Role Capabilities
Following are the capabilities you can assign when you create roles.
Data Management
Capability | Description |
---|---|
View Collectors | View collectors and sources that have already been installed or added. |
Manage Collectors | View and manage installed and hosted collectors as well as sources. |
Manage Ingest Budgets | Allows you to manage ingest budgets. Enabling this will automatically enable the Manage Collectors capability. The Manage Collectors capability on its own permits the re-assignment of budgets to different collectors, but not creating or deleting them. |
Manage Data Volume Feed | Enable and manage the data volume index for your account to avoid exceeding your data limits, and to determine when you need to upgrade your account. |
View Field Extraction Rules | View field extraction rules, which accelerate your search process by automatically parsing fields as log messages are ingested. |
View Fields | View fields, which are custom metadata fields you can assign to logs. |
Manage Fields | Manage fields. Note that if you grant a role the Manage Fields capability, users with that role will also have the View Fields and View Field Extraction Rules capabilities. |
Manage Field Extraction Rules | Manage field extractions, which speed the search process by automatically parsing fields as log messages are ingested. Note that if you grant a role the Manage Field Extraction Rules capability, users with that role will also have the Manage Fields, View Fields, and View Field Extraction Rules capabilities. |
Manage S3 Data Forwarding | Manage S3 data forwarding from Sumo Logic to an S3 bucket. |
Manage Content | Manage the content for your organization. This provides access to Admin Mode in the Library. |
Manage Apps | Install and manage apps. |
Manage Connections | Manage the connections that allow you to send alerts to other tools. |
View Connections | View connections on the Connections page. |
View Scheduled Views | View Scheduled Views. |
Manage Scheduled Views | View, create, edit, and delete Scheduled Views. Note that if you grant a role the Manage Schedule Views capability, users with that role will also have View Scheduled Views capability. |
View Partitions | View partitions. |
Manage Partitions | View, create, edit, and delete partitions. Note that if you grant a role the Manage Partitions capability, users with that role will also have View Partitions and Manage S3 Data Forwarding capabilities. |
View Account Overview | View the Account Overview page. |
Manage Tokens | Manage Installation Tokens. |
View Parsers | View parsers. |
Download Search Results | Export log query results to a .csv file. |
Entity Management
Capability | Description |
---|---|
Manage Entity Type Configs | Reserved for internal use. |
Metrics
Capability | Description |
---|---|
Manage Metrics Transformation Rules | Create, edit, or delete metrics transformation rules. |
Manage Logs-to-Metrics | Create, edit, or delete Logs-to-Metrics rules. |
Manage Metrics Rules | Create, edit, or delete metrics rules. |
Security
Capability | Description |
---|---|
Manage Password Policy | Set the password policy for your Sumo Logic account. |
Allowlist IP Addresses | Explicitly grant access to specific IP addresses or address ranges. |
Create Access Keys | Create your own access keys on the Account Preferences page. |
Manage Access Keys | Set up, activate, deactivate, or delete access keys for your organization. |
Manage Support Account Access | Enable management of the Sumo Logic support account for your organization. |
Manage Audit Data Feed | Enable and manage the Audit Index, which provides information on the internal events that occur in your account associated with account management, user activity, and scheduled searches. |
Manage SAML | Provision and manage SAML for single sign-on to your Sumo Logic accounts. |
Manage Share Dashboards Outside of Organization | Share a dashboard with users who do not have access to Sumo Logic. |
Manage Organization Settings | Configure a concurrent user sessions limit and enable the Data Access Level for Shared Dashboards security policy. |
Change Data Access Level | Change the data access level of dashboards or scheduled searches to which they have edit or manage permission. |
Dashboards
Capability | Description |
---|---|
Share Dashboards with the world | Share dashboards in view-only mode with no login required. Anyone with the URL can view the dashboard without logging in. |
Share Dashboards with your allowlist | Share dashboards in view-only mode with no login required. Viewers must be connecting from IP addresses specified in your service allowlist. |
User Management
Capability | Description |
---|---|
Manage Users And Roles | Access the web app pages to manage users and roles. |
Automation Service
Capability | Description |
---|---|
Task View | See tasks in playbooks. |
Task Access | Access your tasks in playbooks. |
Task Access all | Access all user tasks in playbooks. |
Task Edit | Configure tasks in playbooks. |
Task Reassign | Assign tasks in playbooks to users. |
App Central Access | View App Central. |
App Central Export | Export contents of integrations and playbooks from App Central. |
Integrations Access | View integrations. |
Integrations Configure | Create and edit integrations. |
Playbooks Access | View playbooks. |
Playbooks Configure | Create and edit playbooks. |
Bridge Monitoring Access | Monitor Bridge operations. |
Observability Access | Access automation in the Sumo Logic SaaS Log Analytics Platform. |
Observability Configure | Create and edit automation in the Sumo Logic SaaS Log Analytics Platform. |
Alerting
Folder-level permissions are available if your org has fine-grained Monitor permissions enabled. If you'd like to use this feature, contact Sumo Logic Support to have it enabled.
