Help Center
News
Help Center
News
Popular
Architecture and High-level Information
Scans
Agents
How to Use Dashboards
How to Use Data Asset Inventory
How to Install\Uninstall and Set Up Spirion Sensitive Data Platform
How to Use Logs
How to Manage Users and Roles
User Management OverviewHow to Use Single Sign On (SSO)About Multi-factor AuthenticationMFA Enrollment InstructionsHow to Configure and Use the Microsoft Purview and Spirion IntegrationHow to Manually Unlock a Spirion Console AccountWhat is ULR (User Level Remediation)?
User and Role Functions
How to Use Role-Based Access ControlsHow to Use User ProfilesHow to Manage UsersHow to Add a New UserHow to View a UserHow to Edit a UserHow to Search for a UserHow to Change a User's Target PermissionsHow to Change a User's Tag/Target PermissionsHow to Change a User's Scan PermissionsHow to Remove a User's Tag PermissionsHow to Remove a User's Target PermissionsHow to Change a User's Playbook PermissionsHow to Change a User's Reports PermissionsHow to Export a List of UsersHow to Reset a User's PasswordHow to Reset a User's AuthenticationHow to Import Users into Spirion Sensitive Data PlatformHow to Manage User RolesHow to Add a New RoleHow to Edit a User RoleHow to Delete a User RoleHow to Import/Export Users and User Roles
Settings and Resources
Additional Resources
Reports
Reporting API
Customer Support Articles

How to Add a New Role

Use the following steps to add a new Role:

  1. From the left-side navigation menu select "Settings" at the bottom of the menu.
  2. Select "User Management" from the menu.
  3. The "User Management" page opens.
  4. Select the USER ROLES tab.
  5. In the top right of the screen, click the blue + Add Role button.

  6. The "Create New Role" page opens.

    Note: By default, all users assigned to a custom role have access to the following Spirion Sensitive Data Platform pages (pages only):
    • SPIglass™ Dashboard
    • Data Asset Inventory (including the SDV3 dashboard, Targets, and Tags)
    • Agent Management
    • Scans
    • Playbooks
    • Reports
  8. Specific Spirion Sensitive Data Platform objects, such as specific Agents, Targets, Tags, Scans, Playbooks, or Reports. These objects are accessed and/or managed by users as set by the role they are a member of (role-based access control). The objects the User Role can access can be configured after the role is created.

    IMPORTANT! By default, user access to all Tags, Targets, Scans, Playbooks, and Reports is denied (excluding to those objects the user created before being assigned to their role).
  9. On the Create New Role page, complete the following:
    1. Type a name in the Role Name box.


      Note: User Role names must be unique.
    2. Select the appropriate access for each Area shown - View and Manage.


      Note: Custom roles do not have access to existing scans, playbooks, or reports by default. Permissions to Read or Manage these resources are handled in the subsequent step.
  11. Click the blue Review button.
  12. The Verify New Role Configuration pop-up window opens.
  13. Review the permissions you have granted for the new role.

  14. Click the Confirm button to create the new role or click the Cancel button to discard your changes.
  15. On the TAGS / TARGETS tab, select any relevant tag groups or targets for the role.
    Select either of the following options:
    • All Targets
    • Custom tag (which is Inherited by default)

  17. From the kebab menu at the right of the desired Tag or Target, select Edit Permissions.

  18. In the Edit Tag Permissions pop-up window controls, select from the following:
    • Partial or full visibility of matches against the Tag or Target.
    • Whether users can add Targets or create nested Tags when working with manual Tag types.
    • Enables Modify access to be assigned to edit target details

  20. Click the Confirm button to save the settings or the Cancel button to discard.
  21. From the top of the page select the SCANS tab.
  22. Select which scan(s) the role can access.
    1. As previously stated above, Read access enables scans to be executed from the kebab menu from the Scans table on the Scan page (Scans > All Scans).
    2. Select from:
      • None
      • Read
      • Manage

  24. From the Playbooks tab, select which playbook(s) should be accessible to the role.
  25. As previously stated above, Read enables playbooks to be selected during the scan creation process (if authorized to create scans).
  26. Select from:
    • None
    • Read
    • Manage


      Note: The Playbook Override option controls whether a role is authorized to perform user-level remediation against the specified Target(s).
  28. From the Reports tab, select which report(s) should be accessible to the role.
    1. Select one of the following:
      • None
      • Read
      • Manage


        Note: Reports with Read access can be viewed in the console only and exporting is not allowed.


Was this article helpful?

Powered by Product Fruits