Repository & View Permissions
The individual permissions available for a Repository and View Role are shown below.
Note
The Shorthand form is used if you choose to setup a permissions file or using the API.
Table: Data Access Permissions
| Permission | Description | Shorthand/API Settings |
|---|---|---|
Data read access
|
Grants read access to data through the
Search,
Dashboards and
Files pages. If unchecked, all
other permissions can be used exclusively through the API.
|
ReadAccess
|
Table: Data management Permissions
| Permission | Description | Shorthand/API Settings |
|---|---|---|
Delete data sources
| Allow deleting individual data sources in a repository. |
DeleteDataSources
|
Delete events
| The ability to delete events. |
DeleteEvents
|
Delete repository or
view
| Allow deletion of repositories and views. |
DeleteRepositoryOrView
|
Change data
retention
| The ability to change the data retention. |
ChangeRetention
|
Table: Search Permissions
| Permission | Description | Shorthand/API Settings |
|---|---|---|
Change connections for a
view
| Allows changing the repositories defined within a view. |
ChangeConnections
|
Change dashboards
| Allow creating and updating dashboards. |
ChangeDashboards
|
Change default search
settings
| Allow editing the default search query and time interval. |
ChangeDefaultSearchSettings
|
Change files
| Allow creating and updating uploaded CSV files. |
ChangeFiles
|
Change interactions
| Allow changing event list interactions |
ChangeInteractions
|
Change permission tokens on repo
or view
| Change permission tokens on repo or view |
ChangeViewOrRepositoryPermissions
|
Change packages
| Allow installing and updating packages |
ChangePackages
|
Change saved queries
| Allow creating and updating saved queries. |
ChangeSavedQueries
|
Change shared dashboard
URLs
| Allow creating and changing read-only dashboards |
ChangeDashboardReadonlyToken
|
Change view or repo
description
| Allow changing view or repository description. |
ChangeViewOrRepositoryDescription
|
Connect a view
| Allow creation of views that involve connecting to this repository. |
ConnectView
|
Table: Ingest Permissions
| Permission | Description | Shorthand/API Settings |
|---|---|---|
Change FDR feeds
| Change Falcon Data Replicator feeds |
ChangeFdrFeeds
|
Change Ingest tokens
| Allow creating and editing ingest tokens. |
ChangeIngestTokens
|
Change parsers
| Allow creating and updating parsers. |
ChangeParsers
|
Table: Integrations Permissions
| Permission | Description | Shorthand/API Settings |
|---|---|---|
Change S3 archiving
settings
| Allow editing the configuration for S3 archiving. |
ChangeS3ArchivingSettings
|
Change event
forwarding
| Allow setting up event forwarding. |
EventForwarding
|
Change packages
| Allow installing, updating and removing packages |
ChangePackages
|
Table: Query model for persistent queries
| Permission | Description | Shorthand/API Settings |
|---|---|---|
Change persistent queries to run
on behalf of organization
| Allow changing of persistent queries to run on behalf of the organization in place of a single user |
OrganizationOwnedQueries
|
Table: Trigger and Action Permissions
| Permission | Description | Shorthand/API Settings |
|---|---|---|
Change triggers and
actions
| Allow configuration of automated alerts and actions |
ChangeTriggersAndActions
|
Table: User Permissions
| Users | Description | Shorthand/API Settings |
|---|---|---|
Change data deletion
permissions
|
Special permission needed to be able to assign the permissions
(DeleteEvents,
DeleteDataSources,
DeleteRepositoryOrView
and
ChangeRetention).
|
ChangeDataDeletionPermissions
|
Change user access
| Allow adding or removing existing users or groups to this view/repo. |
ChangeUserAccess
|