Skip to main content
Version: 7.2402.x.x RR

Appendix: Role to Permission Mapping

Available permissions

NameComments
APP_MANAGEMENT_READVisibility of the Application management view
APP_MANAGEMENT_PLUGIN_WRITEPermission to edit the component and plug-in management settings
APP_MANAGEMENT_GLOBAL_WRITE
APP_MANAGEMENT_FILTER_WRITEPermission to edit the filters
APP_MONITORING_READVisibility of the Application monitoring view
CASE_OVERVIEW_READVisibility of the Case overview view
CASE_WRITEPermission to be able to edit the (name/notes/tags properties) of the case
CID_READVisibility of customer identifying data (currently only the LoginId)
GENERATED_RULES_READVisibility of the Generated rules view
GENERATED_RULE_TOGGLE_ACTIVEActivate/deactivate a rule on the Generated rules view
GENERATED_RULE_WRITEPermission to edit a generated rule (action)
PLUGIN_OVERVIEW_READVisibility of the Plug-in overview view
PLUGIN_RISK_SCORE_WRITEPermission to edit a plug-in risk score configuration in the Risk score normalization view
POLICY_OVERVIEW_READVisibility of the Policy overview view
POLICY_TOGGLE_ACTIVEPermission to toggle the active policy
POLICY_WRITEPermission to edit a policy
POLICY_CREATEVisibility of the Policy creation view
REFDATA_READUsed to fill drop-downs with reference data
RISK_SCORE_NORMALIZATION_CALCULATEThe Calculate button in the Risk score normalization view
RISK_SCORE_NORMALIZATION_READVisibility of the Risk score normalization view
USER_OVERVIEW_READVisibility of the User overview view

Technical permissions

An authorized user requires technical permissions for service calls between the different nevisDetect components, especially for calls to the Persistency service from an another component.

NameComments
RUNTIME_CONFIGURATION_READPermission to read the runtime configurations, used by the Core and Feature Correlator components
CORE_UPDATEPermission to update the request statistics, used by the Core component
PLUGIN_CREATEPermission to create the plug-ins on the start-up of the Core component

Default role-to-permission mapping

The code block below shows the default role-to-permission mapping, as configured in the role-to-permission-mapping.properties file.

# permissions common to all users
# REFDATA_READ

# permissions for the application status and monitoring
# APP_MANAGEMENT_READ
# APP_MANAGEMENT_PLUGIN_WRITE
# APP_MANAGEMENT_GLOBAL_WRITE
# APP_MANAGEMENT_FILTER_WRITE

# permissions for the rules view
# GENERATED_RULES_READ
# GENERATED_RULE_WRITE
# GENERATED_RULE_TOGGLE_ACTIVE

# permissions for the case view
# CASE_OVERVIEW_READ
# CASE_WRITE

# permissions for normalization view
# RISKSCORE_NORMALIZATION_READ
# PLUGIN_RISKSCORE_READ
# PLUGIN_RISKSCORE_WRITE
# RISKSCORE_NORMALIZATION_CALCULATE

# permissions for policy view
# POLICY_OVERVIEW_READ
# POLICY_WRITE
# POLICY_CREATE
# POLICY_TOGGLE_ACTIVE

# permissions for user search view
# USER_OVERVIEW_READ
# CID_READ

# Application user permissions

# generic user, collection of permissions common to all users
DETECT_USER=\
  REFDATA_READ;\

# forensic expert: main use case is analyzing fraudulent request
DETECT_FORENSIC_EXPERT=\
  APP_MANAGEMENT_READ;\
  APP_MANAGEMENT_PLUGIN_WRITE;\
    APP_MANAGEMENT_GLOBAL_WRITE;\
    APP_MANAGEMENT_FILTER_WRITE;\
    APP_MONITORING_READ;\
    CASE_OVERVIEW_READ;\
    CASE_WRITE;\
    CID_READ;\
    GENERATED_RULES_READ;\
    GENERATED_RULE_TOGGLE_ACTIVE;\
    GENERATED_RULE_WRITE;\
    PLUGIN_OVERVIEW_READ;\
    PLUGIN_RISK_SCORE_WRITE;\
    POLICY_OVERVIEW_READ;\
    POLICY_TOGGLE_ACTIVE;\
    POLICY_WRITE;\
    POLICY_CREATE;\
    RISK_SCORE_NORMALIZATION_CALCULATE;\
    RISK_SCORE_NORMALIZATION_READ;\
    USER_OVERVIEW_READ

# security officer: main use case is configuring the normalization and the profiles
DETECT_SECURITY_OFFICER=\
  APP_MANAGEMENT_READ;\
    APP_MANAGEMENT_PLUGIN_WRITE;\
    APP_MANAGEMENT_GLOBAL_WRITE;\
    APP_MANAGEMENT_FILTER_WRITE;\
    APP_MONITORING_READ;\
    CASE_OVERVIEW_READ;\
    CASE_WRITE;\
    GENERATED_RULES_READ;\
    GENERATED_RULE_TOGGLE_ACTIVE;\
    GENERATED_RULE_WRITE;\
    PLUGIN_OVERVIEW_READ;\
    PLUGIN_RISK_SCORE_WRITE;\
    POLICY_OVERVIEW_READ;\
    POLICY_TOGGLE_ACTIVE;\
    POLICY_WRITE;\
    POLICY_CREATE;\
    RISK_SCORE_NORMALIZATION_CALCULATE;\
    RISK_SCORE_NORMALIZATION_READ;\
    USER_OVERVIEW_READ

# operator: main use is the technical configuration of the system
DETECT_OPERATOR=\
  APP_MANAGEMENT_READ;\
    APP_MANAGEMENT_PLUGIN_WRITE;\
    APP_MONITORING_READ;\
    APP_MONITORING_WRITE;\
    PLUGIN_OVERVIEW_READ;\
    RISK_SCORE_NORMALIZATION_READ

# support desk user: main use case the management of the generated rules
DETECT_HELPDESK=\
  CASE_OVERVIEW_READ;\
    CASE_WRITE;\
    GENERATED_RULES_READ;\
    GENERATED_RULE_TOGGLE_ACTIVE;\
    PLUGIN_OVERVIEW_READ;\
    POLICY_OVERVIEW_READ;\
    RISK_SCORE_NORMALIZATION_READ;\
    USER_OVERVIEW_READ;\
    CID_READ

# Technical permissions for the components
DETECT_CORE=CORE_UPDATE;RUNTIME_CONFIGURATION_READ;PLUGIN_CREATE
DETECT_FEATURE_CORRELATOR=RUNTIME_CONFIGURATION_READ