User roles

KUMA users may have the following roles:

User permissions for the Reports section

The Reports section and actions in this section

General admin-
istrator

Tenant admin-
istrator

Tier 2 analyst

Tier 1 analyst

Junior analyst

Manage
shared resources

Read shared resources

Access to NCIRCC

Access to CII

Create report template

yes

yes

yes

yes

no

no

no

no

no

View and edit templates and reports

yes

yes

yes

yes

no

no

no

no

no

Generate reports

yes

yes

yes

yes

no

no

no

no

no

View generated reports

yes

yes

yes

yes

yes

no

no

no

no

Modify generated reports

yes

yes

yes

yes

no

no

no

no

no

Export generated reports

yes

yes

yes

yes

yes

no

no

no

no

Delete templates and generated reports

yes

yes

yes

yes

no

no

no

no

no

Manage report generation settings

yes

yes

yes

yes

no

no

no

no

no

Duplicate report template

yes

yes

yes

yes

no

no

no

no

no

Open the generated report by email

yes

yes

yes

yes

yes

no

no

no

no

User permissions for the Dashboard section

The Dashboard section and actions in this section

General admin-
istrator

Tenant admin-
istrator

Tier 2 analyst

Tier 1 analyst

Junior analyst

Manage
shared resources

Read shared resources

Access to NCIRCC

Access to CII

View data on the dashboard and change layouts

yes

yes

yes

yes

yes

no

no

yes

yes

View the Universal layout

yes

yes

yes

yes

yes

no

no

yes

yes

Add layouts

yes

yes

yes

yes

no

no

no

no

no

Edit and rename layouts

yes

yes

yes

yes

no

no

no

no

no

Delete layouts

yes

yes

yes

yes

no

no

no

no

no

Enable and disable the TV mode

yes

yes

yes

yes

yes

no

no

yes

yes

User permissions for the Resources section

The Resources → Services & Resources → Services → Active services section and actions in this section

General admin-
istrator

Tenant admin-
istrator

Tier 2 analyst

Tier 1 analyst

Junior analyst

Manage
shared resources

Read shared resources

Access to NCIRCC

Access to CII

View the list of active services

yes

yes

yes

yes

yes

no

no

yes

yes

View and delete partitions in storage

yes

no

no

no

no

no

no

no

no

Download service logs

yes

yes

yes

yes

yes

no

no

yes

yes

Copy the service ID

yes

yes

yes

yes

yes

no

no

yes

yes

Refresh the table of active services

yes

yes

yes

yes

yes

no

no

yes

yes

Go to Events

yes

yes

yes

yes

yes

no

no

yes

yes

View the contents of the active list

yes

yes

yes

yes

no

no

no

no

no

View the content of a context table

yes

yes

yes

yes

no

no

no

no

no

Import/export/clear/add/edit/delete active list content

yes

yes

yes

yes

no

no

no

no

no

Import/export/clear/add/edit/delete context table content

yes

yes

yes

yes

no

no

no

no

no

Create a set of resources for services

yes

yes

yes

no

no

no

no

no

no

Create a service under Resources → Services → Active services

yes

yes

no

no

no

no

no

no

no

Delete services

yes

yes

no

no

no

no

no

no

no

View services that have the gray status

yes

no

no

no

no

no

no

no

no

Restart services

yes

yes

no

no

no

no

no

no

no

Update the settings of services

yes

yes

yes

no

no

no

no

no

no

Reset certificates

yes

yes

no

no

no

no

no

no

no

User permissions for the Data mining section

The Data mining section and actions in this section

General admin-
istrator

Tenant admin-
istrator

Tier 2 analyst

Tier 1 analyst

Junior analyst

Manage
shared resources

Read shared resources

Access to NCIRCC

Access to CII

View the scheduler configuration

yes

yes

yes

no

no

no

yes

no

no

Create a scheduler

yes

yes

yes

no

no

no

no

no

no

Link storages and correlators

yes

yes

yes

no

no

no

no

no

no

Run

yes

yes

yes

no

no

yes

no

no

no

User permissions for the Resources configuration and Services configuration sections

