Skip to main content

Role Capabilities

Following are the capabilities you can assign when you create roles.

Data Management

CapabilityDescription
View CollectorsView collectors and sources that have already been installed or added.
Manage CollectorsView and manage installed and hosted collectors as well as sources.
Manage Ingest BudgetsAllows you to manage ingest budgets. Enabling this will automatically enable the Manage Collectors capability. The Manage Collectors capability on its own permits the re-assignment of budgets to different collectors, but not creating or deleting them.
Manage Data Volume FeedEnable and manage the data volume index for your account to avoid exceeding your data limits, and to determine when you need to upgrade your account.
View Field Extraction RulesView field extraction rules, which accelerate your search process by automatically parsing fields as log messages are ingested.
View FieldsView fields, which are custom metadata fields you can assign to logs.
Manage FieldsManage fields. Note that if you grant a role the Manage Fields capability, users with that role will also have the View Fields and View Field Extraction Rules capabilities.
Manage Field Extraction RulesManage field extractions, which speed the search process by automatically parsing fields as log messages are ingested. Note that if you grant a role the Manage Field Extraction Rules capability, users with that role will also have the Manage Fields, View Fields, and View Field Extraction Rules capabilities.
Manage S3 Data ForwardingManage S3 data forwarding from Sumo Logic to an S3 bucket.
Manage ContentManage the content for your organization. This provides access to Admin Mode in the Library.
Manage AppsInstall and manage apps.
Manage ConnectionsManage the connections that allow you to send alerts to other tools.
View ConnectionsView connections on the Connections page.
View Scheduled ViewsView Scheduled Views.
Manage Scheduled ViewsView, create, edit, and delete Scheduled Views. Note that if you grant a role the Manage Schedule Views capability, users with that role will also have View Scheduled Views capability.
View PartitionsView partitions.
Manage PartitionsView, create, edit, and delete partitions. Note that if you grant a role the Manage Partitions capability, users with that role will also have View Partitions and Manage S3 Data Forwarding capabilities.
View Account OverviewView the Account Overview page.
Manage TokensManage Installation Tokens.
View ParsersView parsers.
Download Search ResultsExport log query results to a .csv file.

Entity Management

CapabilityDescription
Manage Entity Type ConfigsReserved for internal use.

Metrics

CapabilityDescription
Manage Metrics Transformation RulesCreate, edit, or delete metrics transformation rules.
Manage Logs-to-MetricsCreate, edit, or delete Logs-to-Metrics rules.
Manage Metrics RulesCreate, edit, or delete metrics rules.

Security

CapabilityDescription
Manage Password PolicySet the password policy for your Sumo Logic account.
Allowlist IP AddressesExplicitly grant access to specific IP addresses or address ranges.
Create Access KeysCreate your own access keys on the Account Preferences page.
Manage Access KeysSet up, activate, deactivate, or delete access keys for your organization.
Manage Support Account AccessEnable management of the Sumo Logic support account for your organization.
Manage Audit Data FeedEnable and manage the Audit Index, which provides information on the internal events that occur in your account associated with account management, user activity, and scheduled searches.
Manage SAMLProvision and manage SAML for single sign-on to your Sumo Logic accounts.
Manage Share Dashboards Outside of OrganizationShare a dashboard with users who do not have access to Sumo Logic.
Manage Organization SettingsConfigure a concurrent user sessions limit and enable the Data Access Level for Shared Dashboards security policy.
Change Data Access LevelChange the data access level of dashboards or scheduled searches to which they have edit or manage permission.

Dashboards

CapabilityDescription
Share Dashboards with the worldShare dashboards in view-only mode with no login required. Anyone with the URL can view the dashboard without logging in.
Share Dashboards with your allowlistShare dashboards in view-only mode with no login required. Viewers must be connecting from IP addresses specified in your service allowlist.

User Management

CapabilityDescription
Manage Users And RolesAccess the web app pages to manage users and roles.

Automation Service

CapabilityDescription
Task ViewSee tasks in playbooks.
Task AccessAccess your tasks in playbooks.
Task Access allAccess all user tasks in playbooks.
Task EditConfigure tasks in playbooks.
Task ReassignAssign tasks in playbooks to users.
App Central AccessView App Central.
App Central ExportExport contents of integrations and playbooks from App Central.
Integrations AccessView integrations.
Integrations ConfigureCreate and edit integrations.
Playbooks AccessView playbooks.
Playbooks ConfigureCreate and edit playbooks.
Bridge Monitoring AccessMonitor Bridge operations.
Observability AccessAccess automation in the Sumo Logic SaaS Log Analytics Platform.
Observability ConfigureCreate and edit automation in the Sumo Logic SaaS Log Analytics Platform.

