Cloud SIEM User Accounts and Roles
This topic has information about creating and managing user accounts and roles for Cloud SIEM. Cloud SIEM uses role-based access control (RBAC). An administrator controls access to capabilities by assigning capabilities or permissions to roles, and then assigning users to roles. Â
Create users and roles​
Roles and capabilities are managed on the Sumo Logic platform. For instructions, see the following topics:
- Create and Edit Users. Follow the instructions in this topic to create user accounts. When you create a user account, you'll assign roles to it.
- Create and Manage Roles. You can assign multiple roles to a user. So, you might consider creating Cloud SIEM-specific roles for different Cloud SIEM user types, separate from roles you may define for Sumo Logic platform functionality. Â
note
When you create roles, you have the option to set up a role search filter that specifies what log data users with the role may access. If you take advantage of that feature, be sure not to restrict Cloud SIEM users’ access to indexes that contain Cloud SIEM Records.
Assign Cloud SIEM capabilities to a role​
- Classic UI. In the main Sumo Logic menu, select Administration > Users and Roles.
New UI. In the top menu click Administration, and then under Users and Roles select Roles. You can also click the Go To... menu at the top of the screen and select Roles. - Click the Roles tab.
- Click Add Role.
- In the Create New Role dialog, scroll down to Cloud SIEM.
- Select View Cloud SIEM.
- Select capabilities from the categories:
- Insights. Provides capabilities to manage Insights.
- Content. Provides capabilities to manage elements such as rules, match lists, Entities, and more.
- Configuration. Provides capabilities to manage administrative elements such as mappings, tags, automations, and more.
For descriptions of the capabilities in each category, see Role Capabilities.
- If you select a “Manage” capability for an object (like Manage Rules) you also have to select the corresponding “View” capability (like View Rules). Users cannot manage something without also being able to view it.
- When we add new features to Cloud SIEM, capabilities for them are auto-enabled on the built-in Administrator role. However, if you create your own roles for Cloud SIEM, you must add those capabilities as needed to your custom roles. Follow our Cloud SIEM release notes for new features to determine if they have corresponding role capabilities you need to add to your roles.