The Resources → Resources configuration and Configuring services and actions in this section

General admin-
istrator

Tenant admin-
istrator

Tier 2 analyst

Tier 1 analyst

Junior analyst

Manage
shared resources

Read shared resources

Access to NCIRCC

Access to CII

View the list of resource and service configurations

yes

yes

yes

yes

no

yes

yes

no

no

Create a service configuration

yes

yes

yes

yes

no

no

no

no

no

Create a resource configuration

yes

yes

yes

yes

no

yes

no

no

no

Duplicate the configuration of a resource/service

yes

yes

yes

yes

no

yes

no

no

no

Edit the configuration of a resource/service

yes

yes

yes

yes

no

yes

no

no

no

Delete the configuration of a resource/service

yes

yes

yes

yes

no

yes

no

no

no

Import the configuration of a resource/service from a file

yes

yes

yes

yes

no

yes

no

no

no

View the repository, import the resources from the repository

yes

yes

yes

no

no

no

no

no

no

Export the configuration of a resource/service

yes

yes

yes

yes

no

yes

yes

no

no

Export correlation rules to MITRE ATT&CK Navigator

yes

yes

yes

yes

no

no

no

no

no

Create and edit a resource configuration in the Shared tenant

yes

no

no

no

no

yes

yes

no

no

View a resource in the Shared tenant (including linking, export, duplication)

yes

no

no

no

no

yes

yes

no

no

User permissions for the List of event sources section

The Source status → List of event sources section and actions in this section

General admin-
istrator

Tenant admin-
istrator

Tier 2 analyst

Tier 1 analyst

Junior analyst

Manage
shared resources

Read shared resources

Access to NCIRCC

Access to CII

View sources of events

yes

yes

yes

yes

yes

yes

no

yes

yes

Change sources of events

yes

yes

yes

no

no

yes

no

no

no

Delete sources of events

yes

yes

yes

no

no

yes

no

no

no

User permissions for the Monitoring policies section

The Source status → Monitoring policies section and actions in this section

General admin-
istrator

Tenant admin-
istrator

Tier 2 analyst

Tier 1 analyst

Junior analyst

Manage
shared resources

Read shared resources

Access to NCIRCC

Access to CII

View monitoring policies

yes

yes

yes

yes

yes

yes

yes

yes

yes

Create monitoring policies

yes

yes

yes

no

no

yes

no

no

no

Edit monitoring policies

yes

yes

yes

no

no

yes

no

no

no

Delete monitoring policies

yes

yes

yes

no

no

yes

no

no

no

User permissions for the Assets section

The Assets section and actions in this section

General admin-
istrator

Tenant admin-
istrator

Tier 2 analyst

Tier 1 analyst

Junior analyst

Manage
shared resources

Read shared resources

Access to NCIRCC

Access to CII

Assets

 

 

 

 

 

 

 

 

 

View the list of assets

yes

yes

yes

yes

yes

no

no

yes

yes

View the list of categories

yes

yes

yes

yes

yes

yes

yes

yes

yes

Add/edit/delete asset categories

yes

yes

yes

yes

no

no

no

no

no

Add asset categories in the Shared tenant

yes

no

no

no

no

no

no

no

no

Link assets to an asset category of the Shared tenant

yes

yes

yes

yes

no

yes

yes

no

no

Add assets

yes

yes

yes

yes

no

no

no

no

no

Edit assets

yes

yes

yes

yes

no

no

no

no

no

Delete assets

yes

yes

yes

yes

no

no

no

no

no

Import assets from Kaspersky Security Center

yes

yes

yes

yes

no

no

no

no

no

Start tasks on assets in Kaspersky Security Center

yes

yes

yes

yes

no

no

no

no

no

Run tasks to move an asset to a Kaspersky Security Center administration group

yes

yes

yes

yes

no

no

no

no

no

Run tasks on assets in Kaspersky Endpoint Detection and Response

yes

yes

yes

yes

no

no

no

no

no

Initiating the change of asset status in KICS for Networks

yes

yes

yes

yes

no

no

no

no

no

Confirm updates to fix the asset vulnerabilities and accept the licensing agreements

