- 27 Jul 2021
- 2 Minutes to read
- Contributors
- Print
- PDF
Data Permissions
- Updated on 27 Jul 2021
- 2 Minutes to read
- Contributors
- Print
- PDF
Manage access rights to data with permissions set against User Groups. Users will only see results on dashboards that meet the criteria of their stacked permissions across all of their assigned User Groups.
Permissions can be set against user groups in two different ways that depend on the type of data:
- Session data
- Capture (or per packet intel) data
Session Data - Metadata Permissions
Access to session data is managed using metadata permissions. We use metadata keys as inclusionary filters to ensure that users only see what they are scoped to see:
- Multiple values within a metadata category are OR
- Different metadata categories are AND
- For example: (Region = east or central) AND (provider = Rogers)
These restrictions will be applied without knowledge to the end user based on their user group affiliation.
Note: Access to session data is NOT restrictive by default, so a lack of permissions based on metadata equates to no restriciton, and full access to session data.
To provision session metadata the admin will go to the user groups tab and either create a new user group or select an existing one and click on the Metadata Permissions tab in the sidebar. There they can click the + button to search for and add the metadata keys/values that they would like to provision.
Once selected, the permissions will be listed in the sidebar and the admin can click the checkmark to finalize the permissions on the user group. Once the permissions have been provisioned, all users in the user group will have those permissions.
Note: users can belong to multiple user groups and as such, gain all permissions granted on the groups to which they belong.
Capture Data Permissions
For capture or per-packet intel data, permissions can be set based on:
- Applications
- Zones
- Capture sensor device
Note: Capture permissions are mandatory for access to data meaning no permissions results in no data access. This is due to the potential sensitive nature of the data.
Like metadata permissions, once added to a user group that has a permission on it they only have the permissions granted to them by the group.
In the same place as with metadata permissions an admin can add capture data permissions to a user group. Clicking the + button will open up the search pane where the admin can find the capture permissions to add.
As seen in the above image once the zone is chosen it will appear in the list of permissions. The admin can then click the checkmark button to save the permissions to the user group.
To enable access to all capture data, simple select the enable capture data permissions and do not enter any restrictions.
© 2024 Cisco and/or its affiliates. All rights reserved.
For more information about trademarks, please visit: Cisco trademarks
For more information about legal terms, please visit: Cisco legal terms
For legal information about Accedian Skylight products, please visit: Accedian legal terms and tradmarks