User roles

KUMA users may have the following roles:

General administrator—this role is designed for users who are responsible for the core functionality of KUMA systems. For example, they install system components, perform maintenance, work with services, create backups, and add users to the system. These users have full access to KUMA.
Tenant administrator—this role is for users responsible for the core functionality of KUMA systems owned by specific tenants.
Tier 2 analyst—this role is for users responsible for configuring the KUMA system to receive and process events of a specific tenant. They also create and tweak correlation rules.
Tier 1 analyst—this role is for users responsible for configuring the KUMA system to receive and process events of a specific tenant. They also create and tweak correlation rules. Users with this role have fewer privileges than Tier 2 analysts.
Junior analyst—this role is for users dealing with immediate security threats of a specific tenant. A user with this role can check resources of the Shared tenant through the REST API.
Access to NCIRCC—this role can be selected if the license includes the NCIRCC module. Users with this role receive notifications by default.
Access to CII—this role can be selected if the license includes the NCIRCC module. Users with this role receive notifications by default.
Read shared resources—this role is intended for managing the Shared tenant. Users with this role have read access to shared resources.
Manage shared resources—this role is intended for managing the Shared tenant. Users with this role have edit access to shared resources.

User permissions for the Reports section

The Reports section and actions in this section	General admin- istrator	Tenant admin- istrator	Tier 2 analyst	Tier 1 analyst	Junior analyst	Manage shared resources	Read shared resources	Access to NCIRCC	Access to CII
Create report template	yes	yes	yes	yes	no	no	no	no	no
View and edit templates and reports When viewing report templates, a Tier 2 analyst or Tier 1 analyst can: View any templates and reports, their own and those of other users, provided that all tenants specified in the template are available for this role. Edit their own templates and reports. A Tier 2 analyst can edit predefined templates. Specifying the user's email address in the template is no longer grounds for granting access to a report generated from that template. Such a report is available to the user for viewing if all tenants specified in the template are available for the user's role.	yes	yes	yes	yes	no	no	no	no	no
Generate reports A Tier 2 analyst or Tier 1 analyst can generate their own reports and reports belonging to other users as long as all tenants specified in the template are available to the relevant role. A Tier 2 analyst or Tier 1 analyst cannot generate reports that were sent to the analyst by email.	yes	yes	yes	yes	no	no	no	no	no
View generated reports A Junior analyst, Tier 2 analyst, or Tier 1 analyst can view their own reports and reports belonging to other users, including predefined reports, as long as they have full access to the tenants of the report.	yes	yes	yes	yes	yes	no	no	no	no
Modify generated reports A Tier 2 analyst can change generation settings of predefined templates.	yes	yes	yes	yes	no	no	no	no	no
Export generated reports A Tier 2 analyst or Tier 1 analyst can download any reports, provided that all tenants specified in the template are available for the relevant role.	yes	yes	yes	yes	yes	no	no	no	no
Delete templates and generated reports A Tier 2 analyst can delete their own templates and reports, as well as predefined templates. Tier 2 analysts cannot delete reports that were sent to them by email. A General administrator, Tenant administrator, or Tier 2 analyst can delete predefined templates and reports.	yes	yes	yes	yes	no	no	no	no	no
Manage report generation settings A Tier 2 analyst can manage the settings for generating predefined templates and reports, as well as their own templates and reports. A Tier 1 analyst can manage the generation settings for their own reports.	yes	yes	yes	yes	no	no	no	no	no
Duplicate report template A Tier 2 analyst or Tier 1 analyst can duplicate their own reports and predefined reports.	yes	yes	yes	yes	no	no	no	no	no
Open the generated report by email If a report is sent as a link, it is available to KUMA users only. If a report is sent as an attachment, the report is available to the recipient if all tenants specified in the report template are available to the role of the recipient.	yes	yes	yes	yes	yes	no	no	no	no

User permissions for the Dashboard section

The Dashboard section and actions in this section	General admin- istrator	Tenant admin- istrator	Tier 2 analyst	Tier 1 analyst	Junior analyst	Manage shared resources	Read shared resources	Access to NCIRCC	Access to CII
View data on the dashboard and change layouts Available if the user has full access. Full access means that the list of tenants defined at the dashboard level is identical to the list of tenants available to the user. Tenants in the toggle switch are also taken into account.	yes	yes	yes	yes	yes	no	no	yes	yes
View the Universal layout	yes	yes	yes	yes	yes	no	no	yes	yes
Add layouts The user can also add widgets to the layout.	yes	yes	yes	yes	no	no	no	no	no
Edit and rename layouts The user can also add, edit, and delete widgets. Tier 2 analysts can edit and rename predefined layouts, as well as their own layouts. Tier 1 analysts can edit and rename their own layouts.	yes	yes	yes	yes	no	no	no	no	no
Delete layouts Tenant administrators may delete layouts in the tenants available to them. Tier 2 analysts and Tier 1 analysts can delete their own layouts. General administrators, Tenant administrators, and Tier 2 analysts can delete predefined layouts. When the kuma-core.service service is restarted, predefined layouts are restored to their original condition if they have been deleted.	yes	yes	yes	yes	no	no	no	no	no
Enable and disable the TV mode	yes	yes	yes	yes	yes	no	no	yes	yes

