Help Center
News
Help Center
News
Popular
Architecture and High-level Information
Scans
Agents
How to Use Dashboards
How to Use Data Asset Inventory
How to Install\Uninstall and Set Up Spirion Sensitive Data Platform
How to Use Logs
How to Manage Users and Roles
User Management OverviewHow to Use Single Sign On (SSO)About Multi-factor AuthenticationMFA Enrollment InstructionsHow to Configure and Use the Microsoft Purview and Spirion IntegrationHow to Manually Unlock a Spirion Console AccountWhat is ULR (User Level Remediation)?
User and Role Functions
How to Use Role-Based Access ControlsHow to Use User ProfilesHow to Manage UsersHow to Add a New UserHow to View a UserHow to Edit a UserHow to Search for a UserHow to Change a User's Target PermissionsHow to Change a User's Tag/Target PermissionsHow to Change a User's Scan PermissionsHow to Remove a User's Tag PermissionsHow to Remove a User's Target PermissionsHow to Change a User's Playbook PermissionsHow to Change a User's Reports PermissionsHow to Export a List of UsersHow to Reset a User's PasswordHow to Reset a User's AuthenticationHow to Import Users into Spirion Sensitive Data PlatformHow to Manage User RolesHow to Add a New RoleHow to Edit a User RoleHow to Delete a User RoleHow to Import/Export Users and User Roles
Settings and Resources
Additional Resources
Reports
Reporting API
Customer Support Articles

How to Change a User's Tag/Target Permissions

Use the instructions in this topic to change a user's access to one or more Tags and Targets in Spirion Sensitive Data Platform.

Use the following steps to edit a user's permissions to one or more Tags/Targets:

  1. From the left side navigation menu navigate to the User Management page (Settings > User Management).
  2. Ensure you are on the USERS tab (located at the top left of the page).
  3. In the table shown locate the user whose Tag/Target permissions you wish to change.
  4. Click the more options menu (3 veritcal dots) at the end of the row.
  5. Click Manage Permissions from the sub-menu.

  6. The Manage User Permissions: <User First Name Last Name> page opens.
  7. Ensure the TAGS / TARGETS tab is selected.
  8. Tags, which contain Targets, are listed on the left side of the page.
  9. From the list on the left side of the page, select a Tag whose permissions to (for this user) you want to change.
    1. If the Target you are want to edit permissions for is not contained in any Tag, select the "Unassigned" Tag
    2. To set the user's permissions to all Targets, select the "All Targets" Tag.
    3. The fastest method to locate a specific Target is to search for it. Enter the Target name in the search field. Partial name search is supported. Asterisks (*) are not required.
  11. The Tag selected displays at the top of the page in its own table. Below, in a separate table, are all the Targets contained by the selected Tag.

    Manage User Permissions - TAGS/TARGETS tab - Tag permission
  12. Click the more options menu (3 veritcal dots) at the end of the row.
  13. Click Edit Permissions from the sub-menu that appears.

  14. The Edit Tag Permissions pop-up window opens, shown further below.
  15. Two categories of settings must be set:
    1. "Result Permission"
    2. "Tag Permission"
  17. See the topics below for instructions on each.

Permission Level - Role or Individual

  • Permission Level, shown in the far-right column displays how user access to Tags or Targets is controlled.
    • Role - If the columns displays "Role," the user inherits their permissions to a Tag or Target from the role they are a member of ("Role")
    • Individual - If the column displays "Individual," the user enjoys permissions to a Tag or Target specific to their user account, separate from their role
  • Individual permissions override role-level permissions
  • A user can inherit some permissions from the role-level but enjoy different permissions to specific Tags/Targets (Individual overrides)

Tag Permission Example

  • In the example below, the Tag "All Targets" has a Permission Level of "Role" which indicates the user inherits all of their permissions for the Tag "All Targets" from the role they are a member of (such as Admin, General User, Compliance User, etc.)
  • After changing the Result Permission of the "All Targets" tag to "View," the Permission Level column changes to "Individual" which indicates the user has a permission which overrides the permissions of their role.

Tag with User Access set to Role-levelTag with User Access set to Role-levelTag with User Access set to Individual-level Tag with User Access set to Individual-level

How to Override Role-level Permissions to Tags/Targets

From the Result Permission drop-down menu, only one option can be selected.

  • The "Result Permissions" for the Tag being edited controls the user's access (None, View, Inhertied, etc.) to the Tag.
  • As Tags contain Targets (note that Agents can act as Targets), access to the Targets the Tag contains is controlled by the "Result Permission" if, and only if, the Targets are set to "Inhertied". See the image below.
  • In the image below the "All Targets" tag is shown
    • The permissions to the Targets the Tag contains are set to "Inherited"
    • This means the Target Permission shown for the Tag itself on the top row controls the user's access to the Targets in this tag (All Targets)
    • The user's permisison to Targets, set at the Tag level, is None
    • This user has no access to any of the Targets contained by the "All Targets" tag
    • All of these permissions are inherited from the user's Role, no Individual overrides are set

User permission to Target inherited from Tag
User permission to Target inherited from Tag

  • Select any of the following permisison levels from the "Result Permission" drop-down list.
    • Inherited - Access rights are inhertied from the Role the user is a member of
    • None - No access to the Tag, including view access (user will not see the scan results at all)
    • View - View-only access. Sensitive data matches shown in Scan results are hidden (masked).
    • Unmask View - Permission to unmask (view) sensitive data matches in Scan results. Note: If you select this option, "View" is automatically selected as well.
    • Playbook Override - Permission to override quarantine paths, data types, classifications, and scripts for Playbooks contained by this tag. This options are available on each Playbook's page under the "Actions" menu.

  • Before making any changes note the warning on the pop-up window: "Permissions for this tag are inherited by the user's role. Setting permissions below will override the tag's role permissions for this user."

Tag Permission

From the Tag Permission drop-down menu, only one option can be selected.

  1. Select any of the following options from the "Tag Permission" drop-down list.
    • Inherited - Access rights are inhertied from the Role the user is a member of
    • None - No access to the Targets/Agents contained by the Tag, including view access (user will not see the Targets/Agents at all)
    • Modify - Permission to change the Tag
    • Add/Remove Tags - Permission to add and remove Tags
    • Add/Remove Targets - Permission to add and remove Targets from the Tag

  3. Changes take effect immediately.
  4. A Tag permission can be inherited by the role assigned to the user.
    1. You can change the permission level to "Individual" by overriding role-level Result and Target permissions.
    2. Also, you can change the permission level to "Individual/Role" by overriding either role-level Result or Target permissions.


Was this article helpful?

Powered by Product Fruits