no |
User permissions for the Tenants section
The Settings → Access → Tenants section and actions in this section |
General admin- |
Tenant admin- |
Tier 2 analyst |
Tier 1 analyst |
Junior analyst |
Manage |
Read shared resources |
Access to NCIRCC |
Access to CII |
View the list of tenants |
yes |
no |
no |
no |
no |
no |
no |
no |
no |
Add tenants |
yes |
no |
no |
no |
no |
no |
no |
no |
no |
Change tenants |
yes |
no |
no |
no |
no |
no |
no |
no |
no |
Export tenants |
yes |
no |
no |
no |
no |
no |
no |
no |
no |
This section is available only to the general administrator.
User permissions for the Domain authorization section
The Settings → Access → Domain authorization section and actions in this section |
General admin- |
Tenant admin- |
Tier 2 analyst |
Tier 1 analyst |
Junior analyst |
Manage |
Read shared resources |
Access to NCIRCC |
Access to CII |
View the Active Directory connection settings |
yes |
no |
no |
no |
no |
no |
no |
no |
no |
Edit the Active Directory connection settings |
yes |
no |
no |
no |
no |
no |
no |
no |
no |
Add filters based on roles for tenants |
yes |
no |
no |
no |
no |
no |
no |
no |
no |
This section is available only to the general administrator.
User permissions for the General section
The Settings → Other → General section and actions in this section |
General admin- |
Tenant admin- |
Tier 2 analyst |
Tier 1 analyst |
Junior analyst |
Manage |
Read shared resources |
Access to NCIRCC |
Access to CII |
View the SMTP connection settings |
yes |
no |
no |
no |
no |
no |
no |
no |
no |
Edit the SMTP connection settings |
yes |
no |
no |
no |
no |
no |
no |
no |
no |
This section is available only to the general administrator.
User permissions for the License section
The Settings → Other → License section and actions in this section |
General admin- |
Tenant admin- |
Tier 2 analyst |
Tier 1 analyst |
Junior analyst |
Manage |
Read shared resources |
Access to NCIRCC |
Access to CII |
View the list of added license keys |
yes |
no |
no |
no |
no |
no |
no |
no |
no |
Add license keys |
yes |
no |
no |
no |
no |
no |
no |
no |
no |
Delete license keys |
yes |
no |
no |
no |
no |
no |
no |
no |
no |
This section is available only to the general administrator.
User permissions for the Kaspersky Security Center section
The Settings → Integrations → Kaspersky Security Center section and actions in this section |
General admin- |
Tenant admin- |
Tier 2 analyst |
Tier 1 analyst |
Junior analyst |
Manage |
Read shared resources |
Access to NCIRCC |
Access to CII |
View the list of successfully integrated Kaspersky Security Center servers |
yes |
yes |
yes |
yes |
no |
no |
no |
no |
no |
Add Kaspersky Security Center connections |
yes |
yes |
no |
no |
no |
no |
no |
no |
no |
Delete Kaspersky Security Center connections |
yes |
yes |
no |
no |
no |
no |
no |
no |
no |
Delete the configuration of an entire tenant from the settings |
yes |
yes |
no |
no |
no |
no |
no |
no |
no |
Start the tasks for importing Kaspersky Security Center assets |
yes |
yes |
no |
no |
no |
no |
no |
no |
no |
User permissions for the KICS/KATA section
The Settings → Integrations → KICS/KATA section and actions in this section |
General admin- |
Tenant admin- |
Tier 2 analyst |
Tier 1 analyst |
Junior analyst |
Manage |
Read shared resources |
Access to NCIRCC |
Access to CII |
View a list of KICS/KATA servers with which integration has been configured |
yes |
yes |
no |
no |
no |
no |
no |
no |
no |
Add and modify the settings of KICS/KATA integration |
yes |
yes |
no |
no |
no |
no |
no |
no |
no |
Delete the settings of KICS/KATA integration |
yes |
yes |
no |
no |
no |
no |
no |
no |
no |
Run the tasks to import assets from the KICS/KATA settings |
yes |
yes |
no |
no |
no |
no |
no |
no |
no |
User permissions for the Kaspersky Automated Security Awareness Platform section
The Settings → Integrations → Kaspersky Automated Security Awareness Platform section and actions in this section |
General admin- |
Tenant admin- |
Tier 2 analyst |
Tier 1 analyst |
Junior analyst |
Manage |
Read shared resources |
Access to NCIRCC |
Access to CII |
View the ASAP integration settings |
yes |
no |
no |
no |
no |
no |
no |
no |
no |
Edit the ASAP integration settings |
yes |
no |
no |
no |
no |
no |
no |
no |
no |
User permissions for the Kaspersky Endpoint Detection and Response section
The Settings → Integrations → Kaspersky Endpoint Detection and Response section and actions in this section |
General admin- |
Tenant admin- |
Tier 2 analyst |
Tier 1 analyst |
Junior analyst |
Manage |
Read shared resources |
Access to NCIRCC |
Access to CII |
View the connection settings |
yes |
yes |
yes |
yes |
no |
no |
no |
no |
no |
Add, edit and disconnect the connections when the distributed solution mode is enabled |
yes |
no |
no |
no |
no |
no |
no |
no |
no |
Enable the distributed solution mode |
yes |
no |
no |
no |
no |
no |
no |
no |
no |
Add connections when the distributed solution mode is disabled |
yes |
yes |
no |
no |
no |
no |
no |
no |
no |
Delete the connections when the distributed solution mode is disabled |
yes |
yes |
no |
no |
no |
no |
no |
no |
no |
Delete the configuration of an entire tenant from the settings |
yes |
yes |
no |
no |
no |
no |
no |
no |
no |
User permissions for the Kaspersky CyberTrace section
The Settings → Integrations → Kaspersky CyberTrace section and actions in this section |
General admin- |
Tenant admin- |
Tier 2 analyst |
Tier 1 analyst |
Junior analyst |
Manage |
Read shared resources |
Access to NCIRCC |
Access to CII |
View the CyberTrace integration settings |
yes |
no |
no |
no |
no |
no |
no |
no |
no |
Edit the CyberTrace integration settings |
yes |
no |
no |
no |
no |
no |
no |
no |
no |
This section is available only to the general administrator.
