Role-Based Access Control (RBAC)
The Sublime Platform's built-in roles make it easy to give everyone on your team the right level of access.
Managing Roles
When you create a new user from the Admin > Account page, you'll have the option to select a role.
To change an existing user's role, select the user in the Users table, select Actions > Edit, and update the user's role.
Roles
Role | Description |
---|---|
Admin | All Sublime features. |
Engineer | Build detection rules, Backtest, Hunt, investigate and remediate flagged and user reported messages, view system error notifications, and more. |
Analyst | Investigate and remediate flagged and user reported messages, view system error notifications. Cannot create or modify rules, Search, Backtest, or Hunt. |
The below table enumerates the Sublime Platform permissions and denotes which role contains it. A green check ✅ denotes that the permission is included in the role. A green check with an asterisk ✅* denotes that the role has the listed permission, but can only operate on resources that the current user has created themselves (e.g. an Engineer
can only read API keys that were created by themselves, whereas an Admin
can read API keys regardless of which user they were created by).
Category | Permission | Admin | Engineer | Analyst |
---|---|---|---|---|
Audit Log | manage_audit_log | ✅ | ||
Audit Log | read_audit_log | ✅ | ||
IP Allowlist | manage_ip_allowlist | ✅ | ||
IP Allowlist | read_ip_allowlist | ✅ | ✅ | ✅ |
Authentication | manage_auth | ✅ | ||
Authentication | read_auth | ✅ | ✅ | ✅ |
MDM Retention | read_mdm_retention | ✅ | ✅ | ✅ |
MDM Retention | update_mdm_retention | ✅ | ||
Mailbox Auto-Activation | read_auto_activate | ✅ | ✅ | ✅ |
Mailbox Auto-Activation | update_auto_activate | ✅ | ||
Abuse Mailbox Settings | manage_abuse_mailbox | ✅ | ✅ | |
Abuse Mailbox Settings | read_abuse_mailbox | ✅ | ✅ | ✅ |
API Keys | create_api_keys | ✅ | ✅* | ✅* |
API Keys | read_api_keys | ✅ | ✅* | ✅* |
API Keys | delete_api_keys | ✅ | ✅* | ✅* |
Users | create_users | ✅ | ||
Users | read_users | ✅ | ✅ | ✅ |
Users | update_users | ✅ | ||
Users | delete_users | ✅ | ||
Message Sources | create_message_sources | ✅ | ||
Message Sources | read_message_sources | ✅ | ✅ | ✅ |
Message Sources | update_message_sources | ✅ | ||
Message Sources | delete_message_sources | ✅ | ||
Mailboxes | read_mailboxes | ✅ | ✅ | ✅ |
Mailboxes | activate_mailbox | ✅ | ||
Mailboxes | deactivate_mailbox | ✅ | ||
Rules | create_rules | ✅ | ✅ | |
Rules | read_rules | ✅ | ✅ | ✅ |
Rules | update_rules | ✅ | ✅ | |
Rules | delete_rules | ✅ | ✅ | |
Lists | create_lists | ✅ | ✅ | |
Lists | read_lists | ✅ | ✅ | ✅* |
Lists | update_lists | ✅ | ✅ | ✅* |
Lists | delete_lists | ✅ | ✅ | |
Actions | create_actions | ✅ | ✅ | |
Actions | read_actions | ✅ | ✅ | ✅ |
Actions | update_actions | ✅ | ✅ | |
Actions | delete_actions | ✅ | ✅ | |
Actions | associate_rules_to_actions | ✅ | ✅ | |
Feeds | create_feeds | ✅ | ✅ | |
Feeds | read_feeds | ✅ | ✅ | ✅ |
Feeds | update_feeds | ✅ | ✅ | |
Feeds | delete_feeds | ✅ | ✅ | |
Backtest | backtest | ✅ | ✅ | |
Hunt | hunt | ✅ | ✅ | |
Search | search | ✅ | ✅ | |
Investigation | access_message_contents | ✅ | ✅ | ✅ |
Remediation | perform_actions | ✅ | ✅ | ✅ |
Error Log | access_error_logs | ✅ | ✅ | ✅ |
Updated 5 months ago