File Integrity Monitoring User Roles and Permissions
FIM has 4 OOTB (Out-of-the-box) roles for users:
- FIM Manager: The manager role has all the default permissions of FIM, and can create and grant permissions to other users. They have all the privileges and access to all functionalities.
- FIM Author: The author role has limited developmental permissions, such as create, update, and download. This role also has all the view-only permissions.
- FIM Auditor: The auditor has the view-only permission along with the download permission.
- FIM Analyst: The analyst has all the permissions as the manager except the delete permissions.
User Roles Comparison
The FIM module has several permissions that are assigned to the user roles. The following table compares these permissions granted to the default user roles for FIM:
| Default Permissions | Description | Default Roles | |||
|---|---|---|---|---|---|
| Manager | Author | Auditor | Analyst | ||
| FIM UI Permission | General UI Access |  |
|
|
|
| Dashboard permissions | Create and Update dashboard | |
|
N | |
| Delete dashboard | |
N | N | N | |
| Print dashboard | |
|
|
|
|
| Events permissions | View and download events | |
|
|
|
| Ignore and white-list events | |
N | N | |
|
| Event insights access | |
|
N | |
|
| Incidents permissions | View and download incidents | |
|
|
|
| Create and update incidents | |
|
N | |
|
| Review and reopen incidents |
Note: You can review an incident when you are one of the reviewers and have review access. |
N | N | |
|
| Delete incidents |
Note: You can delete an incident only when you are a FIM user who is one of the reviewers of the incident and has incident deletion permission. |
N | N | N | |
| Correlation Rules permissions | Create and Update correlation rules | |
|
N | |
| View correlation rules | |
|
|
|
|
| Delete correlation rules | |
N | N | N | |
| Activate and Deactivate correlation rules | |
N | N | |
|
| Reports Permission | View, and download reports | |
|
|
|
| Create reports | |
|
N | |
|
| Delete reports | |
N | N | N | |
| Report rules permissions | Create and download report rules | |
|
N | |
| View report rules | |
|
|
|
|
| Update, schedule, resume, and pause report rules | |
N | N | |
|
| Delete report rules | |
N | N | N | |
| Profile Permissions | Create, update, link, and assign profiles | |
|
N | |
| View and download profiles | |
|
|
|
|
| Delete profiles | |
N | N | N | |
| Activate and deactivate profiles | |
N | N | |
|
| Profile library permissions | View and download profile library | |
|
|
|
| Import profile library | |
|
N | |
|
| Assets permissions | View and download assets | |
|
|
|
| Responses (alerting) permissions | Access alerts | |
|
|
|
| Create and edit alerts | |
|
N | |
|
| Delete alerts | |
N | N | N | |
| Responses (alerting rules) permissions | Create and edit alerting rules | |
|
N | |
| Delete alerting rules | |
N | N | N | |