Alerting

Folder-level permissions are available if your org has fine-grained Monitor permissions enabled. If you'd like to use this feature, contact Sumo Logic Support to have it enabled.

CapabilityDescription
View MonitorsIf monitors folder permissions are enabled for your org, users with this capability can view folders on the Monitors page to which they've been granted View access, and the Monitors contained in those folders.
Manage MonitorsUsers with this capability can create new folders and monitors, and grant other roles permissions to the folders they create. If monitors folder permissions are enabled for your org, users with this capability can also create, edit, delete, update and grant permissions to folders to which another user has granted them those permissions.
Admin MonitorsIf monitors folder permissions are enabled for your org, users with this capability have full access (Create, Edit, Delete, Update, and grant permissions) to ALL folders and monitors on the Monitors page. This is similar to the Content Administrator capability of the Content Library.
View AlertsView alerts on the Alert page.
View Muting SchedulesRequired for viewing the Muting Schedules page and schedule definitions.
Manage Muting SchedulesRequired for creating, editing, and deleting Muting Schedules.

Reliability Management

CapabilityDescription
View SLOsView Service Level Objectives (SLOs).
Manage SLOsCreate, edit, and delete SLOs.

Organizations

CapabilityDescription
View OrganizationsView the Organizations UI.
Create OrganizationsCreate and provision child organizations.
Change Credits AllocationChange the credits allocation for a child organization.
Create Trial OrganizationsCreate trial organizations. (For Sumo Logic Service Providers only.)
Upgrade Trial OrganizationsUpgrade trial organizations. (For Sumo Logic Service Providers only.)
Deactivate OrganizationsDeactivate trial organizations. (For Sumo Logic Service Providers only.)

Threat Intel

CapabilityDescription
View Threat Intel Data StoreSearch log data using threat intelligence indicators.
Manage Threat Intel Data StoreCreate, edit, and delete threat intelligence indicators.

Cloud SOAR

Cloud SOAR capabilities appear in the Roles UI only if Cloud SOAR has been enabled for your account.

info

This section is for our Cloud SOAR SaaS version. If you have a legacy Cloud SOAR instance URL matching the pattern *.soar.sumologic.com, see Legacy Cloud SOAR role capabilities below.

Capability categoryCapabilityDescription
View Cloud SOARUsers with a role that grants this capability will see a Cloud SOAR link in the left-nav bar of the Sumo Logic UI.
IncidentViewView all incidents.
IncidentAccessAccess your incidents.
IncidentAccess allAccess all incidents.
IncidentEditCreate, edit, and delete incidents.
IncidentBulk OperationsManage incident bulk operations.
IncidentManage InvestigatorsManage investigators assigned to incidents.
IncidentChange OwnershipChange ownership of incidents.
TriageViewView all triage events.
TriageAccessAccess your triage events.
TriageAccess allAccess all triage events.
TriageChange OwnershipChange ownership of triage events.
TriageEditCreate, edit,and delete triage events.
TriageBulk physical deletePerform bulk deletion of triage events.
FoldersEditCreate, edit, and delete folders.
AttachmentsAccessAccess all attachments.
AttachmentsEditCreate, edit, and delete attachments.
Incident PlaybookAccessAccess all incident playbooks.
Incident PlaybookEditCreate, edit, and delete incident playbooks.
Incident PlaybookManageManage incident playbooks.
NoteAccessAccess all notes.
NoteEditCreate, edit, and delete notes.
War RoomUseBe able to use the War Room.
Settings GeneralConfigureConfigure settings.
User ManagementGroupsManage groups.
NotificationConfigureConfigure notifications.
CustomizationLogoCustomize the logo.
CustomizationFieldsCustomize fields.
CustomizationIncident LabelsCustomize incident labels.
CustomizationTriageCustomize triage.
Audit and InformationLicense InformationView license audit and information.
Audit and InformationAudit TrailView audit trail information.
Audit and InformationConfigure Audit TrailConfigure audit trail information.
APIUseUse APIs.
APIApi AdminHave admin access to APIs.
APIEmail ReadRead emails.
APIEmail EditCreate, edit, and delete emails.
Incident TemplatesAccessAccess all incident templates.
Incident TemplatesConfigureConfigure templates.
Automation RulesAccessAccess automation rules.
Automation RulesConfigureConfigure automation rules.
EntitiesAccessAccess all entities.
EntitiesManageManage entities.
EntitiesBulk Physical DeletePerform bulk deletion of entities.
ReportAccessAccess your reports.
ReportAccess allAccess all reports.
DashboardAccessAccess your dashboards.
DashboardAccess allAccess all dashboards.
WidgetsUse allUse all widgets.

