Users & roles visibility

glc_slash_it · ‎07-01-2024

Hey splunkers,

We are trying to implement and segregate roles in SOAR, and so we have several roles with several users in them. The problem is that every user can see all other users and assign containers/tasks to them.

Is there a way to restrict visibility/assignment on other users in the platform? I know it probably have should be realted to users & roles permissions but I' not getting it right...

Thanks

SOARt_of_Lost · ‎07-02-2024

Your best bet is going to be deciding which labels you want to set on certain containers. After that, you can set Label Permissions so roles don't have View permissions on labels they shouldn't see or be assigned to.

glc_slash_it · ‎07-07-2024

Thanks for the answer, but unfortunately that doesn't solve the issue. And I'm puzzled how a platform like SOAR doesnt provide granular user & roles permissions.

We should be able to define that a user can only assing containers/tasks to other users within it's role, instead of everybody(or similar)...

Because the default settings allows a given user to assign a container to whoever user or roles he wishes...

Does anyone know if there a way using REST API or playbooks?

Users & roles visibility

administration

using SOAR ⁄ Phantom

Developer Spotlight with Paul Stout

State of Splunk Careers 2024: Maximizing Career Outcomes and the Continued Value of ...

Data-Driven Success: Splunk & Financial Services