By default, there are four Secureworks-managed user roles set across all customer tenants that cannot be changed; the permissions for each role are the same in all tenants:
- Tenant Administrator
- Tenant Analyst
- Tenant Auditor
- Tenant Responder
Custom Roles allows you to create and manage roles using the categories and permissions detailed in User Roles to tailor access for your tenant users to your needs.
Custom Roles and Tenant Types ⫘
Tenant Administrators for tenants that are direct customers of Secureworks can create custom roles that can only be used within their tenant and that are not available for use in other tenants.
Secureworks MSSP Partners can create custom roles in their parent, or partner, tenant to assign to their support users. Partner users assigned with a custom role have those role restrictions applied against any of the partner's customer tenants that the user can access.
MSSP Partners' customers do not have visibility of the custom roles set at the partner tenant level and are not able to assign any of their users to those custom roles.
Access Custom Roles ⫘
Access to create and edit custom roles is restricted to Tenant Administrators only, while other Secureworks-managed roles can view the custom roles but not edit them.
Secureworks-managed roles can be viewed and copied but can't be edited.
To view, create, and edit custom roles:
- From the Secureworks® Taegis™ XDR left-hand side navigation, select Tenant Settings → Roles & Permissions.
- Roles & Permissions displays.
Roles & Permissions
View Roles ⫘
The Roles table can be customized and filtered to refine the view with the following controls.
- Select All to apply no filter and view all roles.
- Select Managed to see only the four Secureworks-managed roles.
- Select Custom to see only customer-created tenant roles.
- Type a short string in the search field to filter roles based on the Role Name.
Add a New Custom Role ⫘
To create a new custom role for your tenant, follow these steps:
- Select Add Custom Role from the top right of Roles & Permissions. The Add Custom Role form displays.
- From the Summary section, enter a custom role name and description of the role purpose; for example, the type of user that would be assigned the role.
Add Custom Role
Clone an Existing Role ⫘
- (Optional) From the Clone Permissions From dropdown menu, select an existing role to be cloned as a base definition of access rights for the new custom role. Once selected, the permissions of the cloned role are applied to the new role.
Clone an Existing Role
Define Custom Role ⫘
- From the Permissions section, filter the categories if needed using the search field and then select a category from the left. Toggle the permissions for each category on or off from the right.
Define Custom Role
Some permissions can't be toggled off. For more information, see Permission Exceptions.
Save Custom Role ⫘
- Once all permissions have been set as desired, select Save Custom Role and a confirmation message displays to confirm the successful creation of the new custom role.
Assign Custom Role to a User ⫘
Edit a Custom Role ⫘
- From the Tenant Settings → Roles & Permissions page in XDR, select the Edit Role pencil icon from the Actions column for the desired custom role. The Edit Custom Role form displays.
Edit Custom Role
- Edit the role summary or permissions as needed, and then select Save Custom Role.
Delete a Custom Role ⫘
Custom roles cannot be deleted if there are users assigned to the role. See Edit User Roles to reassign their role first.
- From the Tenant Settings → Roles & Permissions page in XDR, select the Delete Role trash icon from the Actions column for the desired custom role.
Delete Custom Role
- If there are users assigned to the custom role, a message displays informing you to reassign their role first. See Edit User Roles.
Delete Custom Role Warning
- Once there are no more users assigned to the custom role, a message displays informing you the action cannot be undone. Confirm your action by selecting Confirm Delete.
Delete Custom Role Confirmation
View and Compare Permissions ⫘
View and Compare Permissions
From Roles & Permissions, select the Permissions tab from the top left. The Permissions table displays currently configured roles on the left and their assigned permissions on the right.
Select up to 10 roles you wish to compare using the checkboxes on the left.
The columns on the right reflect the selected roles and allow quick comparison of permissions.
Role permissions can only be viewed from this tab. To edit a role, see Edit a Custom Role.
Permission Exceptions ⫘
The following permissions are required to remain enabled in custom roles to ensure that access and utilization of the role remains consistent:
- View Alerts
- Search Alerts
- View Investigations
- Read Preferences
- Read Users
There are also checks that occur when permissions are applied to a custom role. For example, a warning displays if a write permission is enabled without the corresponding read permission being enabled, which may restrict access to a certain feature.