Restricted Administrator security roles can be customized by granting access to many administrative functions this role does not normally have access to.

  1. On the main toolbar, click Deployment Manager.
  2. On the Tools menu, click Administration, and then click User Profile Manager.
    The User Profile Manager window appears and lists the existing User Profiles.
  3. Click an existing user profile to select it, and then click Properties.
  4. Click the Management Permissions tab.
  5. Expand the fields or use the search field to find the administrative function you want to grant access to.
  6. Select a level of access to grant.
    • View. The user profile can view the data and configurations but cannot make any changes.
    • Manage. The user profile can view and make changes to the data and configurations.

      Some permissions are dependent upon each other. For example, you need access to Manage AI Engines and Manage AI Engine Rules before you can access Manage AI Engine Rule Actions. If you grant access to AI Engine Rule Actions, in this example, the others are automatically checked, as shown below.

    Entities
    Display/Manage EntitiesAdd, delete, and modify entities in the deployment

    Manage Re-Organization Wizard

    Use the Entities Re-organization Wizard to migrate host and network records between entities
    System Monitor
    Display/Manage System Monitor Agents  Manage System Monitor Lite and Pro Agents to collect and forward log data to Data Processors
    Manage Data Loss Defender PoliciesConfigure a System Monitor agent to monitor and log the connection and disconnection of external data devices to the host computer where the Agent is running
    Manage File Integrity Monitor PoliciesConfigure a System Monitor agent to monitor critical database and application files for unauthorized changes
    Manage Real Time Integrity Monitor PoliciesConfigure FIM to use an event-driven model that provides real-time accuracy and enables precise user identification
    Display/Manage System Monitor Configuration Policy ManagerUse policy-based management of System Monitor agents to configure how the Data Processor processes logs sent from the Agents
    Manage Agent Upgrade PackagesUse the System Monitor Package Manager to schedule automatic updates for multiple System Monitors at one time
    Network Monitor
    Manage Network MonitorsAdd, delete, and modify Network Monitors in the deployment
    Log Sources
    Display/Manage Log Sources Create, modify, and manage log sources to collect data from hosts

    Windows Host Wizard

    Manage the Windows Host Wizard to configure LogRhythm to collect Windows Event logs
    Manage Log Source TypesCreate, modify, and manage log source types to classify logs that come from common hardware or have the same data format and operate under the same processing rules
    Manage Automatic Log Source ConfigurationManage the existing SNMP management infrastructure to specifically identify devices on the network
    Manage Log Virtualization Template PoliciesCreate, modify, and manage templates to consume all the available intelligence within individual log source files that contain multiple records from different sources
    Manage Automatic Log Source Acceptance Rules

    Create, modify, and manage rules to automatically resolve log source hosts, identify log source types, and accept log sources through the IP address of a new Log Source or through regular expression pattern matching

    Data Processing
    Manage Data Processors 

    Manage the Data Processor to control how logs are sent to the Indexer, the Indexer reads information from the EMDB, and the Client Console and Web Console issue queries about logs to the Indexer

    Manage Log Processing Policies

    Manage how your deployment parses, calculates, and derives information from raw log data and presents it in a way that makes it easier to analyze