yes

yes

no

no

no

no

no

no

no

Editing CII categorization in the asset card

yes

no

no

no

no

no

no

no

yes

Editing custom fields of assets (Settings → Other → Assets)

yes

yes

yes

yes

no

no

no

no

no

User permissions for the Alerts section

The Alerts section and actions in this section

General admin-
istrator

Tenant admin-
istrator

Tier 2 analyst

Tier 1 analyst

Junior analyst

Manage
shared resources

Read shared resources

Access to NCIRCC

Access to CII

View the list of alerts

yes

yes

yes

yes

yes

no

no

yes

yes

Change the severity of alerts

yes

yes

yes

yes

yes

no

no

yes

yes

Open the details of alerts

yes

yes

yes

yes

yes

no

no

yes

yes

Assign responsible users

yes

yes

yes

yes

yes

no

no

yes

yes

Close alerts

yes

yes

yes

yes

yes

no

no

yes

yes

Add comments to alerts

yes

yes

yes

yes

yes

no

no

yes

yes

Attach an event to alerts

yes

yes

yes

yes

yes

no

no

yes

yes

Detach an event from alerts

yes

yes

yes

yes

yes

no

no

yes

yes

Edit and delete someone else's filters

yes

yes

no

no

no

no

no

no

no

User permissions for the Incidents section

The Incidents section and actions in this section

General admin-
istrator

Tenant admin-
istrator

Tier 2 analyst

Tier 1 analyst

Junior analyst

Manage
shared resources

Read shared resources

Access to NCIRCC

Access to CII

View the list of incidents

yes

yes

yes

yes

yes

no

no

yes

yes

Create blank incidents

yes

yes

yes

yes

yes

no

no

yes

yes

Manually create incidents from alerts

yes

yes

yes

yes

yes

no

no

yes

yes

Change the severity of incidents

yes

yes

yes

yes

yes

no

no

yes

yes

Open the incident details

yes

yes

yes

yes

yes

no

no

yes

yes

Assign executors

yes

yes

yes

yes

yes

no

no

yes

yes

Close incidents

yes

yes

yes

yes

yes

no

no

yes

yes

Add comments to incidents

yes

yes

yes

yes

yes

no

no

yes

yes

Attach alerts to incidents

yes

yes

yes

yes

yes

no

no

yes

yes

Detach alerts from incidents

yes

yes

yes

yes

yes

no

no

yes

yes

Edit and delete someone else's filters

yes

yes

no

no

no

no

no

no

no

Export incidents to RuCERT

yes

no

no

no

no

no

no

yes

no

Send files to NCIRCC

yes

no

no

no

no

no

no

yes

no

Download files sent to NCIRCC

yes

no

no

no

no

no

no

yes

no

Export additional incident data to NCIRCC upon request

yes

no

no

no

no

no

no

yes

no

Send messages to NCIRCC

yes

no

no

no

no

no

no

yes

no

View messages from NCIRCC

yes

no

no

no

no

no

no

yes

no

View incident data exported to NCIRCC

yes

no

no

no

no

no

no

yes

no

User permissions for the Events section

The Events section and actions in this section

General admin-
istrator

Tenant admin-
istrator

Tier 2 analyst

Tier 1 analyst

Junior analyst

Manage
shared resources

Read shared resources

Access to NCIRCC

Access to CII

View the list of events

yes

yes

yes

yes

yes

no

no

yes

yes

Search events

yes

yes

yes

yes

yes

no

no

yes

yes

Open the details of events

yes

yes

yes

yes

yes

no

no

yes

yes

Open statistics

yes

yes

yes

yes

yes

no

no

yes

yes

Perform a retroscan

yes

yes

yes

no

no

no

no

no

no

Export events to a TSV file

yes

yes

yes

yes

yes

no

no

yes

yes

View filters (search query)

