Skip to content
  • There are no suggestions because the search field is empty.

Services Security View - Service User Roles and Permissions

Services Security View - Service User Roles and PermissionsServices Security View - Service User Roles and Permissions

The Services Security view Roles tab enables you to create service user roles and assign permissions. You can also use the pre-configured service user roles included with NetWitness to assign user permissions.

Related Topics

Service User Roles

NetWitness has the following pre-configured service user roles.

  • Role: Administrators
  • Assigned Permissions: All permissions
  • Personnel/Account: NetWitness System Administrator

  • Role: Aggregation
  • Assigned Permissions:

    aggregate

    sdk.content

    sdk.meta

    sdk.packets

  • Personnel/Account: You can use this role to create an Aggregation account.
    This role provides the minimum permissions necessary to perform aggregation of data. It is only available on NetWitness version 10.5 and later services.

  • Role: Analysts, Malware_Analysts, and SOC_Managers
  • Assigned Permissions:

    sdk.meta

    sdk.content

    sdk.packets

    storedproc.execute

  • Personnel/Account: Users can use specific applications, run queries and view content for purposes of analysis.

  • Role: Data_Privacy_Officers
  • Assigned Permissions:

    sys.manage

    users.manage

    sdk.meta

    sdk.content

    sdk.packets

    sdk.manage

    logs.manage

    database.manage

    index.manage

    dpo.manage

  • Personnel/Account: Data Privacy Officer
    Data Privacy Officers have the dpo.manage permission on Network Decoders and Log Decoders.

  • Role: Operators
  • Assigned Permissions:

    sys.manage

    services.manage

    connections.manage

    users.manage

    logs.manage

    parsers.manage

    rules.manage

    database.manage

    index.manage

    sdk.manage

    decoder.manage

    archiver.manage

    concentrator.manage

    storedproc.manage

  • Personnel/Account: Operators are responsible for the daily operation of the services.

Service User Permissions

There are many permissions that you can assign a service role in NetWitness. Users can have different permissions on each service, depending on their role assignments and the permissions selected for each role. This table describes the permissions that you can assign to a role.

  • Permission: sys.manage
  • Definition: Allows the user to edit the service configuration settings.

  • Permission: services.manage
  • Definition: Allows the user to manage connections to other services.

  • Permission: connections.manage
  • Definition: Allows the user to manage connections to the service.

  • Permission: users.manage
  • Definition: Allows the user to create individual users and user roles and specify user permissions.

  • Permission: aggregate
  • Definition: Allows the user to perform aggregation of data.

  • Permission: sdk.meta
  • Definition: Allows the user to run queries in the Investigation and Reporting applications and to view the metadata returned by the query.

  • Permission: sdk.content
  • Definition: Allows the user to access raw packets and logs from any client application (Investigations and Reporting).

  • Permission: sdk.packets
  • Definition: Allows users to access raw packets and logs from any client application.

  • Permission: appliance.manage
  • Definition: Allows the user to manage the appliance (host) tasks. This permission is required by the Appliance service.

  • Permission: decoder. manage
  • Definition: Allows the user to edit the configuration settings for the Network Decoder service.

  • Permission: concentrator.manage
  • Definition: Allows the user to edit the configuration settings for the Concentrator/Broker service.

  • Permission: logs.manage
  • Definition: Allows the user to view the service logs and edit the logging configuration settings for the specified service.

  • Permission: parsers.manage
  • Definition: Allows the user to manage all attributes under the parsers node.

  • Permission: rules.manage
  • Definition: Allows the user to add and delete all rules.

  • Permission: database.manage
  • Definition: Allows the user to set database locations, sizes, and the various configuration settings for the session, meta and/or packet/log databases.

  • Permission: index.manage
  • Definition: Allows the user to manage all index-related attributes.

  • Permission: sdk.manage
  • Definition: Allows the user to view and set all SDK configuration items.

  • Permission: storedproc.execute
  • Definition: Allows the user to execute a Lua stored procedure.

  • Permission: storedproc.manage
  • Definition: Allows the user to manage Lua stored procedures.

  • Permission: archiver.manage
  • Definition: Allows the user to modify the Archiver configuration.

  • Permission: dpo.manage
  • Definition: Allows the user to manage the transform configuration and the applicable keys.

  • Column 1:
  • Column 2: