Current ThreatQ Version Filter
 

Default User Roles

THREATQ REQUIRED PERMISSIONS

Default ThreatQ Role: Administrative or Maintenance
Custom Role - Action Permissions: Administrative Functions - Edit User Management

The following table lists the default user roles seeded in each ThreatQ instance and details their permissions. You can assign these default user roles to user accounts as is. 

A user account's access to dashboards, data collections, and investigations can be further customized by the Sharing permissions assigned to them.

Default User Role Base-Level Permissions Action permissions
Maintenance Members have access to the entire ThreatQ user interface and can edit all data.

Important Notes:

  • Each ThreatQ instance must have at least one Maintenance Account.
  • Local Maintenance Accounts (manually created within ThreatQ) cannot be migrated to SAML authentication groups
  • Administrative Functions
  • Artifact Management
  • Objects & Context
  • Data Controls
  • Integrations
  • Orchestration
  • Data Exchange
Administrator Members have access to the entire ThreatQ user interface and can edit all data.
  • Administrative Functions
  • Artifact Management
  • Objects & Context
  • Data Controls
  • Integrations
  • Orchestration
  • Data Exchange
Primary Contributor Members can:
  • Edit their own user info
  • Manually create system objects
  • Create and manage ThreatQ Investigations 
  • Access Whitelist Management (Data Controls)
  • Perform a basic search
  • Access the Threat Library, object metadata, export search results, and manage Data Collections
  • Create custom dashboards and add shared dashboards to their user view.
  • Administrative Functions
    • View Audit Log
  • Artifact Management
  • Objects & Context
    • Objects
    • Individual Object Context and Actions
    • Bulk Object Management
      • Perform Bulk Changes
      • Perform Bulk Manual Import
      • Manage Object Statuses
      • Manage Object Sub-types
  • Data Controls
    • Edit Indicator Expiration
    • Edit Scoring
    • Edit Whitelisting
  • Integrations
    • Run Operations
  • Orchestration
    • Run Manual Workflows
Read Only Members can:
  • Access the Threat Library, object metadata, export search results
  • Add shared dashboards to their user view
  • Load saved Data Collections  

Members cannot edit any data.
  • Administrative Functions
    • View Audit Log
  • Artifact Management - View Only
  • Objects & Context - View Only/No Access

Viewing Default User Roles

You can view default user roles in the Roles tab of the User Management page. Default user role permissions are view-only and cannot be changed. However, you can use the Roles tab to assign default user roles to user accounts.

  1. From the User Management page, click the Roles tab.

    Default user roles are listed with a person icon instead of a checkbox.

  2. Browse the Roles list or use the Search field to locate the default user role.
  3. Click the default user role to view its permissions in the right pane. This pane lists:
    • Role Name
    • Action Permissions - You can expand the Action Permission sections to view the default user role’s permissions.
    • Role Assignment - This section lists the user accounts currently assigned to the default user role and gives you the option to add a user to the role or reassign an existing user to a new role.

Adding User Accounts to a Default User Role

  1. From the User Management page, click the Roles tab.
  2. Browse the Roles list or use the Search field to locate the default user role you want to add to the user account.
  3. Click the user role to view its details in the right pane.
  4. To assign the default role to a user account, use the Search to add field to locate the user account.
    • Begin typing the name of the user account to which you want to assign the role. The field displays the user accounts that match your entry.
    • Click the user account to which you want to assign the role.

      Until you save your changes, a Remove option is displayed to the left of the user name. This option allows you to remove the user account from the custom role before saving your changes.

  5. Repeat step 4 to continue adding the user role to multiple user accounts.
  6. Click the Save Changes button. The new user role is assigned to the user account whether the user account does or does not have a custom or default user role already.

The following details the user roles and their base-level permissions.  A user account's access to data collections and dashboards can be further customized by the Sharing permissions assigned to it.

User Role Permission
Maintenance Account Members have access to the entire ThreatQ user interface and can edit all data.

Important Notes:

  • Each ThreatQ instance must have at least one Maintenance Account.
  • Local Maintenance Accounts (manually created within ThreatQ) cannot be migrated to SAML authentication groups
Administrative Access Members have access to the entire ThreatQ user interface and can edit all data.
Primary Contributor Access Members can:
  • Edit their own user info
  • Manually create system objects
  • Create and manage ThreatQ Investigations 
  • Access Whitelist Management (Data Controls)
  • Perform a basic search
  • Access the Threat Library, object metadata, export search results, and manage Data Collections
  • Create custom dashboards and add shared dashboards to their user view.
Read Only Access Members can:
  • Access the Threat Library, object metadata, export search results
  • Add shared dashboards to their user view
  • Load saved Data Collections  

Members cannot edit any data.