Permissions
This page lists every action that authorization in LogCraft governs, and who can perform it. Use it when you need to verify whether a specific role or access level can perform a specific action.
- To choose a global role for a user, see Team.
- To choose an access level for a workspace member, see Members.
How authorization works
Authorization in LogCraft is a two-layer model:
- Global role: the system-wide role assigned to a user at creation.
- Workspace access level: the per-workspace role assigned when a user is added to a workspace.
Both layers apply to workspace-scoped actions: the user must satisfy the minimum global role and the minimum access level required by the action.
Workspaces
| Action | Roles | Access level |
|---|---|---|
| List the workspaces the user can see | Admin, Operator, Member | n/a |
| View a workspace | Admin, Operator, Member | Maintainer, Collaborator, Contributor, Observer |
| Edit workspace settings | Admin, Operator, Member | Maintainer |
| Create a workspace | Admin, Operator | n/a |
| Delete a workspace | Admin, Operator | n/a |
Detection content
The same rules govern Security Assets and Use Cases.
| Action | Roles | Access level |
|---|---|---|
| View Security Assets and Use Cases | Admin, Operator, Member | Maintainer, Collaborator, Contributor, Observer |
| Create or edit a Security Asset or a Use Case | Admin, Operator, Member | Maintainer, Collaborator, Contributor |
| Delete a Security Asset or a Use Case | Admin, Operator, Member | Maintainer, Collaborator |
Posture Management
These rules cover the Security Posture, MITRE ATT&CK, and Detection Opportunities views.
| Action | Roles | Access level |
|---|---|---|
| Open Posture Management views | Admin, Operator, Member | Maintainer, Collaborator, Contributor, Observer |
| Set or change MITRE ATT&CK objectives | Admin, Operator, Member | Maintainer, Collaborator, Contributor |
Team and users
| Action | Roles | Access level |
|---|---|---|
| View user information | Admin, Operator, Member | n/a |
| Create a user | Admin, Operator | n/a |
| Edit a user or workspace membership | Admin, Operator | n/a |
| Remove a user | Admin, Operator | n/a |
Server administration
These actions are performed outside any workspace and are reserved for the Admin role.
| Action | Roles |
|---|---|
| View license details | Admin |
| Install or update the license | Admin |
| View audit logs | Admin |