Role Capabilities
Following are the capabilities you can assign when you create roles.
Data Management
| Capability | Description |
|---|---|
| View Collectors | View collectors and sources that have already been installed or added. |
| Manage Collectors | View and manage installed and hosted collectors as well as sources. |
| Manage Ingest Budgets | Allows you to manage ingest budgets. Enabling this will automatically enable the Manage Collectors capability. The Manage Collectors capability on its own permits the re-assignment of budgets to different collectors, but not creating or deleting them. |
| Manage Data Volume Feed | Enable and manage the data volume index for your account to avoid using On-Demand Capacity, and to determine when you need to upgrade your account. |
| View Field Extraction Rules | View field extraction rules, which accelerate your search process by automatically parsing fields as log messages are ingested. |
| View Fields | View fields, which are custom metadata fields you can assign to logs. |
| Manage Fields | Manage fields. Note that if you grant a role the Manage Fields capability, users with that role will also have the View Fields and View Field Extraction Rules capabilities. |
| Manage Field Extraction Rules | Manage field extractions, which speed the search process by automatically parsing fields as log messages are ingested. Note that if you grant a role the Manage Field Extraction Rules capability, users with that role will also have the Manage Fields, View Fields, and View Field Extraction Rules capabilities. |
| Manage S3 Data Forwarding | Manage S3 data forwarding from Sumo Logic to an S3 bucket. |
| Manage Content | Manage the content for your organization. This provides access to Admin Mode in the Library. |
| Manage Apps | Install and manage apps. |
| Manage Connections | Manage the connections that allow you to send alerts to other tools. |
| View Scheduled Views | View Scheduled Views. |
| Manage Scheduled Views | View, create, edit, and delete Scheduled Views. Note that if you grant a role the Manage Schedule Views capability, users with that role will also have View Scheduled Views capability. |
| View Partitions | View partitions. |
| Manage Partitions | View, create, edit, and delete partitions. Note that if you grant a role the Manage Partitions capability, users with that role will also have View Partitions and Manage S3 Data Forwarding capabilities. |
| View Account Overview | View the Account Overview page. |
| Manage Tokens | Manage Installation Tokens. |
| View Parsers | View parsers. |
| Download Search Results | Export log query results to a .csv file. |
Entity Management
| Capability | Description |
|---|---|
| Manage Entity Type Configs | Reserved for internal use. |
Metrics
| Capability | Description |
|---|---|
| Manage Metrics Transformation Rules | Create, edit, or delete metrics transformation rules. |
| Manage Logs-to-Metrics | Create, edit, or delete Logs-to-Metrics rules. |
| Manage Metrics Rules | Create, edit, or delete metrics rules. |
Security
| Capability | Description |
|---|---|
| Manage Password Policy | Set the password policy for your Sumo Logic account. |
| Allowlist IP Addresses | Explicitly grant access to specific IP addresses or address ranges. |
| Create Access Keys | Create your own access keys on the Account Preferences page. |
| Manage Access Keys | Set up, activate, deactivate, or delete access keys for your organization. |
| Manage Support Account Access | Enable management of the Sumo Logic support account for your organization. |
| Manage Audit Data Feed | Enable and manage the Audit Index, which provides information on the internal events that occur in your account associated with account management, user activity, and scheduled searches. |
| Manage SAML | Provision and manage SAML for single sign-on to your Sumo Logic accounts. |
| Manage Share Dashboards Outside of Organization | Share a dashboard with users who don't have access to Sumo Logic. |
| Manage Organization Settings | Configure a concurrent user sessions limit and enable the Data Access Level for Shared Dashboards security policy. |
| Change Data Access Level | Change the data access level of dashboards or scheduled searches to which they have edit or manage permission. |
Dashboards
| Capability | Description |
|---|---|
| Share dashboards with the allowlist | Share dashboards in view-only mode with no login required. Viewers must be connecting from IP addresses specified in your service allowlist. |
| Share dashboards with the world | Share dashboards in view-only mode with no login required. Anyone with the URL can view the dashboard without logging in. |
User Management
| Capability | Description |
|---|---|
| Manage users and roles | Access the web app pages to manage users and roles. |
Alerting
Folder-level permissions are available if your org has fine-grained Monitor permissions enabled. If you'd like to use this feature, contact Sumo Logic Support to have it enabled.
| Capability | Description |
|---|---|
| View Monitors | If Monitors folder permissions are enabled for your org, users with this capability can view folders on the Monitors page to which they've been granted View access, and the Monitors contained in those folders. |
| Manage Monitors | Users with this capability can create new folders and Monitors, and grant other roles permissions to the folders they create. If Monitors folder permissions are enabled for your org, users with this capability can also create, edit, delete, update and grant permissions to folders to which another user has granted them those permissions. |
| Admin Monitors | If Monitors folder permissions are enabled for your org, users with this capability have full access (Create, Edit, Delete, Update, and grant permissions) to ALL folders and monitors on the Monitors page. This is similar to the Content Administrator capability of the Content Library. |
| View Alerts | View alerts on the Alert page. |
| View Muting Schedules | Required for viewing the Muting Schedules page and schedule definitions. |
| Manage Muting Schedules | Required for creating, editing, and deleting Muting Schedules. |
Reliability Management
| Capability | Description |
|---|---|
| View SLOs | View Service Level Objectives (SLOs). |
| Manage SLOs | Create, edit, and delete SLOs. |
Organizations
| Capability | Description |
|---|---|
| View Organizations | View the Organizations UI. |
| Create Organizations | Create and provision child organizations. |
| Change Credits Allocation | Change the credits allocation for a child organization. |
| Create Trial Organizations | Create trial organizations. (For Sumo Logic Service Providers only.) |
| Upgrade Trial Organizations | Upgrade trial organizations. (For Sumo Logic Service Providers only.) |
| Deactivate Organizations | Deactivate trial organizations. (For Sumo Logic Service Providers only.) |
Cloud SOAR
Cloud SOAR capabilities appear in the Roles UI only if Cloud SOAR has been enabled for your account.
