Thank you for your feedback.
Form temporarily unavailable. Please try again or contact to submit your comments.
  • Madrid
  • London
  • Kingston
  • Jakarta
  • Istanbul
  • Helsinki
  • Geneva
  • Store

Lock down security administration (optional)

Log in to subscribe to topics and get notified when content changes.

Lock down security administration (optional)

To protect investigations and keep security incidents private, you can restrict Security Incident Response access to security-specific roles and ACLs. Non-security administrators can be restricted from access, unless you expressly allow them entry.

Before you begin

When the Security Incident Response application is activated, the System Administrator user is granted the sn_si.admin role by default. The System Administrator is the only administrator who can set up security groups and users.

A security role is required to have access to Security Incident Response features and records.

Role required: sn_si.admin


  1. After the Security Incident Response plugin has been activated, a user with the admin role assigns the Scoped Admin (sn_si.admin) role to at least one user.
  2. The user with the admin role changes to the Security Incident scope.
  3. Navigate to System Applications > Applications.
  4. Click Downloads.
  5. Type security in the Search applications field.
    System applications
  6. Click Security Incident.
  7. Scroll down to the Related Links and click Remove from the role contained by admin.
  8. Log out and log back in.
    The admin user cannot access the Security Incident Response application.