Legacy Cloud SOAR role capabilities

info

This section only applies to organizations having a legacy Cloud SOAR instance URL matching the pattern *.soar.sumologic.com.

CapabilityDescription
View Cloud SOARUsers with a role that grants this capability will see a Cloud SOAR link in the left-nav bar of the Sumo Logic UI.
Settings GeneralAccess Cloud SOAR settings.
ConfigureConfigure Cloud SOAR.

Cloud SIEM

Cloud SIEM capabilities only appear in the Roles UI if Cloud SIEM has been enabled for your account. For more information about how to assign Cloud SIEM capabilities, see Cloud SIEM User Accounts and Roles.

Capability categoryCapabilityDescription
View Cloud SIEMUsers with a role that grants this capability will see a Cloud SIEM link in the left-nav bar of the Sumo Logic UI. When a user clicks on the link, the Cloud SIEM Heads-Up Display (HUD) will open.
InsightsComment on InsightsAdd comments to Insights.
InsightsCreate InsightsCreate Insights.
InsightsDelete InsightsDelete Insights.
InsightsInvoke Insights ActionsChoose and run an Action from the Actions menu for an Insight.
InsightsManage Insight AssigneeChange the user that is assigned to an Insight.
InsightsManage Insight SignalsAdd Signals to Insights; remove Signals from Insights.
InsightsManage Insight StatusChange the status of an Insight.
InsightsManage Insight TagsAdd and delete tags assigned to Insights.
ContentView RulesView Cloud SIEM rules.
ContentManage RulesCreate, edit, and delete Cloud SIEM rules.
ContentView Threat IntelligenceView threat intel sources in Cloud SIEM.
ContentManage Threat IntelligenceCreate, edit, and delete threat intel sources.
ContentView Match ListsView Match Lists.
ContentManage Match ListsCreate, edit, and delete Match Lists.
ContentView File AnalysisView file analysis (YARA) rules.
ContentManage File AnalysisCreate, edit, and delete file analysis (YARA) rules.
ContentView Custom InsightsView custom Insight configurations.
ContentManage Custom InsightsCreate, edit, and delete custom Insight configurations.
ContentView Network BlocksView network blocks.
ContentManage Network BlocksCreate, edit, and delete network blocks.
ContentView Suppressed EntitiesView suppressed Entities.
ContentManage Suppressed EntitiesSuppress and unsuppress Entities.
ConfigurationView MappingsView log mappings and ingest mappings.
ConfigurationManage MappingsCreate, edit, and delete log mappings and ingest mappings.
ConfigurationView WorkflowView Insight detection settings, custom Insight statuses, custom Insight resolutions, and tag schemas.
ConfigurationManage WorkflowCreate, edit, and delete Insight detection settings, custom Insight statuses and resolutions, and tag schemas.
ConfigurationView Context ActionsView Context Actions.
ConfigurationManage Context ActionsCreate, edit, and delete Context Actions.
ConfigurationView ActionsView Actions.
ConfigurationManage ActionsCreate, edit, and delete Actions.
ConfigurationView EnrichmentsView Enrichments.
ConfigurationManage EnrichmentsUpload Insight, Signal, and Entity enrichments using the Cloud SIEM API.
ConfigurationView Custom Entity TypesView custom Entity types.
ConfigurationManage Custom Entity TypesCreate, edit, and delete custom Entity types.
ConfigurationView EntityView Entities.
ConfigurationManage EntityCreate, edit, and delete Entities.
ConfigurationView Entity NormalizationView the configurations on Cloud SIEM’s Domain Normalization page.
ConfigurationManage Entity NormalizationUpdate the configurations on Cloud SIEM’s Domain Normalization page.
ConfigurationView Entity CriticalityView Entity Criticalities.
ConfigurationManage Entity CriticalityCreate, edit, and delete Entity Criticalities.
ConfigurationView Tag SchemasView tag schemas.
ConfigurationManage Tag SchemasCreate, edit, and delete schema key tags, which can be attached to Insights, Signals, Entities, and Rules.
ConfigurationManage Favorite FieldsAdd and remove favorite fields by clicking the star icon next to the fields in Cloud SIEM Records.
ConfigurationView Entity GroupsView Entity Groups.
ConfigurationManage Entity GroupsCreate, edit, and delete Entity Groups.
ConfigurationView AutomationsView automations.
ConfigurationManage AutomationsCreate, edit, and delete automations.
ConfigurationExecute AutomationsRun automations.
Status
Legal
Privacy Statement
Terms of Use

Copyright © 2024 by Sumo Logic, Inc.