    Manage MPE RulesUse the MPE Rule Builder to create rules that identify the pattern of a log and isolate interesting pieces of metadata
    Manage Common EventsUse the Common Event Change Manager to make appropriate updates based on user input for common events that have been modified
    Manage ApplicationsUse the Application Manager to define an application and its ports and protocols so that MPE rules can identify a log origin
    Manage Common Event Change ManagerControl the migration of the Common Events in your affected objects (system objects with custom filters and custom objects)
    Manage Data Masking RulesCreate, modify, and manage rules to control which log message have their data transformed into a more useable format or masked to hide sensitive or regulated data
    Manage Global Log Processing PoliciesCreate, modify, and manage policies to apply Data Management settings across all Data Processors, Log Sources and Log Processing Policies to logs that meet your specific criteria
    AI Engine
    Manage AI EnginesManage how the AI Engine receives logs, applies AI Engine rules, generates events, and provides diagnostic data
    Manage AI Engine RulesCreate, modify, and manage AI Engine rules based off logs, thresholds, unique values, and behaviors
    Manage AI Engine Rule ActionsManage the actions that take place after an AI Engine rule fires
    Lists and Filters
    Display/Manage ListsCreate, modify, and view all lists in the deployment
    Manage Composite FiltersCreate, modify, and manage composite filters through the Filter Manager under the Administration menu
    Search and Report
    Display and Run Investigations  Access all Investigations in the deployment to view logs and events collected in near-real-time from both the Data Processor and Platform Manager Databases
    Display and Run TailsAccess all Tails in the deployment to query for new logs and update your log/event list in real-time
    Manage Report Templates, Reports, and Report PackagesModify and run all Report Templates, Reports and Report Packages in the deployment as needed
    Manage Scheduled Jobs for ReportsManage recipients, subject lines, report periods, and report schedules in the Scheduled Report Job Manager
    Manage SecondLookCreate and run searches to restore archived logs for the purpose of further review in LogRhythm
    Monitor and Alarm
    Manage Alarm Rules  Create, modify, and manage alarm rules to control which events incur alarms
    Manage Alarm Rule ActionsManage the actions that take place after an Alarm rule fires
    Manage NotificationsSpecify the method of Alarm notification, recipients, and information that is included, as well as throttle the number of notifications in an allotted time
    Display Personal DashboardConfigure Personal Dashboard filters and displays
    Display Personal AlarmsAccess Alarms from the Alarm List on the Personal Dashboard
    Manage Global AI Engine EventsManage AI Engine events that span different Entities
    Display Alarm ViewerView alarms generated by LogRhythm, track alarm history, and update alarm statuses
    Automate and Orchestra
    Manage Smart Response Plug-Ins Use the SmartResponse Plugin Manager to control the execution of preventative actions when threatening activity is observed
    Manage LogRhythm Case ManagementManage Cases in the Web Console
    Users
    Manage People and Users Create, modify, and manage Person Records so users can log in with personal credentials
    Manage User ProfilesCreate, modify, and manage User Profiles to group access permissions for hosts and log sources so they can be assigned to more than one user at a time
    Manage User PreferencesManage User Preference settings
    Manage Active DirectorySync, manage, and search Active Directory users and groups
    Manage Object PermissionsSet new read and write access permissions for an object (investigation, tail, list, or alarm rule) and to assign it to a new owner and/or entity
    Manage Security ManagerView a list of logins for the deployment
    General Administration
    Deployment ManagerAccess the Deployment Manager to configure and manage LogRhythm components and functionality such as alarming and reporting
    Manage Platform ManagersUse the Platform Manager to configure properties that affect the SQL Server, the LogRhythm Alarming and Response Manager (ARM) service, the LogRhythm Job Manager service, events, configuration and licensing information, the LogRhythm Knowledge Base, and LogMart
    Manage CloudAI AccessAccess CloudAI in the Web Console
    Import and Manage Knowledge BaseImport and update Knowledge Base modules, and manage the synchronization settings
    Manage TrueIdentityManage collections of identifiers, such as logins and email addresses, that comprise a single identity
    LogRhythm API AccessAccess the LogRhythm SOAP API, the Admin API, and the Case Management API
    Manage License File ImportImport a LogRhythm license file if your evaluation period has expired, you upgrade to a version not supported by your current license, or you purchase add-on components
    Display License ReportView the LogRhythm License Report, which shows a list of licenses grouped by type, along with values for the total quantity purchased, the number assigned, and the remaining available
    Database Usage Widget (Web Console)Monitor database levels by showing the percentage of each database that is currently being used
    Component Status Widget (Web Console)See whether all components of your deployment are running without having to load the Client Console
    Processing Widget (Web Console)View charts representing the processing rates of any one of the following data sets: Log Rate, AI Engine Rate, Event Rate, Alarm Rate, and AI Engine Event Rate
    Threat Activity Map Widget (Web Console)View the geographical origin of log data in your deployment, as well as which locations are impacted by log data in your deployment. 
    Manage Case Widgets (Web Console)View the following Case Widgets in the Web Console: Case Metrics Trend, Case Trend by Status, and Case Trend by Priority.
    Manage All Cases (Web Console)View all cases in the Web Console, even when you are not a case owner or case collaborator.
  7. To return to any of the previous tabs click Back, or click OK to save the profile and close the User Profile Properties dialog box.