Case Properties permissions

Abstract

Configure Case Properties permissions under Objects.

Controls access to the following tabs from Cases (SettingsConfigurationsObject SetupCases):

  • Domains: These represent the primary classifications for cases, such as Malware, Phishing, or Network Intrusion. Each domain has a name, color, description, associated statuses, and resolution statuses.

  • Properties: Manages custom case statuses and resolution statuses. For example, New, Under Investigation, Pending, Resolved.

Caution

System-default statuses cannot be deleted, and domain names cannot be changed after creation.

Permission

Description

Roles Example

None

No access to the Domains or Properties tabs. The tabs are hidden from the Cases Object Setup navigation. The user cannot view or modify custom statuses, resolution statuses, or case domains.

SOC Tier-1 Analyst: Tier-1 analysts work within existing case structures; they do not need to see or modify case property definitions (statuses, domains).

View

Read-only access. Users can browse the domains table and see existing custom and resolution statuses.

  • SOC Tier-2 and 3 Analysts: Need visibility into case structures (what statuses exist, what domains are configured) for investigation context and proper case categorization.

  • Threat Hunter: Needs context on case structures (statuses, domains) for hunting workflows and case creation.

View/Edit

Full read/write access. Users can create up to 20 custom statuses, reorder them, and manage domain status assignments.