Platform Administrator Capabilities
      Back to home
      1. Help Center
      2. Platform Administrator Capabilities

      Creating a Role

      Before you implement Role-Based Access Controls (RBAC), you should determine which roles your organization requires, based on your users, the activities you need them to perform, and the data you need them to access.

      There are three steps to implement RBAC. You can do these steps in any order, but we suggest that you perform them in the following order:

      1. Create your Data Access Sets.

      2. Create your users.

      3. Create your Roles.

      Creating your Roles:

      In Role-Based Access Control (RBAC), permissions and data access are assigned to Roles, based on the responsibilities of that Role and the data that needs to be accessed. Users can view the roles associated with a user from their profile by Navigating to System Settings > User Management. Users can also see their Roles and descriptions by navigating to System Settings > Roles. 


      image_720

      Creating a New Role:

      • Go to System Settings > Roles and click +New Role.

      • Enter Role name

          • Must be unique.

          • Maximum of 100 characters.

          • Not case sensitive.

          • Special characters are allowed with no restrictions on the characters.

          • Required field.

      • Enter Role Description
          • Maximum of 255 characters.
          • Special characters are allowed with no restrictions on the characters.
          • Not case sensitive.
          • Does not need to be unique.
          • Optional field, but very helpful in determining which roles to assign to users.

      Screen Shot 2023-02-27 at 9.49.17 AM-1

      • Click Permissions

      • Select which Signal and Search and Discover permissions you want to assign to the role.

          • For Signal, the following permissions are available:

            • Signal Admin - Allows complete Data Access as well as access to all Policies and Rules in Signal.

            • Manage Policies - Allows creating, editing and deleting of authorized Signal policies. Selecting this also sets the Manage Rules and View Policies and Rules permissions. Policy Creators can create policies and invite other Creators and Event Managers to policies they created or have been invited to. They can see which users are given permissions to a policy they created or have been invited to, modify the roles of Creators and Event Managers (for example, upgrade an Event Manager’s permission level to Creator), and add and remove Creators and Event Managers on a policy they created or have been invited to.

            • Manage Rules - Allows creating, editing and deleting of rules associated with authorized Signal policies. Selecting this also sets the View Policies and Rules permission.

            • Manage Events - Allows taking action (tombstoning, deleting, exporting, etc.) on events associated with authorized Signal policies. Selecting this also sets the View Policies and Rules and View Events permissions. Event Managers can view and manage events for policies they have been invited to. They cannot create policies or see policies they have not been invited to, and have no invite capability.

            • View Policies and Rules - Allows viewing of Signal policies and their associated rules. This permission can be set independently.

            • View Events - Allows viewing of events associated with authorized Signalx policies. Selecting this also sets the View Policies and Rules permission.

          • For Search and Discover, the following permissions are available: 

            • Search and Discover Admin - Allows complete Data Access as well as access to all searches

            • Manages Searches - If your role is a Search Manager, you have Manage Searches and View Searches permissions by default. By itself, these allow you to create a new search for any Data Access Set that you are authorized to access, and to view and rerun any search that you can access. However, you cannot mark or export results. An Aware Admin can add Manage Search Results permission, or make you a Search Admin, Search Result Manager, or Search Viewer.

            • Manage Search Results - If your role is a Search Result Manager, you have Manage Search Results and View Searches permissions by default. By itself, these allow you to view and mark results for any search that you are authorized to access and to export its results. However, you cannot create a new search, update an existing search, or rerun an existing search. An Aware Admin can add Manage Searches permission, or make you a Search Admin, Search Manager, or Search Viewer.

            • View Searches - If your role is a Search Viewer, you have View Searches permission by default. By itself, this allows you to view search that you are authorized to access, along with its results. However, you cannot create a new search, rerun prior searches, or mark or export results of prior searches. An Aware Admin can add Manage Search Results and/or Manage Searches permission, or make you a Search Admin, Search Manager, or Search Result Manager.

      • Select Data Access ->
      • Click Add Data Access Set

      Screen Shot 2023-03-08 at 12.49.55 PM-1

      • Select the Data Access Sets that you want to associate with this Role.

          • You can also select New Data Access Set to create a new Data Access Set.

      • When you select a Data Access Set, its contents are displayed in the right panel. You can further expand each platform to display the sources that have been selected for this Data Access Set. You can only view the contents of the Data Access Set in this screen, you cannot modify its contents.

      • Click Select Access Set to add the selected Data Access Set to the Role.

      • To add another Data Access Set, click Add Data Access Set

      Screen Shot 2023-03-08 at 12.52.32 PM-1

      • When finished adding Data Access Sets to the role, click Users ->
      • Select users from the list.
      • When finished select Save Role.