Capability | Description |
---|---|
View Monitors | If monitors folder permissions are enabled for your org, users with this capability can view folders on the Monitors page to which they've been granted View access, and the Monitors contained in those folders. |
Manage Monitors | Users with this capability can create new folders and monitors, and grant other roles permissions to the folders they create. If monitors folder permissions are enabled for your org, users with this capability can also create, edit, delete, update and grant permissions to folders to which another user has granted them those permissions. |
Admin Monitors | If monitors folder permissions are enabled for your org, users with this capability have full access (Create, Edit, Delete, Update, and grant permissions) to ALL folders and monitors on the Monitors page. This is similar to the Content Administrator capability of the Content Library. |
View Alerts | View alerts on the Alert page. |
View Muting Schedules | Required for viewing the Muting Schedules page and schedule definitions. |
Manage Muting Schedules | Required for creating, editing, and deleting Muting Schedules. |
Reliability Management
Capability | Description |
---|---|
View SLOs | View Service Level Objectives (SLOs). |
Manage SLOs | Create, edit, and delete SLOs. |
Organizations
Capability | Description |
---|---|
View Organizations | View the Organizations UI. |
Create Organizations | Create and provision child organizations. |
Change Credits Allocation | Change the credits allocation for a child organization. |
Create Trial Organizations | Create trial organizations. (For Sumo Logic Service Providers only.) |
Upgrade Trial Organizations | Upgrade trial organizations. (For Sumo Logic Service Providers only.) |
Deactivate Organizations | Deactivate trial organizations. (For Sumo Logic Service Providers only.) |
Threat Intel
Capability | Description |
---|---|
View Threat Intel Data Store | Search log data using threat intelligence indicators. |
Manage Threat Intel Data Store | Create, edit, and delete threat intelligence indicators. |
Cloud SOAR
Cloud SOAR capabilities appear in the Roles UI only if Cloud SOAR has been enabled for your account.
This section is for our Cloud SOAR SaaS version. If you have a legacy Cloud SOAR instance URL matching the pattern *.soar.sumologic.com
, see Legacy Cloud SOAR role capabilities below.
Capability category | Capability | Description |
---|---|---|
View Cloud SOAR | Users with a role that grants this capability will see a Cloud SOAR link in the left-nav bar of the Sumo Logic UI. | |
Incident | View | View all incidents. |
Incident | Access | Access your incidents. |
Incident | Access all | Access all incidents. |
Incident | Edit | Create, edit, and delete incidents. |
Incident | Bulk Operations | Manage incident bulk operations. |
Incident | Manage Investigators | Manage investigators assigned to incidents. |
Incident | Change Ownership | Change ownership of incidents. |
Triage | View | View all triage events. |
Triage | Access | Access your triage events. |
Triage | Access all | Access all triage events. |
Triage | Change Ownership | Change ownership of triage events. |
Triage | Edit | Create, edit,and delete triage events. |
Triage | Bulk physical delete | Perform bulk deletion of triage events. |
Folders | Edit | Create, edit, and delete folders. |
Attachments | Access | Access all attachments. |
Attachments | Edit | Create, edit, and delete attachments. |
Incident Playbook | Access | Access all incident playbooks. |
Incident Playbook | Edit | Create, edit, and delete incident playbooks. |
Incident Playbook | Manage | Manage incident playbooks. |
Note | Access | Access all notes. |
Note | Edit | Create, edit, and delete notes. |
War Room | Use | Be able to use the War Room. |
Settings General | Configure | Configure settings. |
User Management | Groups | Manage groups. |
Notification | Configure | Configure notifications. |
Customization | Logo | Customize the logo. |
Customization | Fields | Customize fields. |
Customization | Incident Labels | Customize incident labels. |
Customization | Triage | Customize triage. |
Audit and Information | License Information | View license audit and information. |
Audit and Information | Audit Trail | View audit trail information. |
Audit and Information | Configure Audit Trail | Configure audit trail information. |
API | Use | Use APIs. |
API | Api Admin | Have admin access to APIs. |
API | Email Read | Read emails. |
API | Email Edit | Create, edit, and delete emails. |
Incident Templates | Access | Access all incident templates. |
Incident Templates | Configure | Configure templates. |
Automation Rules | Access | Access automation rules. |
Automation Rules | Configure | Configure automation rules. |
Entities | Access | Access all entities. |
Entities | Manage | Manage entities. |
Entities | Bulk Physical Delete | Perform bulk deletion of entities. |
Report | Access | Access your reports. |
Report | Access all | Access all reports. |
Dashboard | Access | Access your dashboards. |
Dashboard | Access all | Access all dashboards. |
Widgets | Use all | Use all widgets. |
Legacy Cloud SOAR role capabilities
This section only applies to organizations having a legacy Cloud SOAR instance URL matching the pattern *.soar.sumologic.com
.
