Repository & View Permissions

The individual permissions available for a Repository and View Role are shown below.

Note

The Shorthand form is used if you choose to setup a permissions file or using the API.

Data access permissions

Table: Data access permissions

Permission Description Shorthand/API Name
Data read access Grants read access to data through the Search, Dashboards and Files pages. If unchecked, all other permissions can be used exclusively through the API. ReadAccess

View permissions

View permissions allow for creating, updating, and deleting different types of assets in a view. For instance, granting a user the UpdateFiles permission in a view allows the user to update files, but not delete or create files.

The Create* view permissions allow a user to create a specific type of asset for which they might not otherwise have access. Currently, these are only available using the GraphQL API.

Table: Create* view permissions

Permission Description Shorthand/API Name
Create Actions Allow user to create actions CreateActions
Create Dashboards Allow user to create dashboards CreateDashboards
Create Files Allow user to create files CreateFiles
Create Saved Queries Allow user to create saved queries CreateSavedQueries
Create Scheduled Reports Allow user to create scheduled reports CreateScheduledReports
Create Triggers Allow user to create triggers CreateTriggers

The Update* view permissions allow a user to update a specific type of asset to which they might not otherwise have access. Currently, these are only available using the GraphQL API.

Table: Update* view permissions

Permission Description Shorthand/API Name
Update Actions Allow user to update actions UpdateActions
Update Dashboards Allow user to update dashboards UpdateDashboards
Update Files Allow user to update files. Note that the user must also have Data Read Access to change files. UpdateFiles
Update Saved Queries Allow user to update saved queries UpdateSavedQueries
Update Scheduled Reports Allow user to update scheduled reports UpdateScheduledReports
Update Triggers Allow user to update triggers UpdateTriggers

The Delete* view permissions allow a user to delete a specific type of asset to which they might not otherwise have access. Currently, these are only available using the GraphQL API.

Table: Delete asset permissions

Permission Description Shorthand/API Name
Delete Actions Allow user to delete actions DeleteActions
Delete Dashboards Allow user to delete dashboards DeleteDashboards
Delete Files Allow user to delete files. Note that the user must also have Data Read Access to delete files. DeleteFiles
Delete Saved Queries Allow user to delete saved queries DeleteSavedQueries
Delete Scheduled Reports Allow user to delete scheduled reports DeleteScheduledReports
Delete Triggers Allow user to delete triggers DeleteTriggers

Data management permissions

Table: Data management permissions

Permission Description Shorthand/API Name
Delete data sources Allow deleting individual data sources in a repository. DeleteDataSources
Delete events The ability to delete events. DeleteEvents
Delete repository or view Allow deletion of repositories and views. DeleteRepositoryOrView
Change data retention The ability to change the data retention. ChangeRetention

Ingest permissions

Table: Ingest permissions

Permission Description Shorthand/API Name
Change FDR feeds Change Falcon Data Replicator feeds ChangeFdrFeeds
Change ingest tokens Allow creating and editing ingest tokens. ChangeIngestTokens
Change parsers Allow creating and updating parsers. ChangeParsers
Change ingest feeds Allow creating, editing and deleting ingest feeds. ChangeIngestFeed

Integrations permissions

Table: Integrations permissions

Permission Description Shorthand/API Name
Change S3 archiving settings Allow editing the configuration for S3 archiving. ChangeS3ArchivingSettings
Change event forwarding Allow setting up event forwarding. EventForwarding
Change packages Allow installing, updating and removing packages ChangePackages

Query model permissions for persistent queries

Table: Query model for persistent queries

Permission Description Shorthand/API Name
Change persistent queries to run on behalf of organization Allow changing of persistent queries to run on behalf of the organization in place of a single user OrganizationOwnedQueries

Trigger and action permissions

Table: Trigger and action permissions

Permission Description Shorthand/API Name
Change triggers and actions Allow editing of alerts, scheduled searches and actions. From version 1.120.0, it is replaced by ChangeTriggers and ChangeActions. ChangeTriggersAndActions
Change triggers Allow creating, deleting and updating alerts and scheduled searches. It also gives access to read basic information about actions (id, name, description and the like). ChangeTriggers
Change actions Allow viewing and editing actions. Viewing the name and type of actions when editing triggers is still possible without this permission. ChangeActions

User permissions

Table: User permissions

Users Description Shorthand/API Name
Change data deletion permissions Special permission needed to be able to assign the permissions (DeleteEvents, DeleteDataSources, DeleteRepositoryOrView and ChangeRetention). ChangeDataDeletionPermissions
Change user access Allow adding or removing existing users or groups to this view/repo. ChangeUserAccess