Skip to main content
Question

SOAR roles and viewing cases

  • December 17, 2025
  • 1 reply
  • 47 views
malzahnOptiv
Forum|alt.badge.img+4

Understandably, a SOAR role can only see its cases and cases of other roles configured under “Additional Roles Access” but does this include closed cases?  And if so, does that make sense?

 

I have an instance where alerts are coming in and the playbook is sending emails to a SOC with links to the cases.  However, on occasion an administrator will take ownership and close a case causing the link in the email to now go to an empty screen.


Thanks

1 reply

mccrilb
Forum|alt.badge.img+12
  • mccrilbSilver 2
  • Silver 2
  • December 19, 2025

When case’s are closed, do you handle this with a playbook? You could check in the playbook the assignment and change it there to an assignment that will work for your use case. 

 

If not, I would suggest creating one and having the cases closed with your playbooks. 

    Terms & ConditionsCookie settingsAccessibility statement
    Privacy Policy Terms of Service Gen AI Policy Community Guidelines Cookie Settings

    © 2025 Google. All rights reserved.