mirror of
https://github.com/Security-Onion-Solutions/securityonion.git
synced 2025-12-09 02:32:46 +01:00
23 lines
1.2 KiB
Plaintext
23 lines
1.2 KiB
Plaintext
# Define custom business role mappings, or remove mappings that come with
|
|
# the default SOC deployment.
|
|
#
|
|
# IMPORTANT: This file should be copied from the salt/default tree into
|
|
# the salt/local tree (preserving the same directory structure).
|
|
# Failure to do this will result in the customizations being
|
|
# overwritten on future upgrades.
|
|
#
|
|
# Syntax => prebuiltRoleX: customRoleY: op
|
|
# Explanation => roleY and roleZ are adjusted permissions of roleX, op is:
|
|
# + add the new permissions/role mappings (default)
|
|
# - remove existing "explicit" prebuilt permissions. This
|
|
# does not work with implictly inherited permissions.
|
|
#
|
|
# In the example below, we will define two new roles for segregating
|
|
# analysts into two regions. Then we will remove the ability for all
|
|
# analysts to see the roles of other analysts. (Seperately we will need to
|
|
# define these two new roles in Elasticsearch so that each analyst region
|
|
# can only see data from their specific region's indices, but that is out
|
|
# of scope from this file.)
|
|
#
|
|
# analyst: westcoast_analyst, eastcoast_analyst
|
|
# roles/read: user-monitor:- |