User permissions for the IRP / SOAR section
The Settings → Integrations → IRP / SOAR section and actions in this section |
General admin- |
Tenant admin- |
Tier 2 analyst |
Tier 1 analyst |
Junior analyst |
Manage |
Read shared resources |
Access to NCIRCC |
Access to CII |
View the settings for integration with IRP / SOAR |
yes |
no |
no |
no |
no |
no |
no |
no |
no |
Edit the IRP/SOAR integration settings |
yes |
no |
no |
no |
no |
no |
no |
no |
no |
This section is available only to the general administrator.
User permissions for the Kaspersky Threat Lookup section
The Settings → Integrations → Kaspersky Threat Lookup section and actions in this section |
General admin- |
Tenant admin- |
Tier 2 analyst |
Tier 1 analyst |
Junior analyst |
Manage |
Read shared resources |
Access to NCIRCC |
Access to CII |
View the Threat Lookup integration settings |
yes |
no |
no |
no |
no |
no |
no |
no |
no |
Edit the Threat Lookup integration settings |
yes |
no |
no |
no |
no |
no |
no |
no |
no |
This section is available only to the general administrator.
User permissions for the Alerts section
The Settings → Other → Alerts section and actions in this section |
General admin- |
Tenant admin- |
Tier 2 analyst |
Tier 1 analyst |
Junior analyst |
Manage |
Read shared resources |
Access to NCIRCC |
Access to CII |
View the parameters |
yes |
yes |
yes |
yes |
no |
no |
no |
no |
no |
Edit the parameters |
yes |
yes |
yes |
no |
no |
no |
no |
no |
no |
Delete the configuration of an entire tenant from the settings |
yes |
yes |
yes |
no |
no |
no |
no |
no |
no |
User permissions for the Automatic linking of alerts to incidents section
The Settings → Other → Incidents → Automatic linking of alerts to incidents section and actions in this section |
General admin- |
Tenant admin- |
Tier 2 analyst |
Tier 1 analyst |
Junior analyst |
Manage |
Read shared resources |
Access to NCIRCC |
Access to CII |
View the parameters |
yes |
yes |
yes |
yes |
no |
no |
no |
no |
no |
Edit the parameters |
yes |
no |
no |
no |
no |
no |
no |
no |
no |
This section is available for an account with the Tenant administrator, Tier 2 analyst, or Tier 1 analyst role if the role is assigned in the Main tenant.
User permissions for the Incident types section
The Settings → Other → Incidents → Incident types section and actions in this section |
General admin- |
Tenant admin- |
Tier 2 analyst |
Tier 1 analyst |
Junior analyst |
Manage |
Read shared resources |
Access to NCIRCC |
Access to CII |
View the categories reference |
yes |
yes |
yes |
yes |
no |
no |
no |
no |
no |
View the categories charts |
yes |
yes |
yes |
yes |
no |
no |
no |
no |
no |
Add categories |
yes |
yes |
no |
no |
no |
no |
no |
no |
no |
Edit categories |
yes |
yes |
no |
no |
no |
no |
no |
no |
no |
Delete categories |
yes |
yes |
no |
no |
no |
no |
no |
no |
no |
User permissions for the NCIRCC section
The Settings → Integrations → NCIRCC section and actions in this section |
General admin- |
Tenant admin- |
Tier 2 analyst |
Tier 1 analyst |
Junior analyst |
Manage |
Read shared resources |
Access to NCIRCC |
Access to CII |
View the parameters |
yes |
no |
no |
no |
no |
no |
no |
no |
no |
Edit the parameters |
yes |
no |
no |
no |
no |
no |
no |
no |
no |
User permissions for the Asset audit section
The Settings → Other → Assets → Asset audit section and actions in this section |
General admin- |
Tenant admin- |
Tier 2 analyst |
Tier 1 analyst |
Junior analyst |
Manage |
Read shared resources |
Access to NCIRCC |
Access to CII |
Create, clone and edit the settings |
yes |
yes |
yes |
no |
no |
no |
no |
no |
no |
View the parameters |
yes |
yes |
yes |
yes |
no |
no |
no |
no |
no |
Delete settings |
yes |
yes |
yes |
no |
no |
no |
no |
no |
no |
User permissions for the Repository update section
The Settings → Other → Repository update section and actions in this section |
General admin- |
Tenant admin- |
Tier 2 analyst |
Tier 1 analyst |
