Skip to main content

Data RBAC in Google SecOps SIEM

  • November 29, 2024
  • 6 replies
  • 29 views
S
Forum|alt.badge.img

Hello Everyone,

I have implemented Data RBAC feature on my id, but im not able to use the IOC Matches tab. In the official document they have mentioned that Data RBAC doesn't restrict access to IOC Matches tab. Can anyone help me to find out what is the issue if you have implemented the Data RBAC in Google SecOps SIEM.

Thanks

6 replies

hzmndt
Staff
Forum|alt.badge.img+9
  • hzmndt
  • Staff
  • December 2, 2024

what you mean by not able to use the IOC Matches tab? You mean you cannot access the tab or something is missing?

Check the permissions listed here -> https://cloud.google.com/chronicle/docs/reference/feature-rbac-permissions-roles

dnehoda
Staff
Forum|alt.badge.img+16
  • dnehoda
  • Staff
  • December 3, 2024

Do you have a license for it? 

sudeep_singh
Forum|alt.badge.img+6
  • sudeep_singhBronze 1
  • Bronze 1
  • December 3, 2024

Do you have a license for it? 


Yes, we do have license for it.

sudeep_singh
Forum|alt.badge.img+6
  • sudeep_singhBronze 1
  • Bronze 1
  • December 3, 2024

what you mean by not able to use the IOC Matches tab? You mean you cannot access the tab or something is missing?

Check the permissions listed here -> https://cloud.google.com/chronicle/docs/reference/feature-rbac-permissions-roles


Hi @hzmndt ,

After providing the necessary IAM permissions i'm able to access the IOC tab, but i'm facing another issue for looker dashboards i'm not able to access.

Could you please provide any assistance?

 

citreno
Forum|alt.badge.img+6
  • citrenoBronze 1
  • Bronze 1
  • December 3, 2024

Per this article the IOC matches feature doesn't work with Data RBAC, so your user may have been assigned to a Data RBAC profile previously. As per dashboards, I haven't seen that error previously, only intermittently if there are some back-end server issue, so that one may require a support ticket. It is possible that your permission set however doesn't include the necessary permissions, but unfortunately can't tell that from the error screen you are seeing. 

sudeep_singh
Forum|alt.badge.img+6
  • sudeep_singhBronze 1
  • Bronze 1
  • December 3, 2024

Per this article the IOC matches feature doesn't work with Data RBAC, so your user may have been assigned to a Data RBAC profile previously. As per dashboards, I haven't seen that error previously, only intermittently if there are some back-end server issue, so that one may require a support ticket. It is possible that your permission set however doesn't include the necessary permissions, but unfortunately can't tell that from the error screen you are seeing. 


hi @citreno ,

In the medium blog by chris martin he has mentioned that Data RBAC doesn't support IOC tab, but if you see the official Google SecOps docs it states that IOC tab supports Data RBAC.

Please refer the document link:
https://cloud.google.com/chronicle/docs/administration/datarbac-impact

Terms & ConditionsCookie settingsAccessibility statement
Privacy Policy Terms of Service Gen AI Policy Community Guidelines Cookie Settings

© 2025 Google. All rights reserved.