Exception Management Admin permissions ↗
Exception Management Admin controls access to the Exception Rules tab on the Issue Exclusions and Exceptions page under → . Exception rules differ from exclusion rules in that they define conditions under which issues are flagged as exceptions that may require approval before being acted upon, rather than being silently suppressed.
Note
Requires Issue Exclusions permission (at least View) to access the page. Without Issue Exclusions, the entire page is hidden.
Permission | Description | Roles Example |
|---|---|---|
None | No access to the Exceptions Rules tab on the All Issue Exception & Exclusion Rules page. | SOC Tier-1 Analyst: Should escalate false positives rather than create an exception. |
View | Read-only access to the Exception Rules tab on theAll Issue Exception & Exclusion Rules page. Users can browse Exception Rules, view rule details including BIOC indicator definitions, and filter/search the exception rules grid, but cannot create, edit, or delete exception rules. | SOC Tier-2 Analyst and Threat Hunter: Should reference existing exceptions during investigations or understand filtered activity. |
View/Edit | Read and write access to the Exception Rules tab on theAll Issue Exception & Exclusion Rules page, including creating, editing, and deleting Exception Rules. |
|
Required and recommended permissions
Consider adding the following permissions:
Permission | Permission Level | Reason |
|---|---|---|
Cases & Issues | View | Exception rules are based on issue attributes. Without alert visibility, users cannot understand the context of what is being excepted. Required. |
Issue Exclusions | View or View/Edit |
|