yes

yes

yes

yes

yes

yes

yes

yes

yes

Add (save) filter

yes

yes

yes

yes

yes

yes

no

yes

yes

Edit or delete someone else's filter folders

yes

yes

no

no

no

no

no

no

no

Delete own filters

yes

yes

yes

yes

yes

yes

no

yes

yes

Delete other users' filters

yes

yes

no

no

no

no

no

no

no

Start ktl enrichment

yes

yes

yes

yes

no

no

no

no

no

Run tasks on Kaspersky Endpoint Detection and Response assets in event details

yes

yes

yes

yes

no

no

no

no

no

Create presets

yes

yes

yes

yes

yes

yes

no

yes

yes

Delete presets

yes

yes

yes

yes

yes

yes

no

yes

yes

View and use presets

yes

yes

yes

yes

yes

yes

yes

yes

yes

User permissions for the Users and actions section

The Settings → Access → Users section and actions in this section

General admin-
istrator

Tenant admin-
istrator

Tier 2 analyst

Tier 1 analyst

Junior analyst

Manage
shared resources

Read shared resources

Access to NCIRCC

Access to CII

View the list of users

yes

no

no

no

no

no

no

no

no

Add a user

yes

no

no

no

no

no

no

no

no

Edit a user

yes

no

no

no

no

no

no

no

no

Generate token

yes

yes

yes

yes

yes

yes

yes

yes

yes

Change access rights for a token

yes

yes

yes

yes

yes

yes

yes

yes

yes

View the data of their own profile

yes

yes

yes

yes

yes

yes

yes

yes

yes

Edit the data of their own profile

yes

yes

yes

yes

yes

yes

yes

yes

yes

User permissions for the LDAP server section

The Settings → Integrations → LDAP server section and actions in this section

General admin-
istrator

Tenant admin-
istrator

Tier 2 analyst

Tier 1 analyst

Junior analyst

Manage
shared resources

Read shared resources

Access to NCIRCC

Access to CII

View the LDAP connection settings

yes

yes

yes

yes

no

no

no

no

no

Edit the LDAP connection settings

yes

yes

no

no

no

no

no

no

no

Delete the configuration of an entire tenant from the settings

yes

yes

no

no

no

no

no

no

no

Import assets

yes

yes

no

no

no

no

no

no

no

User permissions for the Tenants section

The Settings → Access → Tenants section and actions in this section

General admin-
istrator

Tenant admin-
istrator

Tier 2 analyst

Tier 1 analyst

Junior analyst

Manage
shared resources

Read shared resources

Access to NCIRCC

Access to CII

View the list of tenants

yes

no

no

no

no

no

no

no

no

Add tenants

yes

no

no

no

no

no

no

no

no

Change tenants

yes

no

no

no

no

no

no

no

no

Export tenants

yes

no

no

no

no

no

no

no

no

This section is available only to the general administrator.

User permissions for the Domain authorization section

The Settings → Access → Domain authorization section and actions in this section

General admin-
istrator

Tenant admin-
istrator

Tier 2 analyst

Tier 1 analyst

Junior analyst

Manage
shared resources

Read shared resources

Access to NCIRCC

Access to CII

View the Active Directory connection settings

yes

no

no

no

no

no

no

no

no

Edit the Active Directory connection settings

yes

no

no

no

no

no

no

no

no

Add filters based on roles for tenants

yes

no

no

no

no

no

no

no

no

This section is available only to the general administrator.

User permissions for the General section

The Settings → Other → General section and actions in this section

General admin-
istrator

Tenant admin-
istrator

Tier 2 analyst

Tier 1 analyst

Junior analyst

Manage
shared resources

Read shared resources

Access to NCIRCC

Access to CII

View the SMTP connection settings

yes

no

no

no

no

no

no

no

no

Edit the SMTP connection settings

yes

no

no

no

no

no

no

no

no

This section is available only to the general administrator.

User permissions for the License section

The Settings → Other → License section and actions in this section

General admin-
istrator

Tenant admin-
istrator

Tier 2 analyst

Tier 1 analyst

Junior analyst

Manage
shared resources

Read shared resources

Access to NCIRCC

Access to CII

View the list of added license keys

yes

no

no

no

no

no

no

no

no

Add license keys

yes

no

no

no

no

no

no

no

no

Delete license keys

yes

no

no

no

no

no

no

no

no

This section is available only to the general administrator.

