User Profile Manager
User Profiles enable an administrator to group access permissions for hosts and Log Sources so they can be assigned to more than one user at a time.
Default User Profiles
The LogRhythm Global Administrator and LogRhythm Global Analyst are default system user profiles. They are automatically created by and enabled. These user profiles have access to the following:
- Entities
- Log Sources
- Data Processors
- Global AI Engine Events that Span Entities
- SecondLook
- Security Roles
New profiles can be created for the Global Administrator, Global Analyst, Restricted Administrator, Restricted Analyst, and SOAP API Service Administrator security roles. The security roles enable the administrator to assign access to specific objects within the Entity to individual users. For example, a number of Restricted Analysts can be given access to Entity A, but not access to the same Log Sources within Entity A. Restricted Analyst 1 can have access to Log Sources 1, 2, and 3 on Entity A, while Restricted Analyst 2 has access to Log Sources 4, 5, and 6 on Entity A. Note:
While users are granted access to CloudAI through the User Profile Properties dialog box in the Client Console, CloudAI data is available only through the Web Console and the CloudAI Interface. To use the CloudAI, you must purchase a license. Granting permission to the CloudAI without a license has no effect on your deployment. Contact your Customer Relationship Manager to learn more and/or to sign up for these services.
Global Administrator Security Role
The Global Administrator security role is granted access to all Entities, Data Processors, Log Sources, and SmartResponse Plugins. There can only be one Global Administrator security role.
The Global Administrator security role can be granted permission to the following:
- Case Management
- CloudAI
Global Analyst Security Role
The Global Analyst security role is granted access to all Entities, Data Processors, Log Sources, and SmartResponse Plugins.
The Global Analyst security role can be granted permission to the following:
- Case Management
- CloudAI
Restricted Administrator Security Role
The Restricted Administrator is granted access to specific Entities, Log Sources, and Data Processors. This security role can be configured with access to Global AI Engine Events or to a subset of AIE Events based on Entities and Child Entities. This enables large deployments to restrict access and provide filtering when Entity-based data segregation is enabled.
The Restricted Administrator security role has Log Source access rights applied at the following levels:
- Case Management
- Entities
- Log Sources
- Data Processors
The Restricted Administrator security role can be customized and granted permission to anything the Global Administrator security role has access to. Multiple Restricted Administrator profiles can be created, each with access to different administrative functions.
Restricted Analyst Security Role
The Restricted Analyst is granted access to specific Entities, Log Sources, and Data Processors. This security role can be configured with access to Global AI Engine Events or to a subset of AIE Events based on Entities and Child Entities. This enables large deployments to restrict access and provide filtering when Entity-based data segregation is enabled.
Enabling the Global AI Engine Event setting causes all Events on the system to be visible for that user profile.
Default Global Entity Events will be visible to all users without Data Segregation enabled on the specific rule.
A Restricted Analyst can have Log Source access rights applied at the following levels:
- Entities (and Child Entities)
- Log Sources
- Data Processors
The Restricted Analyst security role can be granted permission to the following:
- Global AI Engine Events that Span Entities
- SecondLook
- LogRhythm API
- Case Management
- CloudAI
- SmartResponse Plugins
SOAP API Service Administrator
The SOAP API Service Administrator security role is granted access to all Entities, Data Processors, Log Sources, and SmartResponse Plugins.
The SOAP API Service Administrator can be granted permission to the following:
- Case Management
- CloudAI