Roles Management
Roles and permissions control the levels of access to different features in BigPanda.
BigPanda provides two built-in roles: Admin and User. These roles are configurable to define the level of access granted to your organization's BigPanda users. A user may have one or more roles, and each role may have one or more permissions associated with it. The same role can be duplicated and assigned to multiple users.
Role-Based Access Control (RBAC) in BigPanda allows you to dictate the level of a user's access to resources and is customizable by resource and role.
The two permission types provided by BigPanda are:
- Read-only - the user can only view the resource, they cannot interact with or edit it in any way.
- Full Access - the user has the ability to perform actions related to the resource (ie: Create, Read, Edit, Delete, etc.).
For more information about User Roles in BigPanda, see Roles and Resource Permissions.
Key Features
- Create and customize roles to restrict the availability of your organization's sensitive content, making it accessible on a per-user basis.
- Control the degree to which resources are available to select users within your organization.
- Protect your organization's resources by enforcing the Principle of Least Privilege. Give users the lowest level of access required to perform their role, limiting the scope of any damage caused by issues with one resource.
- The separation of duties provided by Role-Based Access Control localizes areas of access, providing very clear parameters for each user's responsibilities.
Relevant Permissions
Only users with Full access can grant role permissions for a newly created resource. Add Permissions_Full_Access for access to these permissions.
| Role Name | Description |
|---|---|
Roles_Read | Read-only - View the Role Management section. |
Roles_Full_Access | Full access - View, add, edit and delete BigPanda Roles. |
Create a New Role
- In the top right, click the Settings cog icon, and then click Roles Management.
- Click New Role.
- Name the new role.
- (Optional) Add Users, Permissions, and Environment Access to the role, as described below.
| Field | Description |
|---|---|
| Role Name | Enter a unique role name. |
| Users | (Optional) Select the users to which this role will be added. |
| Permissions | (Optional) Add permissions to resources (other than environments). Permissions are divided into Read access (ie: Dashboards_Read) and Full access (ie: Dashboards_Full_Access). |
| Environment Access | Add permissions to environments. There are three global Environments permissions: Environments_Full_Access - full access to environment configuration and incident action for all environments.Environments_Incident_Actions - Access to all environments and the ability to perform incident actions (except for environment configuration).Environments_Read_Only - Read only access to all environments and incident actions.BigPanda also offers Granular Environment Permissions, allowing admins to assign access on a per-environment basis. To assign access to a specific environment, add the name of the environment to the permission you wish to assign (ie: _Read). |
- Click Create Role.
Edit a Role
- In the top right, click the Settings cogwheel icon, and then click Roles Management.
- Select a role and click Edit Role.
- Edit the role's details and click Edit Role.
Duplicate a Role
- In the top right, click the Settings cogwheel icon, and then click Roles Management.
- Select a role and click Duplicate Role.
- (Optional) Name the duplicated role and edit its Users, Permissions, and Environment Access to your new specifications.
- Click Duplicate Role.
Delete a Role
- In the top right, click the Settings cog icon, and then click Roles Management.
- Click Delete Role.
Roles and Resource Permissions
BigPanda Role Based Access Control (RBAC) allows you to create custom roles that have granular access to sections and actions within BigPanda.
BigPanda Resource Permissions
Build roles within your organization using the permissions specific to each individual BigPanda resource.
| BigPanda Feature | resource_type | Access levels |
|---|---|---|
| Alert View | Alert_view | View, create, and edit Alert Views in BigPanda Settings. |
| Analytics | analytics | View, edit, and create new dashboards in Analytics and assign the Dashboard Designer role. |
| API Keys | apikeys | View, edit, and create API keys BigPanda Settings. |
| Audit Log API Audit Log | audit_logs | View the Audit Log in BigPanda Settings and the Audit Lot API. |
| Changes | changes | View the Related Changes section within the incident details and mark changes as Suspect or Match. |
| Correlation Patterns | correlations | View, edit, and create new correlation patterns in BigPanda Settings. |
| custom_tags | Not currently in use. | |
| Dashboards | dashboards | View, customize, and interact with BigPanda Dashboards. |
| Alert Enrichment Enrichments API | enrichments enrichments-jobs | View and use the Alert Enrichments UI and API. |
| Manage Incident Enrichment | incident-tags-definitions | View, create, and edit incident tags in BigPanda Settings. |
| integration_templates | Not currently in use. | |
| Integrations | integrations | View, install, and edit integrations in the Integrations tab. |
| AutoShare | notifications | View, add, edit, and delete AutoShare rules in the BigPanda Settings. |
| organizations | Not currently in use. | |
| Maintenance Plans V1 API Maintenance Plans V2 API Manage Planned Maintenance Manage Alert Filtering | plans | View, create, edit, and delete maintenance plans or alert filters in BigPanda Settings. |
| Sharing Quotas | quotas | View and edit sharing rate limitations in BigPanda Settings. |
| Roles Management | roles | View, add, edit, and delete BigPanda Roles. |
| Schedules API | schedules | View and use the Schedules API to define the specific start and end times of Plans configured with the Plans V1 API. |
| Unified Search | search | Access Unified search and perform searches. |
| Single Sign-On | sso | View, select, and configure a Single Sign-on provider in BigPanda Settings. |
| Topology | topology | View, upload, or edit topology maps and view the Topology section in incident details. |
| Users | users | View, add, edit and delete Users in BigPanda Settings. |
Granular Environment Permissions
BigPanda RBAC provides roles and permissions to control and manage access to different resources in BigPanda.
Granular RBAC applies exclusively to BigPanda Environments, defining permissions at the single environment level.
To set and assign Granular permissions, start with the name of the environment to which privileges will be assigned, followed by _Read and _Incident_Actions, ie: YourEnvironment_Read
Users must have access to at least one environment, either read-only or with actions, in order to be able to use BigPanda.
Environments Resource_type Details
| Permission | Description |
|---|---|
environments Full_Access | Read, edit and delete actions for all environments. Full access to all enrichment tags and incident actions (ie: assign, snooze, share, comment) in all environments. |
environments Incident_Actions | Full access to all enrichment tags and incident actions (ie: assign, snooze, share, comment) minus environment configuration in all environments. |
environments Read | Read-only access to all enrichment tags and incident actions (ie: assign, snooze, share, comment) in all environments without the ability to change or submit any new incident action. |
<ENV_NAME>_Incident_Actions | Granular - Full access to all enrichment tags and incident actions (ie: assign, snooze, share, comment) minus environment configuration in the specified environment(s). |
<ENV_NAME>_Read | Granular - Read-only access to all enrichment tags and incident actions (ie: assign, snooze, share, comment) in the specified environment(s) without the ability to change or submit any new incident action. |
Replace <ENV_NAME> with the relevant environment name.
Next Steps
Learn about User Management in BigPanda
Learn about Managing your personal account
Find your way around the BigPanda Settings page
Updated 1 day ago