Services Security View - Service User Roles and PermissionsServices Security View - Service User Roles and Permissions
The Services Security view Roles tab enables you to create service user roles and assign permissions. You can also use the pre-configured service user roles included with NetWitness to assign user permissions.
Related Topics
Service User Roles
NetWitness has the following pre-configured service user roles.
| Role | Assigned Permissions | Personnel/Account |
|---|---|---|
| Administrators | All permissions | NetWitness System Administrator |
| Aggregation |
aggregate sdk.content sdk.meta sdk.packets |
You can use this role to create an Aggregation account. This role provides the minimum permissions necessary to perform aggregation of data. It is only available on NetWitness version 10.5 and later services. |
| Analysts, Malware_Analysts, and SOC_Managers |
sdk.meta sdk.content sdk.packets storedproc.execute |
Users can use specific applications, run queries and view content for purposes of analysis. |
| Data_Privacy_Officers |
sys.manage users.manage sdk.meta sdk.content sdk.packets sdk.manage logs.manage database.manage index.manage dpo.manage |
Data Privacy Officer Data Privacy Officers have the dpo.manage permission on Network Decoders and Log Decoders. |
| Operators |
sys.manage services.manage connections.manage users.manage logs.manage parsers.manage rules.manage database.manage index.manage sdk.manage decoder.manage archiver.manage concentrator.manage storedproc.manage |
Operators are responsible for the daily operation of the services. |
Service User Permissions
There are many permissions that you can assign a service role in NetWitness. Users can have different permissions on each service, depending on their role assignments and the permissions selected for each role. This table describes the permissions that you can assign to a role.
| Permission | Definition |
|---|---|
| sys.manage
|
Allows the user to edit the service configuration settings. |
| services.manage
|
Allows the user to manage connections to other services. |
| connections.manage | Allows the user to manage connections to the service. |
| users.manage
|
Allows the user to create individual users and user roles and specify user permissions. |
| aggregate | Allows the user to perform aggregation of data. |
| sdk.meta | Allows the user to run queries in the Investigation and Reporting applications and to view the metadata returned by the query. |
| sdk.content | Allows the user to access raw packets and logs from any client application (Investigations and Reporting). |
| sdk.packets | Allows users to access raw packets and logs from any client application. |
| appliance.manage | Allows the user to manage the appliance (host) tasks. This permission is required by the Appliance service. |
| decoder. manage
|
Allows the user to edit the configuration settings for the Network Decoder service. |
| concentrator.manage
|
Allows the user to edit the configuration settings for the Concentrator/Broker service. |
| logs.manage | Allows the user to view the service logs and edit the logging configuration settings for the specified service. |
| parsers.manage
|
Allows the user to manage all attributes under the parsers node. |
| rules.manage
|
Allows the user to add and delete all rules. |
| database.manage
|
Allows the user to set database locations, sizes, and the various configuration settings for the session, meta and/or packet/log databases. |
| index.manage
|
Allows the user to manage all index-related attributes. |
| sdk.manage | Allows the user to view and set all SDK configuration items. |
| storedproc.execute | Allows the user to execute a Lua stored procedure. |
| storedproc.manage | Allows the user to manage Lua stored procedures. |
| archiver.manage | Allows the user to modify the Archiver configuration. |
| dpo.manage | Allows the user to manage the transform configuration and the applicable keys. |
