- 25 Oct 2022
- 5 Minutes to read
-
Print
-
DarkLight
ThreatConnect System Roles and Permissions
- Updated on 25 Oct 2022
- 5 Minutes to read
-
Print
-
DarkLight
Minimum Role: None
Prerequisites: None
Overview
A user’s System role in ThreatConnect® determines the System-level permissions that they have on their instance of ThreatConnect. These permissions cover access and functionalities on each of the following screens:
- System Settings
- Account Settings
- TC Exchange™ Settings
- Organization Settings
- Organization Config
This article defines the System roles provided in ThreatConnect, including the access and permissions each role has on each tab of the listed screens. See ThreatConnect Owner Roles and Permissions for information on Organization roles and Community roles.
System Roles
Table 1 defines each System role in ThreatConnect.
System Role | Definition |
---|---|
Administrator | The System role of Administrator is also known as the System Administrator, or Sys Admin. This role has the highest level of permissions, including full access to all System and Organization settings and configuration within the ThreatConnect instance. The Administrator role is typically used for administration purposes, but can perform most other functions, such as creating Indicators and Groups, viewing and adding dashboards, adding and modifying Workflow Cases, and adding and running Playbooks, within their home Organization (i.e., the Organization to which their account belongs). |
Operations Administrator | An Operations Administrator is a limited System Administrator account with read-only access at the System level and full administrative permissions at the Organization level. Operations Administrators can make administrative and configuration changes to Organizations, such as creating, deleting, and updating user accounts, and can add, modify, and remove Communities and Sources. Only Administrators and Operations Administrators can create accounts with System-level permissions (that is, accounts with a System role other than User or Read Only User). However, Operations Administrators may not create Administrator accounts. |
Accounts Administrator | An Accounts Administrator is a limited administrative account that has read-only access at the System and Organization levels; can create and modify, but not delete, Organizations; and can add Organizations to Communities and Sources. |
Community Leader | A Community Leader is a limited administrative account that has read-only access at the System and Organization levels. The main use case for a Community Leader is for read-only viewing of all Organizations in the System (i.e., on the ThreatConnect instance) in order to make informed requests to System Administrators (e.g., request changes to the System configuration or request creation of new Communities and Sources). For example, an MSSP with multiple clients in a single instance could use a Community Leader to have read-only visibility into all System administration pages for each client. |
Super User | A Super User is an account that enables users on multitenant instances to easily view and manage all of their customers’ data from a single user account. Super Users do not have any access or permissions at the System level, but do have full data-level, administrative, and configuration permission at the Organization level for all Organizations on the ThreatConnect instance. Super Users may view, create, edit, and delete data (dashboards, posts, threat intelligence, Workflow, and Playbooks) in all Organizations on the ThreatConnect instance. They also can administrate and configure all Organizations, including creating, deleting, and updating user accounts and adding, modifying, and deleting Organization-level variables, metrics, Attribute types, Indicator exclusion lists, and Security Labels. |
User | A User is an account that does not have any access or permissions at the System level. User accounts are typically given to analysts, Playbook developers, App developers, and others who need to assess threats, make intelligence-based recommendations, or conduct security operations for their company. The Organization-level access and permissions for a User account, as well as the User's access to threat intelligence, the ThreatConnect Workflow functionality, and Playbooks, are determined by the User's Organization role. Users have access only to the Organization to which they belong in the System. |
Read Only User | A Read Only User is a user account that can only view existing data in the Organization(s) to which it belongs. Read Only Users do not have any access or permissions at the System level. Customers may create an unlimited number of Read Only User accounts in an Organization for free. All Read Only Users have an Organization role of Read Only User or Read Only Commenter. |
Permissions
Table 2 provides the specific access level and permissions for each System role on each of the following screens:
- System Settings
- Account Settings
- TC Exchange Settings
- Organization Settings
- Organization Config
System Role | System Settings | Account Settings | TC Exchange Settings | Organization Settings | Organization Config |
---|---|---|---|---|---|
Administrator | Full | Full | Full | Home Organization: Full Other Organizations: Full | Home Organization: Full Other Organizations: Full |
Operations Administrator | Read Only | Full | None | Home Organization: Full Other Organizations: Some1 | Home Organization: Full Other Organizations: Full |
Accounts Administrator | Read Only | Some2 | None | Home Organization: Read Only3 Other Organizations: None | Home Organization: Read Only Other Organizations: None |
Community Leader | Read Only | Read Only | None | Home Organization: Read Only4 Other Organizations: None | Home Organization: Read Only Other Organizations: None |
Super User | None | None | None | Home Organization: Full Other Organizations: Full | Home Organization: Full Other Organizations: Full |
User | None | None | None | Home Organization: Read Only5 Other Organizations: None | Home Organization: Read Only Other Organizations: None |
Read Only User | None | None | None | Home Organization: Read Only Other Organizations: None | Home Organization: Read Only Other Organizations: None |
1 None for the Apps tab and Full for all other tabs.
2 Organizations tab: read, edit, and modify permissions; Communities/Sources tab: permission to add Organizations to Communities; Read Only for all other tabs.
3 Read Only for all tabs except for the Apps tab, in which an Accounts Administrator can run Jobs.
4 Read Only for all tabs except for the Apps tab, in which a Community Leader can run Jobs.
5 Read Only for all tabs except for the Apps tab, in which a User can run Jobs. On the Membership tab, the User will see only their account listed in the table. Information about other users in the Organization will not be visible. If the User has an Organization role of Organization Administrator, then they will have full permissions across the Organization Settings screen.
ThreatConnect® is a registered trademark of ThreatConnect, Inc.
TC Exchange™ is a trademark of ThreatConnect, Inc.
20098-01 v.02.B