User permissions for the Resources section

The Resources → Services & Resources → Services → Active services section and actions in this section	General admin- istrator	Tenant admin- istrator	Tier 2 analyst	Tier 1 analyst	Junior analyst	Manage shared resources	Read shared resources	Access to NCIRCC	Access to CII
View the list of active services Only the General Administrator can view and delete storage spaces. Access rights do not depend on the tenants selected in the menu. Tier 1 analysts and Tier 2 analysts can: See the storage service in the list of active services. Copy the ID of the storage and download the logs of the storage. Access to viewing active services was added to the Junior analyst, Access to CII, Access to NCIRCC roles. These roles have the following abilities: Viewing the Services section Viewing service logs Copying the service ID Updating the table Going to events	yes	yes	yes	yes	yes	no	no	yes	yes
View and delete partitions in storage	yes	no	no	no	no	no	no	no	no
Download service logs	yes	yes	yes	yes	yes	no	no	yes	yes
Copy the service ID	yes	yes	yes	yes	yes	no	no	yes	yes
Refresh the table of active services	yes	yes	yes	yes	yes	no	no	yes	yes
Go to Events	yes	yes	yes	yes	yes	no	no	yes	yes
View the contents of the active list	yes	yes	yes	yes	no	no	no	no	no
View the content of a context table	yes	yes	yes	yes	no	no	no	no	no
Import/export/clear/add/edit/delete active list content Tier 1 analysts can import data into any list of a correlator of an available tenant.	yes	yes	yes	yes	no	no	no	no	no
Import/export/clear/add/edit/delete context table content Tier 1 analysts can import data into any table of a correlator of an available tenant.	yes	yes	yes	yes	no	no	no	no	no
Create a set of resources for services Tier 2 analysts cannot create storages.	yes	yes	yes	no	no	no	no	no	no
Create a service under Resources → Services → Active services Only the General administrator can create a service.	yes	yes	no	no	no	no	no	no	no
Delete services	yes	yes	no	no	no	no	no	no	no
View services that have the gray status	yes	no	no	no	no	no	no	no	no
Restart services	yes	yes	no	no	no	no	no	no	no
Update the settings of services	yes	yes	yes	no	no	no	no	no	no
Reset certificates Users with the Tenant administrator role can reset the certificates of services only in the tenants that are accessible to the user.	yes	yes	no	no	no	no	no	no	no

User permissions for the Data mining section

The Data mining section and actions in this section	General admin- istrator	Tenant admin- istrator	Tier 2 analyst	Tier 1 analyst	Junior analyst	Manage shared resources	Read shared resources	Access to NCIRCC	Access to CII
View the scheduler configuration	yes	yes	yes	no	no	no	yes	no	no
Create a scheduler	yes	yes	yes	no	no	no	no	no	no
Link storages and correlators	yes	yes	yes	no	no	no	no	no	no
Run	yes	yes	yes	no	no	yes	no	no	no

User permissions for the Resources configuration and Services configuration sections

