Roles & Permissions
Roles
A user role defines the kind of a user.
| Role | Has access to | Purpose |
|---|---|---|
| Admin | Global Settings | System Administrator |
| Operator | Workspace Management | Team Lead |
| Member | See access_level | Security analyst |
The primary distinction between an administrator and an operator is whether they have the authority to perform administrative tasks, see below.
Admin
The admin role holds the highest level of access, allowing users to perform any action within the system.
Operator
The operator role is a high-level role that allows users to perform operational tasks, such as managing workspaces or members. However, it does not grant permission to perform administrative tasks like updating the system's license.
Member
The member role is the default user role, granting basic permission to connect to and access the system. However, the actual level of access is determined by the access_level setting (see below).
Access level
The access level determines what actions a user can perform within a specific workspace, and it may vary across different workspaces. For example, Alice could have the Maintainer role in Workspace A but be a Contributor in Workspace C.
| Access level | Has access to | Example |
|---|---|---|
| Maintainer | Workspace Settings | (Principal/Lead) Detection Engineer |
| Collaborator | Posture Management | (Senior) Detection Engineer |
| Contributor | Workspace Detections, read-write | Security/SOC Analyst |
| Observer | Workspace Detections, read-only | Related Security Peers |
| None | No access to the Workspace | -- |
Members
Access levels only apply to users with the Member role. Power users, with the Admin or Operator roles, have full access to all workspaces.
Maintainer
The Maintainer has full control over a specific workspace, similar to a workspace administrator. However, they cannot create new workspaces or delete existing ones.
Collaborator
The Collaborator can access posture management dashboards to gain a better understanding of threat coverage and identify areas for improvement.
Contributor
The Contributor has access to detections and can make modifications, but does not have permission to delete any detections.
Observer
The Observer role is read-only and only permits viewing detections, without the ability to make any changes.
Permissions
This section outlines users' permissions and their relationship to roles and access levels.
Detections
| Permission | Description | Roles | Access level |
|---|---|---|---|
detections:create | User can create new detections | Admin, Operator, Member | Maintainer, Collaborator, Contributor |
detections:read | User can access detections | Admin, Operator, Member | Maintainer, Collaborator, Contributor, Observer |
detections:update | User can modify detections | Admin, Operator, Member | Maintainer, Collaborator, Contributor |
detections:delete | User can remove detections | Admin, Operator, Member | Maintainer, Collaborator |
Posture Management
| Permission | Description | Roles | Access level |
|---|---|---|---|
posture:create | n/a | ||
posture:read | User can access Posture Management | Admin, Operator, Member | Maintainer, Collaborator |
posture:update | n/a | ||
posture:delete | n/a |
Workspaces
| Permission | Description | Roles | Access level |
|---|---|---|---|
workspaces:create | User can create a new workspace | Admin, Operator | - |
workspaces:read | User can read a workspace | Admin, Operator, Member | Maintainer, Collaborator, Contributor, Observer |
workspaces:update | User can edit the settings of a workspace | Admin, Operator, Member | Maintainer |
workspaces:delete | User can delete a workspace | Admin, Operator | - |
Audit Logs
| Permission | Description | Roles | Access level |
|---|---|---|---|
audit:create | n/a | - | - |
audit:read | User can read audit logs | Admin | - |
audit:update | n/a | - | - |
audit:delete | n/a | - | - |
GitLab
| Permission | Description | Roles | Access level |
|---|---|---|---|
gitlab:create | User can connect LogCraft to GitLab | Admin, Operator | - |
gitlab:read | User can list GitLab repositories | Admin, Operator, Member | Maintainer, Collaborator, Contributor, Observer |
gitlab:update | User can link/unlink GitLab repositories | Admin, Operator | - |
gitlab:delete | User can disconnect LogCraft from GitLab | Admin, Operator | - |
License
| Permission | Description | Roles | Access level |
|---|---|---|---|
license:create | n/a | ||
license:read | User can get license details | Admin, Operator, Member | Maintainer, Collaborator, Contributor, Observer |
license:update | User can install a new license | Admin | - |
license:delete | n/a |
Team
| Permission | Description | Roles | Access level |
|---|---|---|---|
users:create | User can create new users | Admin, Operator | - |
users:read | User can get user information | Admin, Operator, Member | Maintainer, Collaborator, Contributor, Observer |
users:update | User can edit a user | Admin, Operator | - |
users:delete | User can remove a user | Admin, Operator | - |