ThreatConnect System Roles and Permissions
  • 25 Oct 2022
  • 5 Minutes to read
  • Dark
    Light

ThreatConnect System Roles and Permissions

  • Dark
    Light

Article Summary

Minimum Role: None

Prerequisites: None

Overview

A user’s System role in ThreatConnect® determines the System-level permissions that they have on their instance of ThreatConnect. These permissions cover access and functionalities on each of the following screens:

  • System Settings
  • Account Settings
  • TC Exchange™ Settings
  • Organization Settings
  • Organization Config

This article defines the System roles provided in ThreatConnect, including the access and permissions each role has on each tab of the listed screens. See ThreatConnect Owner Roles and Permissions for information on Organization roles and Community roles.

System Roles

Table 1 defines each System role in ThreatConnect.

 

System RoleDefinition

Administrator

The System role of Administrator is also known as the System Administrator, or Sys Admin. This role has the highest level of permissions, including full access to all System and Organization settings and configuration within the ThreatConnect instance.

The Administrator role is typically used for administration purposes, but can perform most other functions, such as creating Indicators and Groups, viewing and adding dashboards, adding and modifying Workflow Cases, and adding and running Playbooks, within their home Organization (i.e., the Organization to which their account belongs).

Operations Administrator

An Operations Administrator is a limited System Administrator account with read-only access at the System level and full administrative permissions at the Organization level. Operations Administrators can make administrative and configuration changes to Organizations, such as creating, deleting, and updating user accounts, and can add, modify, and remove Communities and Sources. Only Administrators and Operations Administrators can create accounts with System-level permissions (that is, accounts with a System role other than User or Read Only User). However, Operations Administrators may not create Administrator accounts.

Accounts Administrator

An Accounts Administrator is a limited administrative account that has read-only access at the System and Organization levels; can create and modify, but not delete, Organizations; and can add Organizations to Communities and Sources.

Community Leader

A Community Leader is a limited administrative account that has read-only access at the System and Organization levels. The main use case for a Community Leader is for read-only viewing of all Organizations in the System (i.e., on the ThreatConnect instance) in order to make informed requests to System Administrators (e.g., request changes to the System configuration or request creation of new Communities and Sources). For example, an MSSP with multiple clients in a single instance could use a Community Leader to have read-only visibility into all System administration pages for each client.

Super User

A Super User is an account that enables users on multitenant instances to easily view and manage all of their customers’ data from a single user account. Super Users do not have any access or permissions at the System level, but do have full data-level, administrative, and configuration permission at the Organization level for all Organizations on the ThreatConnect instance. Super Users may view, create, edit, and delete data (dashboards, posts, threat intelligence, Workflow, and Playbooks) in all Organizations on the ThreatConnect instance. They also can administrate and configure all Organizations, including creating, deleting, and updating user accounts and adding, modifying, and deleting Organization-level variables, metrics, Attribute types, Indicator exclusion lists, and Security Labels.

User

A User is an account that does not have any access or permissions at the System level. User accounts are typically given to analysts, Playbook developers, App developers, and others who need to assess threats, make intelligence-based recommendations, or conduct security operations for their company. The Organization-level access and permissions for a User account, as well as the User's access to threat intelligence, the ThreatConnect Workflow functionality, and Playbooks, are determined by the User's Organization role. Users have access only to the Organization to which they belong in the System.

Read Only User

A Read Only User is a user account that can only view existing data in the Organization(s) to which it belongs. Read Only Users do not have any access or permissions at the System level. Customers may create an unlimited number of Read Only User accounts in an Organization for free. All Read Only Users have an Organization role of Read Only User or Read Only Commenter.

Note
In addition to the System roles in Table 1, there are two other System roles for specialized user types: API Users and TAXII Users. These roles are not covered in this article.

Permissions

Table 2 provides the specific access level and permissions for each System role on each of the following screens:

  • System Settings
  • Account Settings
  • TC Exchange Settings
  • Organization Settings
  • Organization Config
Important
Administrators and Operations Administrators should be given an Organization role of Organization Administrator. The Organization Settings and Organization Config columns in Table 2 assume that the Administrator and Operations Administrator have an Organization role of Organization Administrator.
Important
Accounts Administrators and Community Leaders should be given an Organization role of Standard User. The Organization Settings and Organization Config columns in Table 2 assume that the Accounts Administrator and Community Leader have an Organization role of Standard User.
Important
Users can be given any Organization role. The Organization Settings and Organization Config columns in Table 2 assume that the User has an Organization role of Standard User. Having an Organization role of Organization Administrator will grant a User full permissions on all tabs of the Organization Settings and Organization Config screens for their home Organization.

 

System RoleSystem SettingsAccount SettingsTC Exchange SettingsOrganization SettingsOrganization Config

Administrator

Full

Full

Full

Home Organization: Full

Other Organizations: Full

Home Organization: Full

Other Organizations: Full

Operations Administrator

Read Only

Full

None

Home Organization: Full

Other Organizations: Some1

Home Organization: Full

Other Organizations: Full

Accounts Administrator

Read Only

Some2

None

Home Organization: Read Only3

Other Organizations: None

Home Organization: Read Only

Other Organizations: None

Community Leader

Read Only

Read Only

None

Home Organization: Read Only4

Other Organizations: None

Home Organization: Read Only

Other Organizations: None

Super User

None

None

None

Home Organization: Full

Other Organizations: Full

Home Organization: Full

Other Organizations: Full

User

None

None

None

Home Organization: Read Only5

Other Organizations: None

Home Organization: Read Only

Other Organizations: None

Read Only User

None

None

None

Home Organization: Read Only

Other Organizations: None

Home Organization: Read Only

Other Organizations: None

1 None for the Apps tab and Full for all other tabs.

2 Organizations tab: read, edit, and modify permissions; Communities/Sources tab: permission to add Organizations to Communities; Read Only for all other tabs.

Note
In an On-Premises or Dedicated Cloud instance, Accounts Administrators can delete Organizations on the Organizations tab.

3 Read Only for all tabs except for the Apps tab, in which an Accounts Administrator can run Jobs.

Note
In an On-Premises or Dedicated Cloud instance, Accounts Administrators can create user accounts with a System role of User or Read Only User, as well as TAXII and API Users. They can edit and delete user accounts with a System role of Read Only User, as well as TAXII and API Users.

4 Read Only for all tabs except for the Apps tab, in which a Community Leader can run Jobs.

5 Read Only for all tabs except for the Apps tab, in which a User can run Jobs. On the Membership tab, the User will see only their account listed in the table. Information about other users in the Organization will not be visible. If the User has an Organization role of Organization Administrator, then they will have full permissions across the Organization Settings screen.

Important
Read Only User accounts that do not count against an Organization's user license limit must have a System role of Read Only User. Creating Read Only Users requires a license that allows Read Only Users.

ThreatConnect® is a registered trademark of ThreatConnect, Inc.
TC Exchange™ is a trademark of ThreatConnect, Inc.

20098-01 v.02.B


Was this article helpful?