Roles installed with Security Incident Response

Security Incident Response adds the following roles.
Table 1. Roles for Security Incident Response
Role title [name] Description Contains roles
security admin

[sn_si.admin]

Full control over all Security Incident Response data. Also administers territories and skills, as needed.
Note: In the base system, the administrator also has access to sn_si.admin. Security Incident Response can be restricted from the administrator as long as at least one other user is assigned the security administrator role.
  • catalog_admin
  • skill_admin
  • skill_model_admin
  • sn_si.analyst
  • sn_si.manager
  • sn_si.knowledge_admin
  • sn_si.manager
  • template_admin
  • template_editor_global
  • territory_admin
  • treemap_admin
  • user_admin
security analyst

[sn_si.analyst]

Tier 1 and 2 security analysts work on security incidents. They can create and update security incidents, requests, and tasks, as well as problems, changes, and outages related to their incidents.
  • sn_si.basic
  • sn_vul.vulnerability_read (if the Vulnerability Response plugin is activated)
security basic

[sn_si.basic]

Underlying role for basic Security access. Users with this role can create and update security incidents, requests, and tasks, as well as problems, changes, and outages related to their incidents.
  • document_management_user
  • grc_user (if the GRC:Risk plugin is activated)
  • inventory_user
  • pa_viewer
  • service_fullfiller
  • skill_user
  • sn_si.read
  • task_activity_writer
  • task_editor
  • treemap_user
ciso

[sn_si.ciso]

View and manipulate the CISO dashboard. Also, if the Vulnerability Response plugin is activated, users with this role can add vulnerability significance definition treemaps to the dashboard.
  • pa_viewer
  • sn_si.read
external

[sn_si.external]

External users can view tasks assigned to them.
  • service_fulfiller
integration user

[sn_si.integration_user]

External tools can provide new security incident records and update security incident records.
  • import_transformer
knowledge admin

[sn_si.knowledge_admin]

Manage, update, and delete the information in the Security Incident knowledge base.
  • knowledge_admin
manager

[sn_si.manager]

Same access as security analysts, with the additional ability to adjust the members of assignment groups.
  • sn_si.basic
read

[sn_si.read]

Read security incidents.
  • grc_compliance_reader (if the GRC:Risk plugin is activated)