User permissions for the Kaspersky Security Center section

The Settings → Integrations → Kaspersky Security Center section and actions in this section

General admin-
istrator

Tenant admin-
istrator

Tier 2 analyst

Tier 1 analyst

Junior analyst

Manage
shared resources

Read shared resources

Access to NCIRCC

Access to CII

View the list of successfully integrated Kaspersky Security Center servers

yes

yes

yes

yes

no

no

no

no

no

Add Kaspersky Security Center connections

yes

yes

no

no

no

no

no

no

no

Delete Kaspersky Security Center connections

yes

yes

no

no

no

no

no

no

no

Delete the configuration of an entire tenant from the settings

yes

yes

no

no

no

no

no

no

no

Start the tasks for importing Kaspersky Security Center assets

yes

yes

no

no

no

no

no

no

no

User permissions for the KICS/KATA section

The Settings → Integrations → KICS/KATA section and actions in this section

General admin-
istrator

Tenant admin-
istrator

Tier 2 analyst

Tier 1 analyst

Junior analyst

Manage
shared resources

Read shared resources

Access to NCIRCC

Access to CII

View a list of KICS/KATA servers with which integration has been configured

yes

yes

no

no

no

no

no

no

no

Add and modify the settings of KICS/KATA integration

yes

yes

no

no

no

no

no

no

no

Delete the settings of KICS/KATA integration

yes

yes

no

no

no

no

no

no

no

Run the tasks to import assets from the KICS/KATA settings

yes

yes

no

no

no

no

no

no

no

User permissions for the Kaspersky Automated Security Awareness Platform section

The Settings → Integrations → Kaspersky Automated Security Awareness Platform section and actions in this section

General admin-
istrator

Tenant admin-
istrator

Tier 2 analyst

Tier 1 analyst

Junior analyst

Manage
shared resources

Read shared resources

Access to NCIRCC

Access to CII

View the ASAP integration settings

yes

no

no

no

no

no

no

no

no

Edit the ASAP integration settings

yes

no

no

no

no

no

no

no

no

User permissions for the Kaspersky Endpoint Detection and Response section

The Settings → Integrations → Kaspersky Endpoint Detection and Response section and actions in this section

General admin-
istrator

Tenant admin-
istrator

Tier 2 analyst

Tier 1 analyst

Junior analyst

Manage
shared resources

Read shared resources

Access to NCIRCC

Access to CII

View the connection settings

yes

yes

yes

yes

no

no

no

no

no

Add, edit and disconnect the connections when the distributed solution mode is enabled

yes

no

no

no

no

no

no

no

no

Enable the distributed solution mode

yes

no

no

no

no

no

no

no

no

Add connections when the distributed solution mode is disabled

yes

yes

no

no

no

no

no

no

no

Delete the connections when the distributed solution mode is disabled

yes

yes

no

no

no

no

no

no

no

Delete the configuration of an entire tenant from the settings

yes

yes

no

no

no

no

no

no

no

User permissions for the Kaspersky CyberTrace section

The Settings → Integrations → Kaspersky CyberTrace section and actions in this section

General admin-
istrator

Tenant admin-
istrator

Tier 2 analyst

Tier 1 analyst

Junior analyst

Manage
shared resources

Read shared resources

Access to NCIRCC

Access to CII

View the CyberTrace integration settings

yes

no

no

no

no

no

no

no

no

Edit the CyberTrace integration settings

yes

no

no

no

no

no

no

no

no

This section is available only to the general administrator.

User permissions for the IRP / SOAR section

The Settings → Integrations → IRP / SOAR section and actions in this section

General admin-
istrator

Tenant admin-
istrator

Tier 2 analyst

Tier 1 analyst

Junior analyst

Manage
shared resources

Read shared resources

Access to NCIRCC

Access to CII

View the settings for integration with IRP / SOAR

yes

no

no

no

no

no

no

no

no

Edit the IRP/SOAR integration settings

yes

no

no

no

no

no

no

no

no

This section is available only to the general administrator.

