User Roles and Permissions Matrix
HYAS Protect provides six distinct permission roles, each tailored to specific levels of access and responsibilities. These roles are designed to ensure users have the appropriate permissions for their tasks while maintaining a secure and efficient operational structure. Below is a brief overview of each role, followed by a detailed matrix outlining their specific capabilities and limitations.
The Partner Admin role holds the highest level of authority within the system. This role has unrestricted access to all features, including creating, editing, and managing MSSP accounts and performing actions across all child organizations. Partner Admins act as the ultimate administrators, overseeing all aspects of the system.
The MSSP Admin role is next in the hierarchy. It inherits most permissions from the Partner Admin but has certain limitations. For instance, MSSP Admins cannot create or manage other MSSP accounts. However, they maintain full access and control within their assigned MSSP scope, enabling them to manage child organizations and user accounts as necessary.
The MSSP Analyst role is more operational in nature. This role is limited to viewing and acting within assigned MSSPs. MSSP Analysts cannot manage accounts, policies, or configurations, focusing instead on day-to-day tasks like monitoring logs and alerts.
The Org Admin role operates at the organization level, with full access within the assigned organization. Unlike MSSP roles, Org Admins do not have visibility or access to MSSP-level accounts or settings. They are responsible for managing their specific organizationβs configurations and users.
The Protect Analyst role is designed for limited access. Analysts can view logs, reports, and activity data within the Protect environment but are unable to make configuration changes or manage policies. Their primary responsibility is to analyze and monitor system activity.
Finally, the Protect Executive role is tailored for high-level access, limited to reports and summaries. This role is meant for executive decision-making and does not include, detailed configurations, or operational tasks.
Permission | Partner Admin | MSSP Admin | MSSP Analyst | (Org) Admin | Protect Analyst | Protect Executive |
|---|---|---|---|---|---|---|
Create, Edit MSSPs | β | π | π | π | π | π |
Configure Policy Inheritance | β | π | π | π | π | π |
View Child Orgs | β | β | β | π | π | π |
Create, Edit Child Orgs | β | β | π | π | π | π |
Manage User Accounts | β | β | π | β | π | π |
View Blocking Mode | β | β | π - UI β - API | β | π - UI β - API | π - UI β - API |
Set Blocking Mode | β | β | π | β | π | π |
View Notification Emails | β | β | β | β | β | β |
Set Notification Emails | β | β | π | β | π | π |
View Source Networks | β | β | π - UI β - API | β | π - UI β - API | π - UI β - API |
Change Source Networks | β | β | π | β | π | π |
View SentinelOne Config | β | β | π - UI β - API | β | π - UI β - API | π - UI β - API |
Set SentinelOne Config | β | β | π | β | π | π |
View Logs | β | β | β | β | β | β |
Block from Log View | β | β | π | β | π | π |
Allow from Log View | β | β | π | β | π | π |
Block from Flyout | β | β | β | β | β | π |
Allow from Flyout | β | β | β | β | β | π |
Add Tag from Flyout | β | β | β | β | β | π |
Add Note from Flyout | β | β | β | β | β | π |
View Category | β | β | β | β | β | β |
Block/ Unblock Category | β | β | π | β | π | π |
View policy | β | β | β | β | β | β |
Create, Edit, Delete Policy | β | β | π | β | π | π |
View List | β | β | β | β | β | β |
Create, Edit, Delete Lists | β | β | π | β | π | π |
View Policy Rule | β | β | β | β | β | β |
Create, Edit, Delete Policies | β | β | π | β | π | π |
Delete alert | β | β | β | β | β | β |
Acknowledge Alert | β | β | β | β | β | β |
Configure Timezone | β | β | β | β | β | β |