Apps - Instance permissions

Abstract

Configure Jupyter and Observability Apps (under Integrations).

Controls the ability to install, configure, and delete Jupyter Notebooks and Observability instances (SettingsConfigurationsIntegrationsApps).

Note

To use and access the apps, users need the Apps permission. For more information, see Jupyter and Observability apps permissions

Permission

Description

Role Example

None

Users cannot see the Apps page.

SOC Tier-1, 2, and 3 Analysts, and Threat Hunter: Should not manage application instances.

View

Users can view the list of available and installed apps, but cannot install, configure, or delete them.

View/Edit

Full control over the Apps page, including installing, configuring, and deleting app instances

Security Engineer: Deploy and manage applications.

Cortex SDK permission requirements for Jupyter Notebooks

When using Jupyter Notebooks with the Cortex SDK (Python SDK for Cortex XSIAM), the effective permissions are determined by the API Key configured for the Jupyter instance. The Cortex SDK authenticates with XSIAM APIs using this API key, and the key's associated RBAC role determines which data and actions are accessible within notebooks.