This topic has information about creating and managing user accounts and roles for Cloud SIEM. Cloud SIEM uses role-based access control (RBAC). An administrator controls access to capabilities by assigning capabilities or permissions to roles, and then assigning users to roles.
Create users and roles
Roles and capabilities are managed on the Sumo Logic platform. For instructions, see the following topics:
- Create and Edit Users. Follow the instructions in this topic to create user accounts. When you create a user account, you'll assign roles to it.
- Create and Manage Roles. You can assign multiple roles to a user. So, you might consider creating Cloud SIEM-specific roles for different Cloud SIEM user types, separate from roles you may define for Sumo Logic platform functionality.
When you create roles, you have the option to set up a role search filter that specifies what log data users with the role may access. If you take advantage of that feature, be sure not to restrict Cloud SIEM users’ access to indexes that contain Cloud SIEM Records.
Assign Cloud SIEM capabilities to a role
- In the left navigation bar of Sumo Logic, select Administration > Users and Roles.
- Click the Roles tab.
- Click Add Role.
- In the Create New Role dialog, scroll down to Cloud SIEM.
- Select View Cloud SIEM.
- Select capabilities from the categories:
For descriptions of the capabilities in each category, see Role Capabilities.
- If you select a “Manage” capability for an object (like Manage Rules) you also have to select the corresponding “View” capability (like View Rules). Users can't manage something without also being able to view it.
- When we add new features to Cloud SIEM, capabilities for them are auto-enabled on the built-in Administrator role. However, if you create your own roles for Cloud SIEM, you must add those capabilities as needed to your custom roles. Follow our Cloud SIEM release notes for new features to determine if they have corresponding role capabilities you need to add to your roles.