Junior analyst |
Manage |
Read shared resources |
Access to NCIRCC |
Access to CII |
View the parameters |
yes |
yes |
yes |
no |
no |
no |
no |
no |
no |
Edit the parameters |
yes |
no |
no |
no |
no |
no |
no |
no |
no |
Start the repository update task manually |
yes |
yes |
yes |
no |
no |
no |
no |
no |
no |
User permissions for the Assets section
The Settings → Other → Assets section and actions in this section |
General admin- |
Tenant admin- |
Tier 2 analyst |
Tier 1 analyst |
Junior analyst |
Manage |
Read shared resources |
Access to NCIRCC |
Access to CII |
Add, edit, and delete the asset fields |
yes |
no |
no |
no |
no |
no |
no |
no |
no |
User permissions for the Access to spaces section
The Settings → Access → Access to spaces section and actions in this section |
General admin- |
Tenant admin- |
Tier 2 analyst |
Tier 1 analyst |
Junior analyst |
Manage |
Read shared resources |
Access to NCIRCC |
Access to CII |
yes |
no |
no |
no |
no |
no |
no |
no |
no |
|
yes |
no |
no |
no |
no |
no |
no |
no |
no |
|
Setting the default space set |
yes |
no |
no |
no |
no |
no |
no |
no |
no |
yes |
no |
no |
no |
no |
no |
no |
no |
no |
User permissions for the Tags section
The Settings → Other → Tags section and actions in this section |
General admin- |
Tenant admin- |
Tier 2 analyst |
Tier 1 analyst |
Junior analyst |
Manage |
Read shared resources |
Access to NCIRCC |
Access to CII |
View the list of tags |
yes |
yes |
yes |
yes |
no |
no |
no |
no |
no |
User permissions for the Extended event schema fields scheme
The Options → Other → Extended event schema fields section and actions in this section |
General admin- |
Tenant admin- |
Tier 2 analyst |
Tier 1 analyst |
Junior analyst |
Manage |
Read shared resources |
Access to NCIRCC |
Access to CII |
Viewing the table of extended event schema fields |
yes |
yes |
yes |
yes |
yes |
no |
yes |
no |
no |
yes |
yes |
yes |
yes |
yes |
no |
yes |
no |
no |
|
yes |
yes |
yes |
yes |
yes |
no |
no |
no |
no |
|
Importing extended event schema fields |
yes |
yes |
yes |
yes |
yes |
no |
no |
no |
no |
yes |
no |
no |
no |
no |
no |
no |
no |
no |
User permissions for the Metrics section
The Metrics section and actions in this section |
General admin- |
Tenant admin- |
Tier 2 analyst |
Tier 1 analyst |
Junior analyst |
Manage |
Read shared resources |
Access to NCIRCC |
Access to CII |
Open metrics |
yes |
no |
no |
no |
no |
no |
no |
no |
no |
User permissions for the Task manager section
The Task manager section and actions in this section |
General admin- |
Tenant admin- |
Tier 2 analyst |
Tier 1 analyst |
Junior analyst |
Manage |
Read shared resources |
Access to NCIRCC |
Access to CII |
yes |
yes |
yes |
yes |
yes |
no |
no |
yes |
yes |
|
Finish your own tasks |
yes |
yes |
yes |
yes |
yes |
no |
no |
yes |
yes |
Restart your own tasks |
yes |
yes |
yes |
yes |
yes |
no |
no |
yes |
yes |
yes |
yes |
yes |
yes |
yes |
no |
no |
yes |
yes |
|
Finish any task |
yes |
no |
no |
no |
no |
no |
no |
no |
no |
yes |
yes |
yes |
yes |
yes |
no |
no |
yes |
yes |
User permissions for the CyberTrace section
The CyberTrace section and actions in this section |
General admin- |
Tenant admin- |
Tier 2 analyst |
Tier 1 analyst |
Junior analyst |
Manage |
Read shared resources |
Access to NCIRCC |
Access to CII |
Open the section |
yes |
no |
no |
no |
no |
no |
no |
no |
no |
This section is not displayed in the web interface unless CyberTrace integration is configured under Settings → Integrations → Kaspersky CyberTrace.
User permissions for the Access to tenant data section
The Access to tenant data section and actions in this section |
General admin- |
Tenant admin- |
Tier 2 analyst |
Tier 1 analyst |
Junior analyst |
Manage |
Read shared resources |
Access to NCIRCC |
Access to CII |
|
yes |
yes |
yes |
yes |
yes |
no |
no |
yes |
yes |
||
yes |
yes |
yes |
yes |
yes |
yes |
yes |
yes |
yes |
||
yes |
yes |
yes |
yes |
yes |
no |
no |
yes |
yes |