The Resources → Resources configuration and Configuring services and actions in this section	General admin- istrator	Tenant admin- istrator	Tier 2 analyst	Tier 1 analyst	Junior analyst	Manage shared resources	Read shared resources	Access to NCIRCC	Access to CII
View the list of resource and service configurations The configuration of a secret resource can be viewed by the following roles: Tier 1 analyst, Tier 2 analyst, Manage shared resources, and Read shared resources. The list of secrets is available when creating services (collector, correlator, agent), resources, settings. The Manage shared resources role grants access to viewing and editing resources only in the Shared tenant. The Read shared resources role grants access to viewing resources only in the Shared tenant. Access rights do not depend on the tenants selected in the menu. That is, the Storage section may be visible because the user has the administrator role in a tenant in which no storage was created. In that case, the Storage section is displayed, but contains no information. Only the General administrator can view configurations of the event router service.	yes	yes	yes	yes	no	yes	yes	no	no
Create a service configuration The configuration of the Storage service cannot be viewed or edited by the following roles: Tier 1 analyst and Tier 2 analyst.	yes	yes	yes	yes	no	no	no	no	no
Create a resource configuration Creating a configuration for a secret resource is not available to the following roles: Tier 2 analyst, Tier 1 analyst, and Manage shared resources.	yes	yes	yes	yes	no	yes	no	no	no
Duplicate the configuration of a resource/service Tier 1 analysts can duplicate a resource created by other users, including the resource set of a service. However, Tier 1 analysts cannot change the dependent resources in the copy of the set of service resources.	yes	yes	yes	yes	no	yes	no	no	no
Edit the configuration of a resource/service Tier 2 analysts cannot edit resources of secrets.	yes	yes	yes	yes	no	yes	no	no	no
Delete the configuration of a resource/service Tier 2 analysts cannot delete resources of secrets.	yes	yes	yes	yes	no	yes	no	no	no
Import the configuration of a resource/service from a file The following roles can import resources to the Shared tenant: General administrator and Manage shared resources. User rights are not checked at the time of upload, instead they are checked at the time of import, when a tenant is already selected. Therefore, if the user account is not trusted, you must clear the POST /resources/toc, POST /resources/upload check boxes in the properties of API methods. View the repository, import the resources from the repository The Shared tenant's dependent resources are imported into the Shared tenant. A special right to the Shared tenant is not required; only the right to import in the target tenant is checked.	yes	yes	yes	yes	no	yes	no	no	no
View the repository, import the resources from the repository The Shared tenant's dependent resources are imported into the Shared tenant. A special right to the Shared tenant is not required; only the right to import in the target tenant is checked.	yes	yes	yes	no	no	no	no	no	no
Export the configuration of a resource/service Users can export resources and services from the Shared tenant.	yes	yes	yes	yes	no	yes	yes	no	no
Export correlation rules to MITRE ATT&CK Navigator	yes	yes	yes	yes	no	no	no	no	no
Create and edit a resource configuration in the Shared tenant	yes	no	no	no	no	yes	yes	no	no
View a resource in the Shared tenant (including linking, export, duplication)	yes	no	no	no	no	yes	yes	no	no

User permissions for the List of event sources section

The Source status → List of event sources section and actions in this section	General admin- istrator	Tenant admin- istrator	Tier 2 analyst	Tier 1 analyst	Junior analyst	Manage shared resources	Read shared resources	Access to NCIRCC	Access to CII
View sources of events	yes	yes	yes	yes	yes	yes	no	yes	yes
Change sources of events	yes	yes	yes	no	no	yes	no	no	no
Delete sources of events	yes	yes	yes	no	no	yes	no	no	no

User permissions for the Monitoring policies section

The Source status → Monitoring policies section and actions in this section	General admin- istrator	Tenant admin- istrator	Tier 2 analyst	Tier 1 analyst	Junior analyst	Manage shared resources	Read shared resources	Access to NCIRCC	Access to CII
View monitoring policies	yes	yes	yes	yes	yes	yes	yes	yes	yes
Create monitoring policies	yes	yes	yes	no	no	yes	no	no	no
Edit monitoring policies Only the General administrator can edit the predefined monitoring policies.	yes	yes	yes	no	no	yes	no	no	no
Delete monitoring policies Predefined policies cannot be removed.	yes	yes	yes	no	no	yes	no	no	no

User permissions for the Assets section

The Assets section and actions in this section	General admin- istrator	Tenant admin- istrator	Tier 2 analyst	Tier 1 analyst	Junior analyst	Manage shared resources	Read shared resources	Access to NCIRCC	Access to CII
Assets
View the list of assets	yes	yes	yes	yes	yes	no	no	yes	yes
View the list of categories Users can view categories of the Shared tenant.	yes	yes	yes	yes	yes	yes	yes	yes	yes
Add/edit/delete asset categories Within the tenant available to the user.	yes	yes	yes	yes	no	no	no	no	no
Add asset categories in the Shared tenant Users can edit and delete categories of the Shared tenant.	yes	no	no	no	no	no	no	no	no
Link assets to an asset category of the Shared tenant	yes	yes	yes	yes	no	yes	yes	no	no
Add assets	yes	yes	yes	yes	no	no	no	no	no
Edit assets	yes	yes	yes	yes	no	no	no	no	no
Delete assets	yes	yes	yes	yes	no	no	no	no	no
Import assets from Kaspersky Security Center	yes	yes	yes	yes	no	no	no	no	no
Start tasks on assets in Kaspersky Security Center	yes	yes	yes	yes	no	no	no	no	no
Run tasks to move an asset to a Kaspersky Security Center administration group	yes	yes	yes	yes	no	no	no	no	no
Run tasks on assets in Kaspersky Endpoint Detection and Response	yes	yes	yes	yes	no	no	no	no	no
Initiating the change of asset status in KICS for Networks	yes	yes	yes	yes	no	no	no	no	no
Confirm updates to fix the asset vulnerabilities and accept the licensing agreements	yes	yes	no	no	no	no	no	no	no
Editing CII categorization in the asset card	yes	no	no	no	no	no	no	no	yes
Editing custom fields of assets (Settings → Other → Assets)	yes	yes	yes	yes	no	no	no	no	no

