Modify User Profile Management Permissions

Restricted Administrator security roles can be customized by granting access to many administrative functions this role does not normally have access to.

On the main toolbar, click Deployment Manager.
On the Tools menu, click Administration, and then click User Profile Manager.
The User Profile Manager window appears and lists the existing User Profiles.
Click an existing user profile to select it, and then click Properties.
Click the Management Permissions tab.
Expand the fields or use the search field to find the administrative function you want to grant access to.

Select a level of access to grant.

View. The user profile can view the data and configurations but cannot make any changes.
Manage. The user profile can view and make changes to the data and configurations.

Some permissions are dependent upon each other. For example, you need access to Manage AI Engines and Manage AI Engine Rules before you can access Manage AI Engine Rule Actions. If you grant access to AI Engine Rule Actions, in this example, the others are automatically checked, as shown below.

Entities
Display/Manage Entities	Add, delete, and modify entities in the deployment
Manage Re-Organization Wizard	Use the Entities Re-organization Wizard to migrate host and network records between entities
System Monitor
Display/Manage System Monitor Agents	Manage System Monitor Lite and Pro Agents to collect and forward log data to Data Processors
Manage Data Loss Defender Policies	Configure a System Monitor agent to monitor and log the connection and disconnection of external data devices to the host computer where the Agent is running
Manage File Integrity Monitor Policies	Configure a System Monitor agent to monitor critical database and application files for unauthorized changes
Manage Real Time Integrity Monitor Policies	Configure FIM to use an event-driven model that provides real-time accuracy and enables precise user identification
Display/Manage System Monitor Configuration Policy Manager	Use policy-based management of System Monitor agents to configure how the Data Processor processes logs sent from the Agents
Manage Agent Upgrade Packages	Use the System Monitor Package Manager to schedule automatic updates for multiple System Monitors at one time
Network Monitor
Manage Network Monitors	Add, delete, and modify Network Monitors in the deployment
Log Sources
Display/Manage Log Sources	Create, modify, and manage log sources to collect data from hosts
Windows Host Wizard	Manage the Windows Host Wizard to configure LogRhythm to collect Windows Event logs
Manage Log Source Types	Create, modify, and manage log source types to classify logs that come from common hardware or have the same data format and operate under the same processing rules
Manage Automatic Log Source Configuration	Manage the existing SNMP management infrastructure to specifically identify devices on the network
Manage Log Virtualization Template Policies	Create, modify, and manage templates to consume all the available intelligence within individual log source files that contain multiple records from different sources
Manage Automatic Log Source Acceptance Rules	Create, modify, and manage rules to automatically resolve log source hosts, identify log source types, and accept log sources through the IP address of a new Log Source or through regular expression pattern matching
Data Processing
Manage Data Processors	Manage the Data Processor to control how logs are sent to the Indexer, the Indexer reads information from the EMDB, and the Client Console and Web Console issue queries about logs to the Indexer
Manage Log Processing Policies	Manage how your deployment parses, calculates, and derives information from raw log data and presents it in a way that makes it easier to analyze
Manage MPE Rules	Use the MPE Rule Builder to create rules that identify the pattern of a log and isolate interesting pieces of metadata
Manage Common Events	Use the Common Event Change Manager to make appropriate updates based on user input for common events that have been modified
Manage Applications	Use the Application Manager to define an application and its ports and protocols so that MPE rules can identify a log origin
Manage Common Event Change Manager	Control the migration of the Common Events in your affected objects (system objects with custom filters and custom objects)
Manage Data Masking Rules	Create, modify, and manage rules to control which log message have their data transformed into a more useable format or masked to hide sensitive or regulated data
Manage Global Log Processing Policies	Create, modify, and manage policies to apply Data Management settings across all Data Processors, Log Sources and Log Processing Policies to logs that meet your specific criteria
Manage Data Processor Pool Manager	Create, modify, and manage DP pools.
AI Engine
Manage AI Engines	Manage how the AI Engine receives logs, applies AI Engine rules, generates events, and provides diagnostic data
Manage AI Engine Rules	Create, modify, and manage AI Engine rules based off logs, thresholds, unique values, and behaviors
