Configuring permissions for users in Provider account and multiple Standard accounts

To configure permissions for SOAR MSSP analyst users who have access to the Provider account and Standard accounts, create roles and groups in the Provider account, assign roles to groups, and add users to the groups, as required. If you do not use roles and groups, the permissions the users have are the same in the Provider account and Standard accounts.

Before you begin

The users must have been added to the SOAR application from the Provider account using the Refresh user list option on the Users tab from Application settings > Case Management > Permissions and access.

About this task

This task describes how to configure and assign permissions for SOAR MSSP analysts who have access to the Provider account and one or more Standard accounts.

Note: You define roles in the Provider account. If you create new roles or modify existing roles, you must do a configuration push to update the Standard accounts.

Procedure

  1. Go to the Provider account.
  2. From the menu, click Application settings > Case Management > Permissions and access.
  3. Create roles, assign permissions to roles, and add the roles to groups as required for your SOAR MSSP deployment deployment. For more information, see Groups and Roles.
  4. From the Provider account, add the users to groups, as described in Groups.
  5. From the Provider account, do a configuration push to push the changes to the Standard accounts, described in Pushing configuration changes.

Example

User Jack has access to the Provider account and multiple Standard accounts. User Hanna has access to the Provider account and multiple Standard accounts. If you do not configure the permissions using roles and groups, users Jack and Hanna have the same permissions in the Provider account and Standard accounts. As a SOAR MSSP administrator, you can configure one set of permissions for Jack and a different set for Hanna, as follows:
  1. Go to the Provider account.
  2. From the IBM Security QRadar Suite menu, click Applications settings > Case Management > Permissions and access > Roles.
  3. From the Global Roles section, click Create Role, and create a role for user Jack, adding the custom permissions that you want to assign to Jack, for example, some Administration and Customization Permissions and Incident Permissions to create and view cases. Save the new role.
  4. Click the Groups tab, create a new group for user Jack, add the role that you created to the group, and add Jack to the group.
  5. Go to the Roles tab and create a new role for user Hanna, adding the custom permissions that you want to assign to user Hanna, for example, some Administration and Customization Permissions and some Incident Permissions, but different to those assigned to user Jack.
  6. Go to the Groups tab, and create a group for user Hanna, add the role that you created to the group, and add user Hanna to the group.
  7. Complete a configuration push, as described Pushing configuration changes.

Users Jack and Hanna have a different set of permissions for the Provider account and Standard accounts.