User permissions for the Kaspersky Threat Lookup section

The Settings → Integrations → Kaspersky Threat Lookup section and actions in this section

General admin-
istrator

Tenant admin-
istrator

Tier 2 analyst

Tier 1 analyst

Junior analyst

Manage
shared resources

Read shared resources

Access to NCIRCC

Access to CII

View the Threat Lookup integration settings

yes

no

no

no

no

no

no

no

no

Edit the Threat Lookup integration settings

yes

no

no

no

no

no

no

no

no

This section is available only to the general administrator.

User permissions for the Alerts section

The Settings → Other → Alerts section and actions in this section

General admin-
istrator

Tenant admin-
istrator

Tier 2 analyst

Tier 1 analyst

Junior analyst

Manage
shared resources

Read shared resources

Access to NCIRCC

Access to CII

View the parameters

yes

yes

yes

yes

no

no

no

no

no

Edit the parameters

yes

yes

yes

no

no

no

no

no

no

Delete the configuration of an entire tenant from the settings

yes

yes

yes

no

no

no

no

no

no

User permissions for the Automatic linking of alerts to incidents section

The Settings → Other → Incidents → Automatic linking of alerts to incidents section and actions in this section

General admin-
istrator

Tenant admin-
istrator

Tier 2 analyst

Tier 1 analyst

Junior analyst

Manage
shared resources

Read shared resources

Access to NCIRCC

Access to CII

View the parameters

yes

yes

yes

yes

no

no

no

no

no

Edit the parameters

yes

no

no

no

no

no

no

no

no

This section is available for an account with the Tenant administrator, Tier 2 analyst, or Tier 1 analyst role if the role is assigned in the Main tenant.

User permissions for the Incident types section

The Settings → Other → Incidents → Incident types section and actions in this section

