Configure Access Control for Incidents
An incident is an act of violation of an organization’s explicit or implicit security policies. Incidents include threat warnings and already executed attacks. For incidents created in CFTR, the details might include sensitive information that is not appropriate for all CFTR users. Therefore, it is important for an organization to configure different access levels for different types of incidents for various CFTR users.
Use the following access types to configure the access control for incidents:
Before you Start
Ensure that you have Create/Update permissions for the following modules:
User Group Management
User Management
Configure Application Access
In CFTR, the application access defines the type of user permission to various components and features of the CFTR application. There are three types of permissions for every component and feature:
No Access: The users of a user group do not have the permission to view the component and feature in the CFTR UI.
View: The users of a user group have read-only access to the component and feature.
Create/Update: The users of a user group have access to manage the data of the component and feature.
To configure the application access for incidents, do the following:
Go to Admin Panel > User Group Management.
Select a user group and click Edit Group.
Under Module/Functionality, go to Incidents.
To configure the permissions, toggle the buttons for View and Create/Update permissions.
Click Save.
Configure Data Access
In addition to the application access, CFTR admins can also restrict user access by restricting access to other business units and locations. Admins can configure Allowed Business Units and Allowed Locations for the users in Admin Panel > User Management.
Allowed Business Units: Users can access the incident data of these business units.
Allowed Locations: Users can access the incident data of these locations.
To configure the data access to incidents for a user, do the following:
Go to Admin Panel > User Management.
Select a user and click Edit Profile.
Under Allowed Locations, add or remove locations.
Under Allowed Business Units, add or remove business units.
Click Save.
Configure Protected Incidents Access
Certain incidents might contain sensitive information that require further access control for protecting the data access. Such incidents can be marked as protected. Protected incidents are accessible to only the users of groups that have View permission to access protected incidents. To configure the access to protected incidents, do the following:
Go to Admin Panel > User Group Management.
Select a user group and click Edit Group.
Under Module/Functionality, go to Protected Incidents.
Toggle the button for View permission.
Click Save.