Roles Management

Roles and permissions control the levels of access to different features in BigPanda.

BigPanda provides two built-in roles: Admin and User. These roles are configurable to define the level of access granted to your organization's BigPanda users. A user may have one or more roles, and each role may have one or more permissions associated with it. The same role can be duplicated and assigned to multiple users.

Role-Based Access Control (RBAC) in BigPanda allows you to dictate the level of a user's access to resources and is customizable by resource and role.

The two permission types provided by BigPanda are:

  • Read-only - the user can only view the resource, they cannot interact with or edit it in any way.
  • Full Access - the user has the ability to perform actions related to the resource (ie: Create, Read, Edit, Delete, etc.).
    For more information about User Roles in BigPanda, see Roles and Resource Permissions.

Key Features

  • Create and customize roles to restrict the availability of your organization's sensitive content, making it accessible on a per-user basis.
  • Control the degree to which resources are available to select users within your organization.
  • Protect your organization's resources by enforcing the Principle of Least Privilege. Give users the lowest level of access required to perform their role, limiting the scope of any damage caused by issues with one resource.
  • The separation of duties provided by Role-Based Access Control localizes areas of access, providing very clear parameters for each user's responsibilities.

Relevant Permissions

Only users with Full access can grant role permissions for a newly created resource. Add Permissions_Full_Access for access to these permissions.

Role NameDescription
Roles_ReadRead-only - View the Role Management section.
Roles_Full_AccessFull access - View, add, edit and delete BigPanda Roles.

Create a New Role

  1. In the top right, click the Settings cog icon, and then click Roles Management.
  2. Click New Role.
  1. Name the new role.
  2. (Optional) Add Users, Permissions, and Environment Access to the role, as described below.
FieldDescription
Role NameEnter a unique role name.
Users(Optional) Select the users to which this role will be added.
Permissions(Optional) Add permissions to resources (other than environments).
Permissions are divided into Read access (ie: Dashboards_Read) and Full access (ie: Dashboards_Full_Access).
Environment AccessAdd permissions to environments.

There are three global Environments permissions:
Environments_Full_Access - full access to environment configuration and incident action for all environments.
Environments_Incident_Actions - Access to all environments and the ability to perform incident actions (except for environment configuration).
Environments_Read_Only - Read only access to all environments and incident actions.

BigPanda also offers Granular Environment Permissions, allowing admins to assign access on a per-environment basis. To assign access to a specific environment, add the name of the environment to the permission you wish to assign (ie: _Read).
  1. Click Create Role.

Edit a Role

  1. In the top right, click the Settings cogwheel icon, and then click Roles Management.
  2. Select a role and click Edit Role.
  1. Edit the role's details and click Edit Role.

Duplicate a Role

  1. In the top right, click the Settings cogwheel icon, and then click Roles Management.
  2. Select a role and click Duplicate Role.
  1. (Optional) Name the duplicated role and edit its Users, Permissions, and Environment Access to your new specifications.
  2. Click Duplicate Role.

Delete a Role

  1. In the top right, click the Settings cog icon, and then click Roles Management.
  2. Click Delete Role.

Roles and Resource Permissions

BigPanda Role Based Access Control (RBAC) allows you to create custom roles that have granular access to sections and actions within BigPanda.

BigPanda Resource Permissions

Build roles within your organization using the permissions specific to each individual BigPanda resource.

BigPanda Featureresource_typeAccess levels
Alert ViewAlert_viewView, create, and edit Alert Views in BigPanda Settings.
AnalyticsanalyticsView, edit, and create new dashboards in Analytics and assign the Dashboard Designer role.
API KeysapikeysView, edit, and create API keys BigPanda Settings.
Audit Log API

Audit Log
audit_logsView the Audit Log in BigPanda Settings and the Audit Lot API.
ChangeschangesView the Related Changes section within the incident details and mark changes as Suspect or Match.
Correlation PatternscorrelationsView, edit, and create new correlation patterns in BigPanda Settings.
custom_tagsNot currently in use.
DashboardsdashboardsView, customize, and interact with BigPanda Dashboards.
Alert Enrichment

Enrichments API
enrichments
enrichments-jobs
View and use the Alert Enrichments UI and API.
Manage Incident Enrichmentincident-tags-definitionsView, create, and edit incident tags in BigPanda Settings.
integration_templatesNot currently in use.
IntegrationsintegrationsView, install, and edit integrations in the Integrations tab.
AutoSharenotificationsView, add, edit, and delete AutoShare rules in the BigPanda Settings.
organizationsNot currently in use.
Maintenance Plans V1 API

Maintenance Plans V2 API

Manage Planned Maintenance

Manage Alert Filtering
plansView, create, edit, and delete maintenance plans or alert filters in BigPanda Settings.
Sharing QuotasquotasView and edit sharing rate limitations in BigPanda Settings.
Roles ManagementrolesView, add, edit, and delete BigPanda Roles.
Schedules APIschedulesView and use the Schedules API to define the specific start and end times of Plans configured with the Plans V1 API.
Unified SearchsearchAccess Unified search and perform searches.
Single Sign-OnssoView, select, and configure a Single Sign-on provider in BigPanda Settings.
TopologytopologyView, upload, or edit topology maps and view the Topology section in incident details.
UsersusersView, add, edit and delete Users in BigPanda Settings.

Granular Environment Permissions

BigPanda RBAC provides roles and permissions to control and manage access to different resources in BigPanda.
Granular RBAC applies exclusively to BigPanda Environments, defining permissions at the single environment level.
To set and assign Granular permissions, start with the name of the environment to which privileges will be assigned, followed by _Read and _Incident_Actions, ie: YourEnvironment_Read

🚧

Users must have access to at least one environment, either read-only or with actions, in order to be able to use BigPanda.

Environments Resource_type Details

PermissionDescription
environments Full_AccessRead, edit and delete actions for all environments.
Full access to all enrichment tags and incident actions (ie: assign, snooze, share, comment) in all environments.
environments Incident_ActionsFull access to all enrichment tags and incident actions (ie: assign, snooze, share, comment) minus environment configuration in all environments.
environments ReadRead-only access to all enrichment tags and incident actions (ie: assign, snooze, share, comment) in all environments without the ability to change or submit any new incident action.
<ENV_NAME>_Incident_ActionsGranular - Full access to all enrichment tags and incident actions (ie: assign, snooze, share, comment) minus environment configuration in the specified environment(s).
<ENV_NAME>_ReadGranular - Read-only access to all enrichment tags and incident actions (ie: assign, snooze, share, comment) in the specified environment(s) without the ability to change or submit any new incident action.

📘

Replace <ENV_NAME> with the relevant environment name.

Next Steps

Learn about User Management in BigPanda

Learn about Managing your personal account

Find your way around the BigPanda Settings page