General admin-
istrator

Tenant admin-
istrator

Tier 2 analyst

Tier 1 analyst

Junior analyst

Manage
shared resources

Read shared resources

Access to NCIRCC

Access to CII

View the categories reference

yes

yes

yes

yes

no

no

no

no

no

View the categories charts

yes

yes

yes

yes

no

no

no

no

no

Add categories

yes

yes

no

no

no

no

no

no

no

Edit categories

yes

yes

no

no

no

no

no

no

no

Delete categories

yes

yes

no

no

no

no

no

no

no

User permissions for the NCIRCC section

The Settings → Integrations → NCIRCC section and actions in this section

General admin-
istrator

Tenant admin-
istrator

Tier 2 analyst

Tier 1 analyst

Junior analyst

Manage
shared resources

Read shared resources

Access to NCIRCC

Access to CII

View the parameters

yes

no

no

no

no

no

no

no

no

Edit the parameters

yes

no

no

no

no

no

no

no

no

User permissions for the Asset audit section

The Settings → Other → Assets → Asset audit section and actions in this section

General admin-
istrator

Tenant admin-
istrator

Tier 2 analyst

Tier 1 analyst

Junior analyst

Manage
shared resources

Read shared resources

Access to NCIRCC

Access to CII

Create, clone and edit the settings

yes

yes

yes

no

no

no

no

no

no

View the parameters

yes

yes

yes

yes

no

no

no

no

no

Delete settings

yes

yes

yes

no

no

no

no

no

no

User permissions for the Repository update section

The Settings → Other → Repository update section and actions in this section

General admin-
istrator

Tenant admin-
istrator

Tier 2 analyst

Tier 1 analyst

Junior analyst

Manage
shared resources

Read shared resources

Access to NCIRCC

Access to CII

View the parameters

yes

yes

yes

no

no

no

no

no

no

Edit the parameters

yes

no

no

no

no

no

no

no

no

Start the repository update task manually

yes

yes

yes

no

no

no

no

no

no

User permissions for the Assets section

The Settings → Other → Assets section and actions in this section

General admin-
istrator

Tenant admin-
istrator

Tier 2 analyst

Tier 1 analyst

Junior analyst

Manage
shared resources

Read shared resources

Access to NCIRCC

Access to CII

Add, edit, and delete the asset fields

yes

no

no

no

no

no

no

no

no

User permissions for the Access to spaces section

The Settings → Access → Access to spaces section and actions in this section

General admin-
istrator

Tenant admin-
istrator

Tier 2 analyst

Tier 1 analyst

Junior analyst

Manage
shared resources

Read shared resources

Access to NCIRCC

Access to CII

Viewing the list of sets

yes

no

no

no

no

no

no

no

no

Adding, editing, deleting a space set

yes

no

no

no

no

no

no

no

no

Setting the default space set

yes

no

no

no

no

no

no

no

no

Assigning a space set to a user

yes

no

no

no

no

no

no

no

no

User permissions for the Tags section

The Settings → Other → Tags section and actions in this section

General admin-
istrator

Tenant admin-
istrator

Tier 2 analyst

Tier 1 analyst

Junior analyst

Manage
shared resources

Read shared resources

Access to NCIRCC

Access to CII

View the list of tags

yes

yes

yes

yes

no

no

no

no

no

User permissions for the Extended event schema fields scheme

The Options → Other → Extended event schema fields section and actions in this section

General admin-
istrator

Tenant admin-
istrator

Tier 2 analyst

Tier 1 analyst

Junior analyst

Manage
shared resources

Read shared resources

Access to NCIRCC

Access to CII

Viewing the table of extended event schema fields

yes

yes

yes

yes

yes

no

yes

no

no

Exporting extended event schema fields

yes

yes

yes

yes

yes

no

yes

no

no

Adding and modifying extended event schema fields

yes

yes

yes

yes

yes

no

no

no

no

Importing extended event schema fields

yes

yes

yes

yes

yes

no

no

no

no

Removing and disabling extended event schema fields

yes

no

no

no

no

no

no

no

no

User permissions for the Metrics section

The Metrics section and actions in this section

General admin-
istrator

Tenant admin-
istrator

Tier 2 analyst

Tier 1 analyst

Junior analyst

Manage
shared resources

Read shared resources

Access to NCIRCC

Access to CII

Open metrics

yes

no

no

no

no

no

no

no

no

User permissions for the Task manager section

The Task manager section and actions in this section

General admin-
istrator

Tenant admin-
istrator

Tier 2 analyst

Tier 1 analyst

Junior analyst

Manage
shared resources

Read shared resources

Access to NCIRCC

Access to CII

View a list of your own tasks

yes

yes

yes

yes

yes

no

no

yes

yes

Finish your own tasks

yes

yes

yes

yes

yes

no

no

yes

yes

Restart your own tasks

yes

yes

yes

yes

yes

no

no

yes

yes

View a list of all tasks

yes

yes

yes

yes

yes

no

no

yes

yes

Finish any task

yes

no

no

no

no

no

no

no

no

Restart any task

yes

yes

yes

yes

yes

no

no

yes

yes

User permissions for the CyberTrace section

The CyberTrace section and actions in this section

General admin-
istrator

Tenant admin-
istrator

Tier 2 analyst

Tier 1 analyst

Junior analyst

Manage
shared resources

Read shared resources

Access to NCIRCC

Access to CII

Open the section

yes

no

no

no

no

no

no

no

no

This section is not displayed in the web interface unless CyberTrace integration is configured under Settings → Integrations → Kaspersky CyberTrace.

User permissions for the Access to tenant data section

The Access to tenant data section and actions in this section

General admin-
istrator

Tenant admin-
istrator

Tier 2 analyst

Tier 1 analyst

Junior analyst

Manage
shared resources

Read shared resources

Access to NCIRCC

Access to CII

Access to tenants

yes

yes

yes

yes

yes

no

no

yes

yes

Shared tenant

yes

yes

yes

yes

yes

yes

yes

yes

yes

Main tenant

yes

yes

yes

yes

yes

no

no

yes

yes

Page top