Restricted Data Access Role Additional Limitations

We have setup Data RBAC and provided "Chronicle API Restricted Data Access Viewer" and "Chronicle API Restricted Data Access" with required IAM conditions.

The expected controls are working as expected but the "Data Access Viewer" role has permissions which provides users to download collection agent config files and see org details (which contains customer ID and project names) under Profile Section is SIEM Settings.

Removing instances.generateCollectionAgentAuth can limit access to Collection agents. What permissions should I remove to limit the user from not seeing org details (which contains customer ID and project names) under Profile Section is SIEM Settings.

We're planning to create a custom role with limited permissions.

Page 1 / 1

Hi @Aswin_Asokan

The Organization details is visible to all users in SecOps and it is not controlled by a permission. If you'd like to have a feature to hide this from your users, please open a feature request with us via a support case.

Reply

Sign up

Login with SSO

Login to the community

Login with SSO

Scanning file for viruses.

This file cannot be downloaded