SIR persona and role attribution
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
02-18-2025 03:55 AM
Hi All,
This is a challenge I've faced frequently when implement SIR for a customer and I was wondering if there are any 'easier' solutions than messing around with ACLs to achieve it:
- Simply put, the SIR OOTB provides for these roles: CISO / Manager / Analyst. where basically (from my understanding at least) they have very similar visibility to ALL SIRs but have varying Dashboards available to them.
The challenge is that customers often require more granular segregation of these records, here are 2 examples I came across recently:
- Customer want to have a Global SOC with visibility on everything, but then dispatching the SIRs to specific departments (Manufacturing / Commercial / IT / HR) where visibility will be limited to it's scope
- Customer want to have a Global SOC with visibility on everything, but then dispatching the SIRs to specific regions / countries (LATAM / EU / Brazil / France) where visibility will be limited to it's scope. The added complexity here is that the EU SOC would also need visibility into the EU SOC, France SOC, NL SOC etc... However France SOC should only see it's related SIRs
The 2 solutions I see are:
- Complex ACLs
- Custom roles that would be nested within each other (example: GLOBAL> contains > EU > contains > FRANCE). With these roles we can then enforce restrictions using Security Tags
Both solutions seem a bit messy to me, and particularly difficult to maintain, if anybody has met these kind of challenges, I would be interested in your feedback and knowing how you went around it?
Thanks in advance!