Skip to main content
Sumo Logic

About Roles

You can define custom roles for Sumo Logic users to meet the needs of your deployment. 

Roles are implemented as search language constructs in a query string. A string specifying the constraints associated with a role is silently prepended to every query run by users assigned to that role.

In addition, roles determine who has the ability to manage Collectors in a Sumo Logic account.

How do roles work together?

When a user is assigned to more than one role, the rules are combined with an OR in front of each query the user runs. Users inherit the highest level of access granted in the roles they are assigned. For example, if a user is assigned to the role "admin" which has the most capabilities, and also to a role "advanced user" which has a different set of capabilities, the user will have the capabilities of both roles.

Example: An IT team member is assigned to roles that, when combined, allow him to access to a Collector named firewall, but not a Collector named HR. The following query string is silently prepended to every search that the IT member runs.

_collector=firewall OR !_collector=hr AND [search query]

The user can see IT-related errors and activity, but not HR records.

What about shared content?

When you share or publish a Dashboard, the default is that users will see exactly the same view as the person who created the Dashboard.  If the user viewing the Dashboard has different RBAC permissions than the owner, the user will temporarily assume the RBAC permissions of the owner when they're viewing the dashboard.