Skip to main content
Access Control
Ali Murtaza avatar
Written by Ali Murtaza
Updated over 7 months ago

Users

To navigate to the Users page, open the Main Menu, and select Administration. Once the Administration section is displayed, select the Access Control tab at the top of the page, and then Users under that.

Main Menu > Administration > Access Control > Users

This page displays all users that have been created in the system. If other users are yet to be added, the only user displayed will be the Admin user, which cannot be deleted. On the right, Edit

and trash

icons are available, which can be used to edit and delete user’s information respectively.

On the Users page, you have several controls for viewing, sorting, and managing users. In the upper-right is a Search field that helps you search users. You can limit the number of users to be displayed on a page and you can click on any field to sort the list accordingly.

You can click the Invite User button in the upper-left corner to add a new user. By clicking on the button, a pop-up will appear, and the Authentication type, Email, Permissions, and Group fields are to be filled. Next, you can invite the user by clicking Invite.

The user’s information can be edited by clicking the Edit

icon. You have various fields available when editing a user, along with Status dropdown to Enable or Disable a user.

Groups

Risk mitigation and effective incident response require coordination among different teams. Thus, SIRP allows you to categorize different users in different departments or teams in “Groups. You can either use one of the existing groups or create your own by clicking on Create Group button, which is displayed at the top of the page.

To manage groups, go to the Main Menu and select Administration. Across the top of the page, click on Access Control, and below that Groups.

Main Menu > Administration > Access Control > Groups

Your screen should look something like this:

Roles

SIRP has four built-in roles that cannot be edited or deleted. They are:

  • Administrator

  • Manager

  • Analyst

  • Observer

To manage roles, go to the Main Menu and select Administration. Across the top of the page, click on Access Control, and below that select Roles.

Main Menu > Administration > Access Control > Roles

Your screen should look something like this:

You can also create custom roles. Simply, click on the Create Role button on the top, fill in the Name and Description fields, and select Create.

Privileges

SIRP provides the following privileges for the four built-in roles:

Administrator

User has full privileges and can access all SIRP functions.

Manager

User has full privileges except for the Administrator permissions.

Analyst

User can manage assets, incidents, vulnerabilities, threat intelligence, and risks. Create and execute playbooks and view all the data.

Observer

User can view everything, but cannot edit nor execute anything.

To access the privileges page, go to the Main Menu and select Administration. Across the top of the page, click on Access Control, and below that select Privileges.

Main Menu > Administration > Access Control > Privileges

Privileges to different roles can be assigned by clicking on the Assign Privilege button displayed at the top of the page. By clicking this button, a pop-up will appear, and the user must select a Role and use toggle buttons to assign relevant privileges. Once the privileges are selected, click on the Assign button.

Third-Party Auth

SIRP allows organizations to allow users to login using third-party authentication provider. The available authentication types include the following:

  • OpenID

  • LDAP

  • Google 2FA Authenticator

To access the third-party authentication page, go to the Main Menu and select Administration. Across the top of the page, click on Access Control, and below that select Third-Party Auth.

Main Menu > Administration > Access Control > Third-Party Auth

You can add an authentication mechanism to be used within your organization by clicking on the Add Authentication option displayed on the top of the page. A pop-up will appear. Select relevant options from the Authentication Type and Authentication Vendor dropdown fields, and press Create.

Session and Password

SIRP allows administrators to configure session and password strength settings. You can customize the following fields as per your organizational preference:

Session Management Settings:

  • Inactivity timeout (minutes): Idle time before a user gets logged-out.

  • Absolute timeout (minutes): Duration after which users will be auto-logged-out forcefully.

Did this answer your question?