Manage AI Engine Rule Actions	Manage the actions that take place after an AI Engine rule fires
Lists and Filters
Display/Manage Lists	Create, modify, and view all lists in the deployment
Manage Composite Filters	Create, modify, and manage composite filters through the Filter Manager under the Administration menu
Search and Report
Display and Run Investigations	Access all Investigations in the deployment to view logs and events collected in near-real-time from both the Data Processor and Platform Manager Databases
Display and Run Tails	Access all Tails in the deployment to query for new logs and update your log/event list in real-time
Manage Report Templates, Reports, and Report Packages	Modify and run all Report Templates, Reports and Report Packages in the deployment as needed
Manage Scheduled Jobs for Reports	Manage recipients, subject lines, report periods, and report schedules in the Scheduled Report Job Manager
Manage SecondLook	Create and run searches to restore archived logs for the purpose of further review in LogRhythm
Monitor and Alarm
Manage Alarm Rules	Create, modify, and manage alarm rules to control which events incur alarms
Manage Alarm Rule Actions	Manage the actions that take place after an Alarm rule fires
Manage Notifications	Specify the method of Alarm notification, recipients, and information that is included, as well as throttle the number of notifications in an allotted time
Display Personal Dashboard	Configure Personal Dashboard filters and displays
Display Personal Alarms	Access Alarms from the Alarm List on the Personal Dashboard
Manage Global AI Engine Events	Manage AI Engine events that span different Entities
Display Alarm Viewer	View alarms generated by LogRhythm, track alarm history, and update alarm statuses
Automate and Orchestra
Manage Smart Response Plug-Ins	Use the SmartResponse Plugin Manager to control the execution of preventative actions when threatening activity is observed
Manage LogRhythm Case Management	Manage Cases in the Web Console
Users
Manage People and Users	Create, modify, and manage Person Records so users can log in with personal credentials
Manage User Profiles	Create, modify, and manage User Profiles to group access permissions for hosts and log sources so they can be assigned to more than one user at a time
Manage User Preferences	Manage User Preference settings
Manage Active Directory	Sync, manage, and search Active Directory users and groups
Manage Object Permissions	Set new read and write access permissions for an object (investigation, tail, list, or alarm rule) and to assign it to a new owner and/or entity
Manage Security Manager	View a list of logins for the deployment
General Administration
Deployment Manager	Access the Deployment Manager to configure and manage LogRhythm components and functionality such as alarming and reporting
Manage Platform Managers	Use the Platform Manager to configure properties that affect the SQL Server, the LogRhythm Alarming and Response Manager (ARM) service, the LogRhythm Job Manager service, events, configuration and licensing information, the LogRhythm Knowledge Base, and LogMart
Manage CloudAI Access	Access CloudAI in the Web Console
Import and Manage Knowledge Base	Import and update Knowledge Base modules, and manage the synchronization settings
Manage TrueIdentity	Manage collections of identifiers, such as logins and email addresses, that comprise a single identity
LogRhythm API Access	Access the LogRhythm SOAP API, the Admin API, and the Case Management API
Manage License File Import	Import a LogRhythm license file if your evaluation period has expired, you upgrade to a version not supported by your current license, or you purchase add-on components
Display License Report	View the LogRhythm License Report, which shows a list of licenses grouped by type, along with values for the total quantity purchased, the number assigned, and the remaining available. This also includes the License Metering Report, which displays MPS rates and overages for the period
Database Usage Widget (Web Console)	Monitor database levels by showing the percentage of each database that is currently being used
Component Status Widget (Web Console)	See whether all components of your deployment are running without having to load the Client Console
Processing Widget (Web Console)	View charts representing the processing rates of any one of the following data sets: Log Rate, AI Engine Rate, Event Rate, Alarm Rate, and AI Engine Event Rate
Threat Activity Map Widget (Web Console)	View the geographical origin of log data in your deployment, as well as which locations are impacted by log data in your deployment.
Manage Case Widgets (Web Console)	View the following Case Widgets in the Web Console: Case Metrics Trend, Case Trend by Status, and Case Trend by Priority.
Manage All Cases (Web Console)	View all cases in the Web Console, even when you are not a case owner or case collaborator.

To return to any of the previous tabs click Back, or click OK to save the profile and close the User Profile Properties dialog box.