Role-Based Access Control (RBAC) in USM Anywhere

USM Anywhere implements the , which provides users with the following:

The ability to restrict certain users from accessing administrative capabilities like adding new users and
Predefined that range from read-only access to full administrative capabilities so users can easily select the appropriate role for a new user

There are four roles in USM Anywhere:

Read-Only: You can access views and search the system, but you cannot make system changes that impact other users.
Investigator: You can access views, search the system, and generate reports, but you cannot make system changes that impact other users.
Analyst: You can view and search the system, schedule jobs, launch , configure rules, and configure credentials. But you cannot add or modify sensor configurations; configure credentials for , apps, and integrations; or add users.
Manager: This role enables analyst permissions and enables you to add or modify sensor configurations; configure credentials for BlueApps, notification apps, and threat intelligence integrations; and add users.

You can view a user’s role under the Users List by going to Settings > Users.

Note: Only users in the Manager role can view the Users page.

When the status of a user changes to Disabled, the role column of that user in the User List will include Suspended.

All LevelBlue documentation will tell you which roles can perform a specific set of steps, using a table like the one below.


Role Availability	Read-Only	Investigator	Analyst	Manager

You can see the predefined roles in USM Anywhere in the following table: Predefined Roles in USM Anywhere

Section	Action	Read-Only User	Investigator User	Analyst User	Manager User
Dashboards	Dashboard and dashboard views
Dashboards	Create custom dashboard
Upper Navigation	Access: documentation, support, and forum links
Upper Navigation	Profile settings
Activity > Alarms	View: page and alarm details
	Configure filters
	Asset drop-down menu items: add to current filter, find in events, look up in
	Asset drop-down list: full details, , alarms,
	Manage columns
	Generate report
	Save views
	Alarm details: suppress alarm, apply label, set a status, add to investigation
	Alarm details: alarm action, create rule
	Alarm labels: create, manage
	Alarm labels: apply
	Alarm status: update
Activity > Events	View: events page and event details
	Configure filters
	Asset drop-down list: add to current filter, look up in OTX
	Asset drop-down list: add to current filter, full details, configuration issues, vulnerabilities, alarms, events
	Generate report
	Save views
	Events details: suppress event, add to investigation
	Events details: event action, create rule
Environment > Assets	View: assets page and assets details
	Configure filters
	Asset drop-down list: find in events, look up in OTX, full details, configuration issues, vulnerabilities, alarms, events
	Asset drop-down list: configure asset, delete asset, asset scan,
	Manage columns
	Generate report
	Save views
	Actions menu: create asset (quick, advanced), import assets, delete selected, edit fields, assign credentials, set sensor, set compliance scope, add to
	Asset details: deploy an agent, assign credentials, schedule a job
	Asset details, actions menu: configure asset, delete asset, add to asset group
	Asset details, actions menu: agent query, asset scan, authenticated scan, assign credentials, schedule scan job
	Create event if asset stops sending data
Environment > Asset Groups	View: asset groups page and asset groups details
	Configure filters
	Asset group drop-down list: full details, configuration issues, vulnerabilities, alarms, events
	Asset group drop-down list: configure asset group, delete asset group, asset group scan, assign credentials, authenticated scan
	Generate report
	Save views
	Actions menu: create asset group (static and dynamic)
	Asset group details, actions menu: configure asset group, delete asset group, edit fields, assign credentials to group members, assign agent profile, set sensor, set compliance scope, asset group scan, assign credentials, authenticated scan, schedule scan job
Environment > Vulnerabilities	View: vulnerabilities page and vulnerabilities details
	Generate report
	Save views
	Vulnerability labels: apply, create, manage
	Asset drop-down list: add to current filter, find in events, look up in OTX, full details
	Asset drop-down list: configure asset, delete asset
	Asset drop-down list: asset scan, assign credentials, authenticated scan
	New scan
	Vulnerabilities details: select action, apply label
Environment > Configuration Issues	View: configuration issues page and configuration issues details
	Configure filters
	Generate report
	Save view
	Asset drop-down list: add to current filter, look up in OTX, full details, configuration issues, vulnerabilities, alarms, events
	Asset drop-down list: configure asset, delete asset
	Asset drop-down list: asset scan, assign credentials, authenticated scan
	Configuration issues details, actions menu: configure asset, delete asset, add to asset group, agent query, asset scan, authenticated scan, assign credentials, schedule scan job
	Configuration issues details: deploy an agent, assign credentials, schedule a scan job
Environment > Users	View users page and user details
	User drop-down list: find in events, full details, configuration issues, alarms, events, configure user, delete user
	User drop-down list: configure user, delete user
	User drop-down list: user scan
	Manage columns
	Generate report
	User menu: import users, delete selected, edit fields, configure user, user scan
	Schedule user scan job
Reports > Saved Reports	View the saved reports page
Reports > Saved Reports	Edit, copy, and delete reports
Reports > Compliance Templates	View the compliance templates reports page
Reports > Compliance Templates	Generate reports
Reports > Event Type Templates	View the event type templates reports page
Reports > Event Type Templates	Generate reports
Data Sources > Sensors	View the sensor page
	Add a new sensor
	Configure a sensor
	Edit a sensor
	Assign a sensor
	Delete, redeploy a sensor
Data Sources > AlienApps**	Available apps
Data Sources > Agents	Run an agent query
	Delete an agent
	Assign an agent configuration profile
Data Sources > Cloud Connector	View connector
	Edit connector
	Add a connector
	Delete connector
	Add new data source rule
	Enable and disable a cloud connector
Investigations	View investigations page
	Edit an investigation
	Create a new investigation
	View investigations details
	Delete an investigation
	Notification rule for investigations
	Add a note
	Run app action
Settings > Scheduler	View the job scheduler page
Settings > Scheduler	Create, edit, enable, disable a job
Settings > Rules	View the rules page
	Create an orchestration rule
	Create a correlation list
Settings > Notifications	Modify credentials
Settings > System	View the system monitor page
	View the network settings page
	Create asset field
	Enable required multifactor authentication
	Modify the session timeout
Settings > System Events	View the system events page
Settings > Console User Events	View the console user events page
Settings > OTX	Validate an OTX subscription key
Settings > Credentials	View the credentials page
	Create a new credential
	Edit, delete, and manage credentials
Settings > Users
	View the user page
	Create a user
	Edit a user
	Delete a user
Settings > My Subscription	View the my subscription page
	Purge data
	Connect to USM Central™

USM Anywhere™

USM Central™

Automated Policy Manager

Role-Based Access Control (RBAC) in USM Anywhere