User permissions for the Alerts section

The Alerts section and actions in this section	General admin- istrator	Tenant admin- istrator	Tier 2 analyst	Tier 1 analyst	Junior analyst	Manage shared resources	Read shared resources	Access to NCIRCC	Access to CII
View the list of alerts	yes	yes	yes	yes	yes	no	no	yes	yes
Change the severity of alerts	yes	yes	yes	yes	yes	no	no	yes	yes
Open the details of alerts	yes	yes	yes	yes	yes	no	no	yes	yes
Assign responsible users	yes	yes	yes	yes	yes	no	no	yes	yes
Close alerts	yes	yes	yes	yes	yes	no	no	yes	yes
Add comments to alerts	yes	yes	yes	yes	yes	no	no	yes	yes
Attach an event to alerts	yes	yes	yes	yes	yes	no	no	yes	yes
Detach an event from alerts	yes	yes	yes	yes	yes	no	no	yes	yes
Edit and delete someone else's filters Tier 2 analysts and Junior analysts can edit or delete only their own filter resources.	yes	yes	no	no	no	no	no	no	no

User permissions for the Incidents section

The Incidents section and actions in this section	General admin- istrator	Tenant admin- istrator	Tier 2 analyst	Tier 1 analyst	Junior analyst	Manage shared resources	Read shared resources	Access to NCIRCC	Access to CII
View the list of incidents	yes	yes	yes	yes	yes	no	no	yes	yes
Create blank incidents	yes	yes	yes	yes	yes	no	no	yes	yes
Manually create incidents from alerts	yes	yes	yes	yes	yes	no	no	yes	yes
Change the severity of incidents	yes	yes	yes	yes	yes	no	no	yes	yes
Open the incident details Incident details display data from only those tenants to which the user has access.	yes	yes	yes	yes	yes	no	no	yes	yes
Assign executors	yes	yes	yes	yes	yes	no	no	yes	yes
Close incidents	yes	yes	yes	yes	yes	no	no	yes	yes
Add comments to incidents	yes	yes	yes	yes	yes	no	no	yes	yes
Attach alerts to incidents	yes	yes	yes	yes	yes	no	no	yes	yes
Detach alerts from incidents	yes	yes	yes	yes	yes	no	no	yes	yes
Edit and delete someone else's filters Tier 2 analysts, Tier 1 analysts, and Junior analysts can edit or delete only their own filter resources.	yes	yes	no	no	no	no	no	no	no
Export incidents to RuCERT Export incidents to NCIRCC, Send files to NCIRCC, Download files sent to NCIRCC, Export additional incident data to NCIRCC on request, Send messages to NCIRCC, View messages from NCIRCC – a General administrator always has access to these functions, and other users have access to these functions if they have the Can interact with NCIRCC check box selected in their profile.	yes	no	no	no	no	no	no	yes	no
Send files to NCIRCC Export incidents to NCIRCC, Send files to NCIRCC, Download files sent to NCIRCC, Export additional incident data to NCIRCC on request, Send messages to NCIRCC, View messages from NCIRCC – a General administrator always has access to these functions, and other users have access to these functions if they have the Can interact with NCIRCC check box selected in their profile.	yes	no	no	no	no	no	no	yes	no
Download files sent to NCIRCC Export incidents to NCIRCC, Send files to NCIRCC, Download files sent to NCIRCC, Export additional incident data to NCIRCC on request, Send messages to NCIRCC, View messages from NCIRCC – a General administrator always has access to these functions, and other users have access to these functions if they have the Can interact with NCIRCC check box selected in their profile.	yes	no	no	no	no	no	no	yes	no
Export additional incident data to NCIRCC upon request Export incidents to NCIRCC, Send files to NCIRCC, Download files sent to NCIRCC, Export additional incident data to NCIRCC on request, Send messages to NCIRCC, View messages from NCIRCC – a General administrator always has access to these functions, and other users have access to these functions if they have the Can interact with NCIRCC check box selected in their profile.	yes	no	no	no	no	no	no	yes	no
Send messages to NCIRCC Export incidents to NCIRCC, Send files to NCIRCC, Download files sent to NCIRCC, Export additional incident data to NCIRCC on request, Send messages to NCIRCC, View messages from NCIRCC – a General administrator always has access to these functions, and other users have access to these functions if they have the Can interact with NCIRCC check box selected in their profile.	yes	no	no	no	no	no	no	yes	no
View messages from NCIRCC Export incidents to NCIRCC, Send files to NCIRCC, Download files sent to NCIRCC, Export additional incident data to NCIRCC on request, Send messages to NCIRCC, View messages from NCIRCC – a General administrator always has access to these functions, and other users have access to these functions if they have the Can interact with NCIRCC check box selected in their profile.	yes	no	no	no	no	no	no	yes	no
View incident data exported to NCIRCC	yes	no	no	no	no	no	no	yes	no