| Capability category | Capability | Description |
|---|---|---|
| View Cloud SOAR | Users with a role that grants this capability will see a Cloud SOAR link in the left-nav bar of the Sumo Logic UI. | |
| App Central | Access | Access App Central. |
| App Central | Export | Export from App Central. |
| Integrations | Access | Access Integrations. |
| Integrations | Configure | Configure Integrations. |
| Automation Playbooks | Access | Access playbooks. |
| Automation Playbooks | Configure | Configure playbooks. |
| Bridge Monitoring | Access | Access Bridge monitoring. |
| Observability | Access | Access playbook execution information. |
| Observability | Configure | Configure playbook execution information. |
Cloud SIEM Enterprise
Cloud SIEM Enterprise capabilities only appear in the Roles UI if Cloud SIEM has been enabled for your account. For more information about how to assign Cloud SIEM capabilities, see Cloud SIEM User Accounts and Roles.
| Capability category | Capability | Description |
|---|---|---|
| View Cloud SIEM Enterprise | Users with a role that grants this capability will see a Cloud SIEM Enterprise link in the left-nav bar of the Sumo Logic UI. When a user clicks on the link, the Cloud SIEM Heads-Up Display (HUD) will open. | |
| Insights | Comment on Insights | Add comments to Insights. |
| Insights | Create Insights | Create Insights. |
| Insights | Delete Insights | Delete Insights. |
| Insights | Invoke Insights Actions | Choose and run an Action from the Actions menu for an Insight. |
| Insights | Manage Insight Assignee | Change the user that is assigned to an Insight. |
| Insights | Manage Insight Signals | Add Signals to Insights; remove Signals from Insights. |
| Insights | Manage Insight Status | Change the status of an Insight. |
| Insights | Manage Insight Tags | Add and delete tags assigned to Insights. |
| Content | View Rules | View Cloud SIEM rules. |
| Content | Manage Rules | Create, edit, and delete Cloud SIEM rules. |
| Content | View Threat Intelligence | View threat intel sources in Cloud SIEM. |
| Content | Manage Threat Intelligence | Create, edit, and delete threat intel sources. |
| Content | View Match Lists | View Match Lists. |
| Content | Manage Match Lists | Create, edit, and delete Match Lists. |
| Content | View File Analysis | View file analysis (YARA) rules. |
| Content | Manage File Analysis | Create, edit, and delete file analysis (YARA) rules. |
| Content | View Custom Insights | View custom Insight configurations. |
| Content | Manage Custom Insights | Create, edit, and delete custom Insight configurations. |
| Content | View Network Blocks | View network blocks. |
| Content | Manage Network Blocks | Create, edit, and delete network blocks. |
| Content | View Suppressed Entities | View suppressed Entities. |
| Content | Manage Suppressed Entities | Suppress and unsuppress Entities. |
| Configuration | View Mappings | View log mappings and ingest mappings. |
| Configuration | Manage Mappings | Create, edit, and delete log mappings and ingest mappings. |
| Configuration | View Workflow | View Insight detection settings, custom Insight statuses, custom Insight resolutions, and tag schemas. |
| Configuration | Manage Workflow | Create, edit, and delete Insight detection settings, custom Insight statuses and resolutions, and tag schemas. |
| Configuration | View Context Actions | View Context Actions. |
| Configuration | Manage Context Actions | Create, edit, and delete Context Actions. |
| Configuration | View Actions | View Actions. |
| Configuration | Manage Actions | Create, edit, and delete Actions. |
| Configuration | View Enrichments | View Enrichments. |
| Configuration | Manage Enrichments | Upload Insight, Signal, and Entity enrichments using the Cloud SIEM API. |
| Configuration | View Custom Entity Types | View custom Entity types. |
| Configuration | Manage Custom Entity Types | Create, edit, and delete custom Entity types. |
| Configuration | View Entity | View Entities. |
| Configuration | Manage Entity | Create, edit, and delete Entities. |
| Configuration | View Entity Normalization | View the configurations on Cloud SIEM’s Domain Normalization page. |
| Configuration | Manage Entity Normalization | Update the configurations on Cloud SIEM’s Domain Normalization page. |
| Configuration | View Entity Criticality | View Entity Criticalities. |
| Configuration | Manage Entity Criticality | Create, edit, and delete Entity Criticalities. |
| Configuration | View Tag Schemas | View tag schemas. |
| Configuration | Manage Tag Schemas | Create, edit, and delete schema key tags, which can be attached to Insights, Signals, Entities, and Rules. |
| Configuration | Manage Favorite Fields | Add and remove favorite fields by clicking the star icon next to the fields in Cloud SIEM Records. |
| Configuration | View Entity Groups | View Entity Groups. |
| Configuration | Manage Entity Groups | Create, edit, and delete Entity Groups. |
| Configuration | View Automations | View automations. |
| Configuration | Manage Automations | Create, edit, and delete automations. |
| Configuration | Execute Automations | Run automations. |