You can create both global and workspace roles from the Roles tab.
You can also change the permissions assigned to roles by adding or removing permissions.
The predefined roles for IBM Security
Case Management and IBM Security
Orchestration & Automation are described in the
following sections:
If your Orchestration & Automation application is integrated
with a security program, such as BigFix or QRadar, which requires a master administrator account,
make sure to create a role to be used by these programs. Some integrations require the
Create and View Incident permissions, while others might also require the
Ability to view and modify permissions, which are required to create
rules.
-
From the menu on the left, select Global Roles or Workspace
Roles, depending on whether you want to create a global or workspace role.
- Click Create Role. The following screen shot shows an example of
creating a new global role.
- Enter values in the following fields, which are the same for both global and workspace
roles:
- Role Name: Enter a name that is descriptive of the role’s purpose.
- API Name: The API Name is generated automatically. It is used by integration developers
to integrate systems with the Orchestration & Automation
application. Therefore, you should use the default name unless directed otherwise.
- Description: Enter a brief definition of the role and its permissions.
- For global roles only, assign Administration and Customization
Permissions to the role.
- For both global and workspace roles, assign permissions from the following
sections:
- Incident Permissions: Allows users to view and manage incidents.
- Simulation Permissions: Allows users to create simulations, which are
hypothetical incidents used for testing and planning.
- Task Permissions: Allows users to edit the name, instructions and phase
of system tasks. The permission applies only when the user has the permission to edit system tasks,
either explicitly by the Edit Incident or Edit Public
Tasks permission, or implicitly by being a member or owner of the incident. The
permission does not apply to custom (user created) tasks.
After you create a role, you can assign it to users and groups in the respective
Users and Groups tabs.