Services Security View - Service User Roles and Permissions

The Services Security view Roles tab enables you to create service user roles and assign permissions. You can also use the pre-configured service user roles included with NetWitness to assign user permissions.

Related Topics

Service User Roles

NetWitness has the following pre-configured service user roles.

Role Assigned Permissions Personnel/Account
Administrators All permissions NetWitness System Administrator
Aggregation

aggregate

sdk.content

sdk.meta

sdk.packets

You can use this role to create an Aggregation account.
This role provides the minimum permissions necessary to perform aggregation of data. It is only available on NetWitness version 10.5 and later services.
Analysts, Malware_Analysts, and SOC_Managers

sdk.meta

sdk.content

sdk.packets

storedproc.execute

Users can use specific applications, run queries and view content for purposes of analysis.
Data_Privacy_Officers

sys.manage

users.manage

sdk.meta

sdk.content

sdk.packets

sdk.manage

logs.manage

database.manage

index.manage

dpo.manage

Data Privacy Officer
Data Privacy Officers have the dpo.manage permission on Network Decoders and Log Decoders.
Operators

sys.manage

services.manage

connections.manage

users.manage

logs.manage

parsers.manage

rules.manage

database.manage

index.manage

sdk.manage

decoder.manage

archiver.manage

concentrator.manage

storedproc.manage

Operators are responsible for the daily operation of the services.

Service User Permissions

There are many permissions that you can assign a service role in NetWitness. Users can have different permissions on each service, depending on their role assignments and the permissions selected for each role. This table describes the permissions that you can assign to a role.

Permission Definition
sys.manage
Allows the user to edit the service configuration settings.
services.manage
Allows the user to manage connections to other services.
connections.manage Allows the user to manage connections to the service.
users.manage
Allows the user to create individual users and user roles and specify user permissions.
aggregate Allows the user to perform aggregation of data.
sdk.meta Allows the user to run queries in the Investigation and Reporting applications and to view the metadata returned by the query.
sdk.content Allows the user to access raw packets and logs from any client application (Investigations and Reporting).
sdk.packets Allows users to access raw packets and logs from any client application.
appliance.manage Allows the user to manage the appliance (host) tasks. This permission is required by the Appliance service.
decoder. manage
Allows the user to edit the configuration settings for the Network Decoder service.
concentrator.manage
Allows the user to edit the configuration settings for the Concentrator/Broker service.
logs.manage Allows the user to view the service logs and edit the logging configuration settings for the specified service.
parsers.manage
Allows the user to manage all attributes under the parsers node.
rules.manage
Allows the user to add and delete all rules.
database.manage
Allows the user to set database locations, sizes, and the various configuration settings for the session, meta and/or packet/log databases.
index.manage
Allows the user to manage all index-related attributes.
sdk.manage Allows the user to view and set all SDK configuration items.
storedproc.execute Allows the user to execute a Lua stored procedure.
storedproc.manage Allows the user to manage Lua stored procedures.
archiver.manage Allows the user to modify the Archiver configuration.
dpo.manage Allows the user to manage the transform configuration and the applicable keys.