User permissions for the Events section

The Events section and actions in this section	General admin- istrator	Tenant admin- istrator	Tier 2 analyst	Tier 1 analyst	Junior analyst	Manage shared resources	Read shared resources	Access to NCIRCC	Access to CII
View the list of events	yes	yes	yes	yes	yes	no	no	yes	yes
Search events	yes	yes	yes	yes	yes	no	no	yes	yes
Open the details of events	yes	yes	yes	yes	yes	no	no	yes	yes
Open statistics	yes	yes	yes	yes	yes	no	no	yes	yes
Perform a retroscan	yes	yes	yes	no	no	no	no	no	no
Export events to a TSV file	yes	yes	yes	yes	yes	no	no	yes	yes
View filters (search query)	yes	yes	yes	yes	yes	yes	yes	yes	yes
Add (save) filter	yes	yes	yes	yes	yes	yes	no	yes	yes
Edit or delete someone else's filter folders Tier 2 analysts, Tier 1 analysts, and Junior analysts can edit or delete only their own filter resources.	yes	yes	no	no	no	no	no	no	no
Delete own filters	yes	yes	yes	yes	yes	yes	no	yes	yes
Delete other users' filters	yes	yes	no	no	no	no	no	no	no
Start ktl enrichment	yes	yes	yes	yes	no	no	no	no	no
Run tasks on Kaspersky Endpoint Detection and Response assets in event details	yes	yes	yes	yes	no	no	no	no	no
Create presets	yes	yes	yes	yes	yes	yes	no	yes	yes
Delete presets Tier 2 analysts, Tier 1 analysts, and Junior analysts can delete only their own presets.	yes	yes	yes	yes	yes	yes	no	yes	yes
View and use presets	yes	yes	yes	yes	yes	yes	yes	yes	yes

User permissions for the Users and actions section

The Settings → Access → Users section and actions in this section	General admin- istrator	Tenant admin- istrator	Tier 2 analyst	Tier 1 analyst	Junior analyst	Manage shared resources	Read shared resources	Access to NCIRCC	Access to CII
View the list of users	yes	no	no	no	no	no	no	no	no
Add a user	yes	no	no	no	no	no	no	no	no
Edit a user	yes	no	no	no	no	no	no	no	no
Generate token All users can generate their own tokens. The general administrator can generate a token for any user.	yes	yes	yes	yes	yes	yes	yes	yes	yes
Change access rights for a token The General administrator can modify access rights for any user. Users can assign to themselves only those rights that are available to them as part of the user's role.	yes	yes	yes	yes	yes	yes	yes	yes	yes
View the data of their own profile	yes	yes	yes	yes	yes	yes	yes	yes	yes
Edit the data of their own profile The user role is not available for change.	yes	yes	yes	yes	yes	yes	yes	yes	yes

User permissions for the LDAP server section

The Settings → Integrations → LDAP server section and actions in this section	General admin- istrator	Tenant admin- istrator	Tier 2 analyst	Tier 1 analyst	Junior analyst	Manage shared resources	Read shared resources	Access to NCIRCC	Access to CII
View the LDAP connection settings	yes	yes	yes	yes	no	no	no	no	no
Edit the LDAP connection settings	yes	yes	no	no	no	no	no	no	no
Delete the configuration of an entire tenant from the settings	yes	yes	no	no	no	no	no	no	no
Import assets	yes	yes	no	no	no	no	no	no	no

User permissions for the Tenants section

The Settings → Access → Tenants section and actions in this section	General admin- istrator	Tenant admin- istrator	Tier 2 analyst	Tier 1 analyst	Junior analyst	Manage shared resources	Read shared resources	Access to NCIRCC	Access to CII
View the list of tenants	yes	no	no	no	no	no	no	no	no
Add tenants	yes	no	no	no	no	no	no	no	no
Change tenants	yes	no	no	no	no	no	no	no	no
Export tenants	yes	no	no	no	no	no	no	no	no

This section is available only to the general administrator.

User permissions for the Domain authorization section

The Settings → Access → Domain authorization section and actions in this section	General admin- istrator	Tenant admin- istrator	Tier 2 analyst	Tier 1 analyst	Junior analyst	Manage shared resources	Read shared resources	Access to NCIRCC	Access to CII
View the Active Directory connection settings	yes	no	no	no	no	no	no	no	no
Edit the Active Directory connection settings	yes	no	no	no	no	no	no	no	no
Add filters based on roles for tenants	yes	no	no	no	no	no	no	no	no

This section is available only to the general administrator.

