This article details how to use ABAC for simple use cases in Cydarm.
Prerequisites
To modify a user's access via Groups, you must be a member of the User Manager group, or the Admin group, which inherits the User Manager group's privileges.
This article assumes the user account has been created per Create a new user account.
Overview
Cydarm uses group membership based on attributes to control access to functions. This guide describes:
- Groups, their attributes and their capabilities.
- How to assign groups to users.
- Typical use cases for group "bundles" for users in a SOC.
1. Groups and their capabilities
The table below provides a summary of the attributes and their capabilities.
| Group | Capabilities Summary | Description |
| Base User | Log in. | Base level access. Can log into Cydarm but little else. This is the default for newly created users. |
| User |
View, update, create cases. Create and update playbooks. |
This is the basic analyst attribute. |
| Lead | Same as user. | Same as user, not typically used. |
| Manager |
Same as user, and case attribute administration |
In addition to the capabilities of the User attribute, can also manage cases. Can also manage configuration items such as metadata fields, tags, forms Create new metadata fields. Inherits Lead, User |
| Legal | View cases and add comments. | For legal teams to view cases and add comments. |
| Marketing | Find and read cases. | Read only access to cases. |
| Comms | Find and read cases. | Read only access to cases. |
| Risk | Find and read cases. | Read only access to cases. |
| Summary Viewer | Not currently used. | Not currently used. Same as base user. |
| User Manager | Administer user accounts. | For managing users, such as creating and updating accounts, assigning attributes to users. |
| Org Manager | Administer organisations. | For creating and managing organisations. |
| Integration Manager | Administer integration configuration. | For configuring integrations such as the email poller. |
| Information Manager | Not currently used | Not currently used. |
| Administrator | Administer users and organisations. |
Highest level of privilege within Cydarm. Inherits Org Manager, User Manager, Integration Manager groups. |
2. Assigning groups to a user
To assign groups to users, follow "Configure Group Membership" in the Create a new user account article.
3. Common group "bundles"
A number of common attribute use cases are described below.
Each User will need to be part of an Organization (which is a type of group).
Read our article on Attribute Based Access Control if you need assistance understanding attributes and group membership.
| User Profile | Recommended Groups | Description |
| Cyber Security Analyst |
|
This will allow them to view, update and create cases, as well as create and update playbooks. |
| SOC Manager |
|
If the SOC uses multiple Organisations, then the SOC Manager can optionally be given the 'org manager' attribute to allow management of organisations. |
|
IT Administrator
|
|
The Cydarm Administrator is typically the person who is responsible for configuring and managing Cydarm. This is the highest level of privilege, but without the ability to view cases and case data. |
For more detailed technical information please refer to our Cydarm API documentation.