Roles and permissions for Threat Investigator
You can control a user's access by assigning the user to a role. A role is a group that is used for assigning permissions to the members of the group. Permissions are the operations or capabilities that are defined for the role.
Administrator
To view and update the IBM® Security Threat Investigator
configuration, you must have admin role access. The automatic investigation runs in the background
and uses the identity of the user that enabled the automatic investigation. For automatic
investigations to work correctly, the user that is configuring the app must also have access to the
following:
- At least read access to all the cases that you would like to investigate.
- At least read access to the data sources that should be queried for investigating the case.
- Data sources user role.
- Threat Intelligence Insights user role.
- Threat Investigator admin role.
Tip: If you want to change the user ID that the automatic investigation runs as, a
new user must toggle the Enable automatic case investigation setting on the
Threat Investigator configuration page and the new
user’s identity will be used for future investigations.
For more information, see Configuring Threat Investigator.User
With the Threat Investigator user role, you can view only the investigation results for cases that you can access. This access is managed by Case Management.