User permissions for the General section

The Settings → Other → General section and actions in this section	General admin- istrator	Tenant admin- istrator	Tier 2 analyst	Tier 1 analyst	Junior analyst	Manage shared resources	Read shared resources	Access to NCIRCC	Access to CII
View the SMTP connection settings	yes	no	no	no	no	no	no	no	no
Edit the SMTP connection settings	yes	no	no	no	no	no	no	no	no

This section is available only to the general administrator.

User permissions for the License section

The Settings → Other → License section and actions in this section	General admin- istrator	Tenant admin- istrator	Tier 2 analyst	Tier 1 analyst	Junior analyst	Manage shared resources	Read shared resources	Access to NCIRCC	Access to CII
View the list of added license keys	yes	no	no	no	no	no	no	no	no
Add license keys	yes	no	no	no	no	no	no	no	no
Delete license keys	yes	no	no	no	no	no	no	no	no

This section is available only to the general administrator.

User permissions for the Kaspersky Security Center section

The Settings → Integrations → Kaspersky Security Center section and actions in this section	General admin- istrator	Tenant admin- istrator	Tier 2 analyst	Tier 1 analyst	Junior analyst	Manage shared resources	Read shared resources	Access to NCIRCC	Access to CII
View the list of successfully integrated Kaspersky Security Center servers	yes	yes	yes	yes	no	no	no	no	no
Add Kaspersky Security Center connections	yes	yes	no	no	no	no	no	no	no
Delete Kaspersky Security Center connections	yes	yes	no	no	no	no	no	no	no
Delete the configuration of an entire tenant from the settings	yes	yes	no	no	no	no	no	no	no
Start the tasks for importing Kaspersky Security Center assets	yes	yes	no	no	no	no	no	no	no

User permissions for the KICS/KATA section

The Settings → Integrations → KICS/KATA section and actions in this section	General admin- istrator	Tenant admin- istrator	Tier 2 analyst	Tier 1 analyst	Junior analyst	Manage shared resources	Read shared resources	Access to NCIRCC	Access to CII
View a list of KICS/KATA servers with which integration has been configured	yes	yes	no	no	no	no	no	no	no
Add and modify the settings of KICS/KATA integration	yes	yes	no	no	no	no	no	no	no
Delete the settings of KICS/KATA integration	yes	yes	no	no	no	no	no	no	no
Run the tasks to import assets from the KICS/KATA settings	yes	yes	no	no	no	no	no	no	no

User permissions for the Kaspersky Automated Security Awareness Platform section

The Settings → Integrations → Kaspersky Automated Security Awareness Platform section and actions in this section	General admin- istrator	Tenant admin- istrator	Tier 2 analyst	Tier 1 analyst	Junior analyst	Manage shared resources	Read shared resources	Access to NCIRCC	Access to CII
View the ASAP integration settings	yes	no	no	no	no	no	no	no	no
Edit the ASAP integration settings	yes	no	no	no	no	no	no	no	no

User permissions for the Kaspersky Endpoint Detection and Response section

The Settings → Integrations → Kaspersky Endpoint Detection and Response section and actions in this section	General admin- istrator	Tenant admin- istrator	Tier 2 analyst	Tier 1 analyst	Junior analyst	Manage shared resources	Read shared resources	Access to NCIRCC	Access to CII
View the connection settings	yes	yes	yes	yes	no	no	no	no	no
Add, edit and disconnect the connections when the distributed solution mode is enabled	yes	no	no	no	no	no	no	no	no
Enable the distributed solution mode	yes	no	no	no	no	no	no	no	no
Add connections when the distributed solution mode is disabled	yes	yes	no	no	no	no	no	no	no
Delete the connections when the distributed solution mode is disabled	yes	yes	no	no	no	no	no	no	no
Delete the configuration of an entire tenant from the settings	yes	yes	no	no	no	no	no	no	no

User permissions for the Kaspersky CyberTrace section

The Settings → Integrations → Kaspersky CyberTrace section and actions in this section	General admin- istrator	Tenant admin- istrator	Tier 2 analyst	Tier 1 analyst	Junior analyst	Manage shared resources	Read shared resources	Access to NCIRCC	Access to CII
View the CyberTrace integration settings	yes	no	no	no	no	no	no	no	no
Edit the CyberTrace integration settings	yes	no	no	no	no	no	no	no	no

This section is available only to the general administrator.

User permissions for the IRP / SOAR section

The Settings → Integrations → IRP / SOAR section and actions in this section	General admin- istrator	Tenant admin- istrator	Tier 2 analyst	Tier 1 analyst	Junior analyst	Manage shared resources	Read shared resources	Access to NCIRCC	Access to CII
View the settings for integration with IRP / SOAR	yes	no	no	no	no	no	no	no	no
Edit the IRP/SOAR integration settings	yes	no	no	no	no	no	no	no	no

This section is available only to the general administrator.

