Playbook permissions ↗
Configure playbook permissions.
Playbooks are automated response workflows. By default, the Playbooks permission is set to Disabled. To set it to Enabled, you must first set Scripts to Enabled. When you enable Playbooks, you can then set Cases and Issues to View or View/Edit.
Important
Playbooks are a prerequisite for the entire Investigation & Response workspace. You cannot set Cases and Issues to View/Edit unless Playbooks is Enabled.
Cortex XSIAM enforces least-privileged per-object access by allowing you to manage access for custom (user-defined) playbooks. For more information, see Manage access to objects.
Permission | Description | Roles Example |
|---|---|---|
Enabled | Users can browse the playbook library and are granted access depending on their per-object access and sub-permissions explained below. Some of the additional options can include:
When set to Enabled, you can grant the following additional permissions:
NotePlaybooks can only be Enabled when Scripts are Enabled first. |
|
Disabled | Cannot access the Playbooks page, view any playbook configurations, see the playbook execution status (unless they access to the issue), and access the Workplan in cases/issues. NotePlaybooks can only be Disabled after Cases and Issues (under Cases & Issues) are set to None first. |