Manage Custom Roles

A custom role is a admin-defined role which allows Sysdig administrators to bundle a set of permissions and allocate it to one or more users or teams. This page describes how to create and use custom roles.

Custom Roles is supported only on SaaS regions. The feature is not currently available for on-prem environments.

Understand Custom Roles

Custom roles gives you the ability to provide granular access to users according to a selected list of permissions. If the Sysdig Roles don’t meet the specific needs of your organization, you can create your own custom roles. Select the permissions you want them to have based on the resource they should have the access to and bundle it together. Just like built-in Sysdig roles, you can assign custom roles to users and teams. Custom roles ensures that the users have only the permission they need and help prevent unwanted access to other resources.

Custom roles operate on concepts similar to roles-based access control system (RBAC).

Benefits of Using Custom Roles

  • Allow you to give access to a specific set of predefined dashboards to a group of users, who should not be able to view any additional data, nor change or share these dashboards.

  • Allow you to create a service account for Sysdig Secure that is not tied to a particular user but can be used to automate your CI/CD pipeline.

    • Give custom set of permissions to the CI/CD account
    • Give permission to create these accounts to a certain set of users
  • Allow you to identify the owner of a particular image so the security issue can be assigned to the actual team who owns the issue.

  • Create a team role that can only invite users but not actually manage the team.

Create a Custom Role

  1. Log in to Sysdig Monitor or Sysdig Secure as administrator and select Settings.

  2. Select Roles.

  3. Click New Role. The New Role page is displayed.

  4. Specify the following:

    • Role Name: A unique name to identify the role you create.
    • Role Description: A short explanation of the role that you have created.
    • Product: A filter that gives a fine-grained view of the product-specific features.
  5. Select the features and do one of the following:

    • From the drop-down, select one of the following: No Access, Read Only, Full Access, Custom.
    • Click Customize to provide grant granular permissions to a sub-set of features. This is an alternative to clicking Custom from the drop-down.
  6. Click Save New Role.

Assign a Custom Role to Teams

You can set up a custom role as the default user role for teams. To do so:

  1. Log in to Sysdig Monitor or Sysdig Secure as administrator and select Settings.

  2. Select Teams.

  3. Do one of the following:

    • Select the relevant team from the list of teams.
    • Click Add Team.
  4. From the Default User Role drop-down, select one of the custom role you have created.

  5. Complete creating or editing the team as given in Manage Teams and Role.

  6. Click Save.

Custom Roles and Privileges

Click Customize to view and select granular permissions for each product features. Alternatively, use the drop-down to grant read access or full access to all the privileges simultaneously.

Sysdig Monitor

Features

Privileges

Overview/Insights

  • No Access

  • Read

Dashboards

Dashboard

  • Read

  • Edits

Dashboard Metrics Data

  • Read

Explore/Metrics

Agent Console

  • View

Agent Console - Agent Status

  • Read

Agent Console - Configuration

  • View

Agent Console - Diagnostics

  • Read

Agent Console - Network Calls

  • Execute

Agent Console - Sensitive Configuration

  • View

Explore

  • Read

  • Edit

Shared Groupings with Team

  • Toggle

Alerts

Alert Events

  • Read

  • Edit

Alerts

  • Read

  • Edit

Events

Custom Events

  • Read

  • Edit

Captures/Investigate

Captures

  • View

  • Read

  • Edit

Settings

API Access Token

  • View

  • Read

  • Edit

AWS Settings

  • Read

Agent Installation

  • Read

Alert Downtimes

  • Read

Global Notification Channels

  • Read

Notification Channels

  • Read

  • Edit

Subscriptions

  • Read

Sysdig Storage

  • Read

Team Agent Console Access Toggle

  • Read

  • Edit

Team Captures Access Toggle

  • Read

  • Edit

Team Membership

  • Read

  • Edit

Teams

  • Manage

Users

  • Read

  • Create

Users List

  • Read

Integrations

Custom Integrations

  • Read

  • Edit

Infrastructure

  • Read

Integrations

  • Read

PromCat Integrations

  • Validate

  • Edit

Providers

  • Read

Spotlight

  • Read

Data Access Settings

Datastream

  • Read

Groupings

  • Read

  • Edit

Metadata

  • Read

Metrics Data

  • Read

Metrics Descriptors

  • Read

PromQL Metadata

  • Read

Sysdig Secure

Features

Privileges

Description

Scanning

Image Import

  • Edit

Scanning

  • Write

  • Read

  • Exec

Scanning Alerts

  • Read

  • Edit

Scanning Image Results

  • Read

  • Create

Scanning Policies

  • Read

  • Edit

Scanning Policy Assignments

  • Read

  • Edit

Scanning Registry Credentials

  • Read

  • Edit

Scanning Runtime

  • Edit

Scanning Scheduled Reports

  • Read

  • Edit

Scanning Trusted Images

  • Read

  • Edit

Scanning Trusted Images

  • Read

  • Edit

Scanning Untrusted Images

  • Read

  • Edit

Scanning Vulnerability Exceptions

  • Read

  • Edit

Posture

Benchmark Tasks

  • Read

  • Edit

Benchmarks

  • Read

Compliance

  • Read

Policies

Image Profiling

  • Write

  • Read

  • Exec

Policies

  • Read

  • Edit

Policiy Advisor

  • Write

  • Read

  • Exec

Network Security

Network Security

  • Read

Integrations

Providers

  • Read

Settings

API Access Token

  • View

  • Read

  • Edit

AWS Settings

  • Read

Agent Installation

  • Read

Cloud Accounts

  • Read

  • Edit

Events Forwarder

  • Read

Global Notification Channels

  • Read

Notification Channels

  • Read

  • Edit

Subscriptions

  • Read

Sysdig Secure Settings

  • Edit

Sysdig Storage

  • Read

Team Agent Console Access Toggle

  • Read

  • Edit

Team Captures Access Toggle

  • Read

  • Edit

Team Membership

  • Read

  • Edit

Teams

  • Manage

Users

  • Read

  • Create

Users List

  • Read

Captures / Investigate

Activity Audit Commands

  • Read

Captures

  • View

  • Read

  • Edit

Rapid Response

  • Exec

Data Access Settings

Groupings

  • Read

  • Edit

Metrics Data

  • Read

Metrics Descriptors

  • Read

Events

Policy Events

  • Read



Last modified May 20, 2022