User permissions for the Kaspersky Threat Lookup section

The Settings → Integrations → Kaspersky Threat Lookup section and actions in this section	General admin- istrator	Tenant admin- istrator	Tier 2 analyst	Tier 1 analyst	Junior analyst	Manage shared resources	Read shared resources	Access to NCIRCC	Access to CII
View the Threat Lookup integration settings	yes	no	no	no	no	no	no	no	no
Edit the Threat Lookup integration settings	yes	no	no	no	no	no	no	no	no

This section is available only to the general administrator.

User permissions for the Alerts section

The Settings → Other → Alerts section and actions in this section	General admin- istrator	Tenant admin- istrator	Tier 2 analyst	Tier 1 analyst	Junior analyst	Manage shared resources	Read shared resources	Access to NCIRCC	Access to CII
View the parameters	yes	yes	yes	yes	no	no	no	no	no
Edit the parameters	yes	yes	yes	no	no	no	no	no	no
Delete the configuration of an entire tenant from the settings	yes	yes	yes	no	no	no	no	no	no

User permissions for the Automatic linking of alerts to incidents section

The Settings → Other → Incidents → Automatic linking of alerts to incidents section and actions in this section	General admin- istrator	Tenant admin- istrator	Tier 2 analyst	Tier 1 analyst	Junior analyst	Manage shared resources	Read shared resources	Access to NCIRCC	Access to CII
View the parameters	yes	yes	yes	yes	no	no	no	no	no
Edit the parameters	yes	no	no	no	no	no	no	no	no

This section is available for an account with the Tenant administrator, Tier 2 analyst, or Tier 1 analyst role if the role is assigned in the Main tenant.

User permissions for the Incident types section

The Settings → Other → Incidents → Incident types section and actions in this section	General admin- istrator	Tenant admin- istrator	Tier 2 analyst	Tier 1 analyst	Junior analyst	Manage shared resources	Read shared resources	Access to NCIRCC	Access to CII
View the categories reference	yes	yes	yes	yes	no	no	no	no	no
View the categories charts	yes	yes	yes	yes	no	no	no	no	no
Add categories	yes	yes	no	no	no	no	no	no	no
Edit categories	yes	yes	no	no	no	no	no	no	no
Delete categories	yes	yes	no	no	no	no	no	no	no

User permissions for the NCIRCC section

The Settings → Integrations → NCIRCC section and actions in this section	General admin- istrator	Tenant admin- istrator	Tier 2 analyst	Tier 1 analyst	Junior analyst	Manage shared resources	Read shared resources	Access to NCIRCC	Access to CII
View the parameters	yes	no	no	no	no	no	no	no	no
Edit the parameters	yes	no	no	no	no	no	no	no	no

User permissions for the Asset audit section

The Settings → Other → Assets → Asset audit section and actions in this section	General admin- istrator	Tenant admin- istrator	Tier 2 analyst	Tier 1 analyst	Junior analyst	Manage shared resources	Read shared resources	Access to NCIRCC	Access to CII
Create, clone and edit the settings	yes	yes	yes	no	no	no	no	no	no
View the parameters	yes	yes	yes	yes	no	no	no	no	no
Delete settings	yes	yes	yes	no	no	no	no	no	no

User permissions for the Repository update section

The Settings → Other → Repository update section and actions in this section	General admin- istrator	Tenant admin- istrator	Tier 2 analyst	Tier 1 analyst	Junior analyst	Manage shared resources	Read shared resources	Access to NCIRCC	Access to CII
View the parameters	yes	yes	yes	no	no	no	no	no	no
Edit the parameters	yes	no	no	no	no	no	no	no	no
Start the repository update task manually	yes	yes	yes	no	no	no	no	no	no

User permissions for the Assets section

The Settings → Other → Assets section and actions in this section	General admin- istrator	Tenant admin- istrator	Tier 2 analyst	Tier 1 analyst	Junior analyst	Manage shared resources	Read shared resources	Access to NCIRCC	Access to CII
Add, edit, and delete the asset fields	yes	no	no	no	no	no	no	no	no

User permissions for the Access to spaces section

The Settings → Access → Access to spaces section and actions in this section	General admin- istrator	Tenant admin- istrator	Tier 2 analyst	Tier 1 analyst	Junior analyst	Manage shared resources	Read shared resources	Access to NCIRCC	Access to CII
Viewing the list of sets To view your sets, you must log in to your profile. The profile displays a list of assigned sets; you can hover over a set to display the list of available spaces.	yes	no	no	no	no	no	no	no	no
Adding, editing, deleting a space set The default set (All spaces) cannot be edited.	yes	no	no	no	no	no	no	no	no
Setting the default space set	yes	no	no	no	no	no	no	no	no
Assigning a space set to a user Can only be done with rights in the Main tenant.	yes	no	no	no	no	no	no	no	no