Capability | Description |
---|---|
View Cloud SOAR | Users with a role that grants this capability will see a Cloud SOAR link in the left-nav bar of the Sumo Logic UI. |
Settings General | Access Cloud SOAR settings. |
Configure | Configure Cloud SOAR. |
Cloud SIEM
Cloud SIEM capabilities only appear in the Roles UI if Cloud SIEM has been enabled for your account. For more information about how to assign Cloud SIEM capabilities, see Cloud SIEM User Accounts and Roles.
Capability category | Capability | Description |
---|---|---|
View Cloud SIEM | Users with a role that grants this capability will see a Cloud SIEM link in the left-nav bar of the Sumo Logic UI. When a user clicks on the link, the Cloud SIEM Heads-Up Display (HUD) will open. | |
Insights | Comment on Insights | Add comments to Insights. |
Insights | Create Insights | Create Insights. |
Insights | Delete Insights | Delete Insights. |
Insights | Invoke Insights Actions | Choose and run an Action from the Actions menu for an Insight. |
Insights | Manage Insight Assignee | Change the user that is assigned to an Insight. |
Insights | Manage Insight Signals | Add Signals to Insights; remove Signals from Insights. |
Insights | Manage Insight Status | Change the status of an Insight. |
Insights | Manage Insight Tags | Add and delete tags assigned to Insights. |
Content | View Rules | View Cloud SIEM rules. |
Content | Manage Rules | Create, edit, and delete Cloud SIEM rules. |
Content | View Threat Intelligence | View threat intel sources in Cloud SIEM. |
Content | Manage Threat Intelligence | Create, edit, and delete threat intel sources. |
Content | View Match Lists | View Match Lists. |
Content | Manage Match Lists | Create, edit, and delete Match Lists. |
Content | View File Analysis | View file analysis (YARA) rules. |
Content | Manage File Analysis | Create, edit, and delete file analysis (YARA) rules. |
Content | View Custom Insights | View custom Insight configurations. |
Content | Manage Custom Insights | Create, edit, and delete custom Insight configurations. |
Content | View Network Blocks | View network blocks. |
Content | Manage Network Blocks | Create, edit, and delete network blocks. |
Content | View Suppressed Entities | View suppressed Entities. |
Content | Manage Suppressed Entities | Suppress and unsuppress Entities. |
Configuration | View Mappings | View log mappings and ingest mappings. |
Configuration | Manage Mappings | Create, edit, and delete log mappings and ingest mappings. |
Configuration | View Workflow | View Insight detection settings, custom Insight statuses, custom Insight resolutions, and tag schemas. |
Configuration | Manage Workflow | Create, edit, and delete Insight detection settings, custom Insight statuses and resolutions, and tag schemas. |
Configuration | View Context Actions | View Context Actions. |
Configuration | Manage Context Actions | Create, edit, and delete Context Actions. |
Configuration | View Actions | View Actions. |
Configuration | Manage Actions | Create, edit, and delete Actions. |
Configuration | View Enrichments | View Enrichments. |
Configuration | Manage Enrichments | Upload Insight, Signal, and Entity enrichments using the Cloud SIEM API. |
Configuration | View Custom Entity Types | View custom Entity types. |
Configuration | Manage Custom Entity Types | Create, edit, and delete custom Entity types. |
Configuration | View Entity | View Entities. |
Configuration | Manage Entity | Create, edit, and delete Entities. |
Configuration | View Entity Normalization | View the configurations on Cloud SIEM’s Domain Normalization page. |
Configuration | Manage Entity Normalization | Update the configurations on Cloud SIEM’s Domain Normalization page. |
Configuration | View Entity Criticality | View Entity Criticalities. |
Configuration | Manage Entity Criticality | Create, edit, and delete Entity Criticalities. |
Configuration | View Tag Schemas | View tag schemas. |
Configuration | Manage Tag Schemas | Create, edit, and delete schema key tags, which can be attached to Insights, Signals, Entities, and Rules. |
Configuration | Manage Favorite Fields | Add and remove favorite fields by clicking the star icon next to the fields in Cloud SIEM Records. |
Configuration | View Entity Groups | View Entity Groups. |
Configuration | Manage Entity Groups | Create, edit, and delete Entity Groups. |
Configuration | View Automations | View automations. |
Configuration | Manage Automations | Create, edit, and delete automations. |
Configuration | Execute Automations | Run automations. |