Repository & View Permissions
The individual permissions available for a Repository and View Role are shown below.
Note
The Shorthand form is used if you choose to setup a permissions file or using the API.
Data access permissions
Table: Data access permissions
| Permission | Description | Shorthand/API Name |
|---|---|---|
Data read access
|
Grants read access to data through the
Search,
Dashboards and
Files pages. If unchecked, all
other permissions can be used exclusively through the API.
|
ReadAccess
|
View permissions
View permissions allow for creating, updating, and deleting different types of assets in a view. For instance, granting a user the UpdateFiles permission in a view allows the user to update files, but not delete or create files.
The Create* view permissions allow a user to create a specific type of asset for which they might not otherwise have access. Currently, these are only available using the GraphQL API.
Table: Create* view permissions
| Permission | Description | Shorthand/API Name |
|---|---|---|
Create Actions
| Allow user to create actions |
CreateActions
|
Create Dashboards
| Allow user to create dashboards |
CreateDashboards
|
Create Files
| Allow user to create files |
CreateFiles
|
Create Saved Queries
| Allow user to create saved queries |
CreateSavedQueries
|
Create Scheduled Reports
| Allow user to create scheduled reports |
CreateScheduledReports
|
Create Triggers
| Allow user to create triggers |
CreateTriggers
|
The Update* view permissions allow a user to update a specific type of asset to which they might not otherwise have access. Currently, these are only available using the GraphQL API.
Table: Update* view permissions
| Permission | Description | Shorthand/API Name |
|---|---|---|
Update Actions
| Allow user to update actions |
UpdateActions
|
Update Dashboards
| Allow user to update dashboards |
UpdateDashboards
|
Update Files
| Allow user to update files |
UpdateFiles
|
Update Saved Queries
| Allow user to update saved queries |
UpdateSavedQueries
|
Update Scheduled Reports
| Allow user to update scheduled reports |
UpdateScheduledReports
|
Update Triggers
| Allow user to update triggers |
UpdateTriggers
|
The Delete* view permissions allow a user to delete a specific type of asset to which they might not otherwise have access. Currently, these are only available using the GraphQL API.
Table: Delete asset permissions
| Permission | Description | Shorthand/API Name |
|---|---|---|
Delete Actions
| Allow user to delete actions |
DeleteActions
|
Delete Dashboards
| Allow user to delete dashboards |
DeleteDashboards
|
Delete Files
| Allow user to delete files |
DeleteFiles
|
Delete Saved Queries
| Allow user to delete saved queries |
DeleteSavedQueries
|
Delete Scheduled Reports
| Allow user to delete scheduled reports |
DeleteScheduledReports
|
Delete Triggers
| Allow user to delete triggers |
DeleteTriggers
|
Data management permissions
Table: Data management permissions
| Permission | Description | Shorthand/API Name |
|---|---|---|
Delete data sources
| Allow deleting individual data sources in a repository. |
DeleteDataSources
|
Delete events
| The ability to delete events. |
DeleteEvents
|
Delete repository or view
| Allow deletion of repositories and views. |
DeleteRepositoryOrView
|
Change data retention
| The ability to change the data retention. |
ChangeRetention
|
Search permissions
Table: Search permissions
| Permission | Description | Shorthand/API Name |
|---|---|---|
Change connections for a view
| Allow changing the repositories defined within a view. |
ChangeConnections
|
Change dashboards
| Allow creating and updating dashboards. |
ChangeDashboards
|
Change default search settings
| Allow editing the default search query and time interval. |
ChangeDefaultSearchSettings
|
Change files
| Allow creating and updating uploaded CSV files. |
ChangeFiles
|
Change interactions
| Allow changing event list interactions |
ChangeInteractions
|
Change permission tokens on repo or view
| Change permission tokens on repo or view |
ChangeViewOrRepositoryPermissions
|
Change packages
| Allow installing and updating packages |
ChangePackages
|
Change saved queries
| Allow creating and updating saved queries. |
ChangeSavedQueries
|
Change scheduled report
| Allow creating and managing scheduled reports. |
ChangeScheduledReport
|
Change shared dashboard URLs
| Allow creating and changing read-only dashboards |
ChangeDashboardReadonlyToken
|
Change view or repo description
| Allow changing view or repository description. |
ChangeViewOrRepositoryDescription
|
Connect a view
| Allow creation of views that involve connecting to this repository. |
ConnectView
|
Ingest permissions
Table: Ingest permissions
| Permission | Description | Shorthand/API Name |
|---|---|---|
Change FDR feeds
| Change Falcon Data Replicator feeds |
ChangeFdrFeeds
|
Change ingest
tokens
| Allow creating and editing ingest tokens. |
ChangeIngestTokens
|
Change parsers
| Allow creating and updating parsers. |
ChangeParsers
|
Change ingest feeds
| Allow creating, editing and deleting ingest feeds. |
ChangeIngestFeed
|
Integrations permissions
Table: Integrations permissions
| Permission | Description | Shorthand/API Name |
|---|---|---|
Change S3 archiving settings
| Allow editing the configuration for S3 archiving. |
ChangeS3ArchivingSettings
|
Change event forwarding
| Allow setting up event forwarding. |
EventForwarding
|
Change packages
| Allow installing, updating and removing packages |
ChangePackages
|
Query model permissions for persistent queries
Table: Query model for persistent queries
| Permission | Description | Shorthand/API Name |
|---|---|---|
Change persistent queries to run on behalf of organization
| Allow changing of persistent queries to run on behalf of the organization in place of a single user |
OrganizationOwnedQueries
|
Trigger and action permissions
Table: Trigger and action permissions
| Permission | Description | Shorthand/API Name |
|---|---|---|
Change triggers and actions
|
Allow editing of alerts, scheduled searches and actions. From
version 1.120.0, it is replaced by
ChangeTriggers
and
ChangeActions.
|
ChangeTriggersAndActions
|
Change triggers
| Allow creating, deleting and updating alerts and scheduled searches. It also gives access to read basic information about actions (id, name, description and the like). |
ChangeTriggers
|
Change actions
| Allow viewing and editing actions. Viewing the name and type of actions when editing triggers is still possible without this permission. |
ChangeActions
|
User permissions
Table: User permissions
| Users | Description | Shorthand/API Name |
|---|---|---|
Change data deletion permissions
|
Special permission needed to be able to assign the permissions
(DeleteEvents,
DeleteDataSources,
DeleteRepositoryOrView
and
ChangeRetention).
|
ChangeDataDeletionPermissions
|
Change user access
| Allow adding or removing existing users or groups to this view/repo. |
ChangeUserAccess
|