User permissions for the Tags section

The Settings → Other → Tags section and actions in this section	General admin- istrator	Tenant admin- istrator	Tier 2 analyst	Tier 1 analyst	Junior analyst	Manage shared resources	Read shared resources	Access to NCIRCC	Access to CII
View the list of tags	yes	yes	yes	yes	no	no	no	no	no

User permissions for the Extended event schema fields scheme

The Options → Other → Extended event schema fields section and actions in this section	General admin- istrator	Tenant admin- istrator	Tier 2 analyst	Tier 1 analyst	Junior analyst	Manage shared resources	Read shared resources	Access to NCIRCC	Access to CII
Viewing the table of extended event schema fields	yes	yes	yes	yes	yes	no	yes	no	no
Exporting extended event schema fields Service fields of the extended event schema with the `KL_` prefix cannot be exported.	yes	yes	yes	yes	yes	no	yes	no	no
Adding and modifying extended event schema fields Service fields of the extended event schema with the `KL_` prefix are not editable.	yes	yes	yes	yes	yes	no	no	no	no
Importing extended event schema fields	yes	yes	yes	yes	yes	no	no	no	no
Removing and disabling extended event schema fields Service fields of the extended event schema with the `KL_` prefix cannot be deleted.	yes	no	no	no	no	no	no	no	no

User permissions for the Metrics section

The Metrics section and actions in this section	General admin- istrator	Tenant admin- istrator	Tier 2 analyst	Tier 1 analyst	Junior analyst	Manage shared resources	Read shared resources	Access to NCIRCC	Access to CII
Open metrics	yes	no	no	no	no	no	no	no	no

User permissions for the Task manager section

The Task manager section and actions in this section	General admin- istrator	Tenant admin- istrator	Tier 2 analyst	Tier 1 analyst	Junior analyst	Manage shared resources	Read shared resources	Access to NCIRCC	Access to CII
View a list of your own tasks A user with the General administrator role has access to tasks of all tenants. Users with roles that allow reading and editing shared resources do not have access to tasks. Users with other roles, including users with the Tenant administrator role, can view all tasks in tenants available to them.	yes	yes	yes	yes	yes	no	no	yes	yes
Finish your own tasks	yes	yes	yes	yes	yes	no	no	yes	yes
Restart your own tasks	yes	yes	yes	yes	yes	no	no	yes	yes
View a list of all tasks A user with the General administrator role has access to tasks of all tenants. Users with roles that allow reading and editing shared resources do not have access to tasks. Users with other roles, including users with the Tenant administrator role, can view all tasks in tenants available to them.	yes	yes	yes	yes	yes	no	no	yes	yes
Finish any task	yes	no	no	no	no	no	no	no	no
Restart any task Users with the General administrator role can restart tasks of all tenants. Users with roles that allow reading and editing shared resources do not have access to tasks. Users with other roles, including users with the Tenant administrator role, can restart a task of another user if they have the rights to run tasks in their tenants.	yes	yes	yes	yes	yes	no	no	yes	yes

User permissions for the CyberTrace section

The CyberTrace section and actions in this section	General admin- istrator	Tenant admin- istrator	Tier 2 analyst	Tier 1 analyst	Junior analyst	Manage shared resources	Read shared resources	Access to NCIRCC	Access to CII
Open the section	yes	no	no	no	no	no	no	no	no

This section is not displayed in the web interface unless CyberTrace integration is configured under Settings → Integrations → Kaspersky CyberTrace.

User permissions for the Access to tenant data section


The Access to tenant data section and actions in this section	General admin- istrator	Tenant admin- istrator		Tier 2 analyst	Tier 1 analyst	Junior analyst	Manage shared resources	Read shared resources	Access to NCIRCC	Access to CII
Access to tenants A user has access to the tenant if its name is indicated in the settings blocks of the roles assigned to the user account. The access level depends on which role is indicated for the tenant.	yes		yes	yes	yes	yes	no	no	yes	yes
Shared tenant A shared tenant is used to store shared resources that must be available to all tenants. Although services cannot be owned by the Shared tenant, these services may utilize resources that are owned by the Shared tenant. These services are still owned by their respective tenants. Events, alerts and incidents cannot be shared. Permissions to access the Shared tenant: Read/write—only the general administrator. Read—all other users, including users that have permissions to access the main tenant.	yes		yes	yes	yes	yes	yes	yes	yes	yes
Main tenant A user has access to the main tenant if its name is indicated in the settings blocks of the roles assigned to the user account. The access level depends on which role is indicated for the tenant. Permissions to access the main tenant do not grant access to other tenants.	yes		yes	yes	yes	yes	no	no	yes	yes

Page top