Integrations - instance permissions ↗
Configure Integrations - permissions when creating or editing a role (the Integrations permission is under → ).
Controls access to data collection integration instances, such as automation and feed integrations that collect and process data on the Data Sources & Integrations page ( → ). It also controls access to classifiers and mappers → → → → .
Data Sources & Integrations page
The Data Sources & Integrations page is a unified interface. Access levels are determined as follows:
Data Sources permission only: Users can view the page and manage cloud accounts (CSP), Cloud Workload Protection (CWP) instances, and Cloud Access Security (CAS) connectors.
Integrations permission only: Users can view the page and manage data collection integration instances, specifically automation and feed integrations.
Both permissions: Users have full visibility and can manage both data sources and integrations on the same page.
Note
There are two integration permissions:
Integrations (under Data Collection): Configure data collection integrations
Integration Permissions (under Integrations): Configure command permission for integrations.
Permission | Description | Roles Example |
|---|---|---|
None | Users cannot view or configure any data collection integrations, including feed and automation integrations, on the Data Sources & Integrations page. | SOC Tier-1 Analyst: Integration configuration is outside Tier-1 responsibilities. |
View | Read-only access to the Data Sources & Integrations page. Users can see integration instances, their status, configuration details, and associated classifiers/mappers. |
|
View/Edit | Full control over integration configurations. Users can create, modify, and delete integration instances, manage credentials, and configure classifiers and mappers for data ingestion. NoteUsers can view the Credentials page, but cannot edit it without the Credentials View/Edit permission. | Security Engineer: Primary responsibility for configuring integrations. |