Working with roles

Administrator Help | TRITON AP-DATA | Version 8.3.x

Administrators are added and assigned module access permissions using the TRITON Settings > Administrators option in the TRITON toolbar. In that area, you can define a Global Security Administrator with Super Administrator access to all TRITON modules (TRITON AP-WEB, TRITON AP-DATA, and TRITON AP-EMAIL), and you can assign custom permissions to other administrators. For example, you can give an administrator access to the TRITON AP-DATA module or access along with the ability to modify access permissions for other accounts.

In the TRITON AP-DATA module, you fine-tune permissions by assigning administrators roles. Roles are specific to functions performed in the TRITON AP-DATA module.

For example, one administrator may be responsible for installing and deploying system components. Another may configure and fine-tune security policies. And a third may view and respond to incident logs and reports. Each of these administrators may need access to different system functions, with only the Super Administrator requiring access to all.

This is where roles come into play. Roles define the access privileges for various administrative roles in your organization. By default, the following roles are defined:

Super Administrator - can access all configuration and management screens in the TRITON AP-DATA module with read and write privileges. This is different from Global Security Administrators who have Super Administrator privileges to all TRITON modules.

System Administrator - can access the system settings functions, the deployment options, and the Status screens. This role is designed for IT or infrastructure administrators responsible for installing and maintaining the system infrastructure.

Policy Manager - can configure policies, qualify and assign incidents.

Incident Manager - can access reports, incident details, and workflow. Manages incident handling.

Auditor - can review policies, rules, and content classifiers for regulatory compliance.

Default - default role for a new administrator. Can access only reports and the Dashboard.

Multiple Combined - has privileges from several roles combined. This role applies only to network administrators who belong to multiple user-directory groups. When such administrators log onto the TRITON Manager, the system automatically generates a custom role that unifies the roles of all their groups. Because they are system-generated, multiple combined roles are not listed on the roles screen. Administrators with this role see this role name in the toolbar when they log on.

You can edit access privileges for these default roles or you can add new roles. You can then assign a role to each of your system administrators.

Select Settings > Authorization > Roles.

The resulting screen lists all the roles that have been defined, along with the permissions set for the roles and descriptions.

Click a name to edit a role or click New to define a new role.

To delete an role, select it then click Delete.

Note that changes to roles are recorded in the audit log.