Roles #
Roles allow you to finely control access to the Lucidum system. A role combines:
- a set of Rights for tasks in Lucidum
- a set of Field Permissions to view data that is ingested by Lucidum
Lucidum includes default roles.
You can also create custom roles to meet your needs.
Default Roles #
Lucidum includes default roles.
NOTE: Although you cannot delete or edit these default roles, you can use them as a template for new roles.
- Admin. This role allows access to all rights and all data in Lucidum and is appropriate for the users who administer Lucidum.
- API Users. This role allows access to the Lucidum API and all data in Lucidum.
- IT Operations. This role is for IT and security operations staff and includes rights that an operations user would need and access to all data in Luciudm.
- Lucidum Support (Lucidum internal role only). This is a role assigned to Lucidum support staff and includes the rights a support user would need to maintain a Lucidum system and access to all data in Lucidum.
How Do Roles Affect User Experience? #
- Rights define the actions you can perform in Lucidum.
- Field Permissions define what you can see in Lucidum.
The following sections describe how Rights and Field Permissions affect what a user can see and do in Lucidum.
Dashboards #
To view dashboards, a user must have at least one of the following Rights:
<ulstyle=”line-height: 32px;”>
- View Dashboards. Grants access to view Dashboards.
NOTE: Unless you have the Administrator role, you cannot edit dashboards created by other users.
If a user does not have Field Permissions for all fields displayed in a chart, the user will see the message “You do not have permissions required to view this chart”.
Queries #
If a user does not have Field Permissions for all fields, the Query Builder displays grayed-out fields.
Actions #
NOTE: Unless you have the Administrator role, you cannot edit actions created by other users.
If a user does not have Field Permissions for all fields in the base query, the existing action is grayed-out.
When creating an action, in Details page, in the Output Fields, users can select only fields they have Field Permissions for.
If a user does not have Field Permissions for all fields in the base query, the existing action is grayed-out.
SmartLabels #
If a user does not have Field Permissions for all fields used in a SmartLabel, Actions (edit, clone, delete) are grayed out. Mousing over an Actions icon displays the message “You are not allowed edit this SmartLabel because it contains fields you do not have access to.”
Data Sources #
When drilling down into the links in the Data Source page, if a user does not have Field Permissions for all fields displayed in the page, lock icons appear in place of the data. 
Viewing Roles #
To view the list of existing roles:
-
Navigate to Settings > User Roles.
-
The User Roles page appears:
-
The User Roles page displays the following about each role:
-
Name. Name of the role.
-
Occupants. Number of users using the role.
-
Rights. Permissions to perform different actions in Lucidum There are a total of 6 rights.
-
Asset. The number of asset fields the role allows you to view. The total number of asset fields differs depending on the data you have collected with Lucidum data connector and any Tags and Smart Labels you have created.
-
Asset IP. The number of asset-IP mapping fields the role allows you to view. The total number of asset fields is usually six (6), but differs depending on the data you have collected with Lucidum data connector and any Tags and Smart Labels you have created.
-
User. The number of users fields the role allows you to view. The total number of asset fields differs depending on the data you have collected with Lucidum data connector and any Tags and Smart Labels you have created.
-
User IP. The number of user-IP mapping fields the role allows you to view. The total number of asset fields is usually six (6), but differs depending on the data you have collected with Lucidum data connector and any Tags and Smart Labels you have created.
-
Vulnerability. The number of vulnerability fields the role allows you to view. The total number of asset fields differs depending on the data you have collected with Lucidum data connector and any Tags and Smart Labels you have created.
-
Edit (pencil icon). Edit the role.
-
Delete (trashcan icon). Delete the role. You can delete only roles that are not in use by users.
-
-
To see details about a role, click the expand (down-arrow) icon.
-
To see details about Occupants, Rights, Asset data, Asset IP data, User data, User IP data or Vulnerability data for the role, click the expand (down arrow) icon again.
Adding a Custom Role #
To add a custom role:
-
Navigate to Settings > User Roles.
-
In the User Roles page, click the plus-sign (+) in the upper right corner.
-
The Add User Role page appears.
-
In the Add User Role page, enter the following:
-
Role Name. Enter a name for the custom role.
- Select Existing Role to Compare. Optionally, you can select a role to use as a template. The Rights pane and Permissions panes display an additional column of checkboxes so you can see what is selected and unselected for the existing role.
-
Rights. Assign permissions to the custom role.
-
To assign a right, click on its checkbox .
-
To remove a right, un-click on its checkbox.
-
-
-
-
Field Permissions. You can limit the data sources that a role can access.
- To assign a field permission to a role, click on its checkbox.
-
To remove a field permission from a role, un-click its checkbox.
-
NOTE: All existing roles and new roles have Data Source Details and Data Sources selected by default. These permissions cannot be removed from a role.
-
Click Add to save the new role.
Editing a Role #
You cannot edit the name of an existing role. But you can edit the permissions and the data sources associated with an existing role.
-
Navigate to Settings > User Roles.
-
In the User Roles page, find the role you want to edit. Click its edit (pencil) icon.
-
The Edit Role page appears.
-
In the Edit Role page, you can edit one or more of the following:
-
Rights. Expand the Rights pane to add or remove rights for the role.
-
To assign a right, click on its checkbox .
-
To remove a right, un-click on its checkbox.
-
-
Field Permissions. Expand a Permissions pane to add or remove field Permissions for the role. You can edit the field Permissions for Asset, Asset-IP, User, User-IP, and Vulnerability.
-
To assign a permission, click on its checkbox.
-
To remove a permission, un-click on its checkbox.
-
-
-
Click Save (disc icon) to save changes to the role.
Deleting a Role #
To delete a role:
-
Navigate to Settings > User Roles.
-
In the User Roles page, find the role you want to delete.
< -
Click its delete (trash can) icon.
Default Roles #
Admin #
This role allows access to all rights in Lucidum and is appropriate for the users who administer Lucidum.
This role includes all rights.
This role also can view all Lucidum data for assets, assets-IPs, users, users-IPs, and vulnerabilities.
| Name | Description |
| API Operator | Grants access to interact with the API |
| View Dashboards | Grants access to view Dashboards |
| View License Settings | Grants access to view the License Settings tab |
| View Settings | Grants access to view the Settings page |
| View System Settings | Grants access to view System Settings and Tunnel Proxy Settings tabs |
| View User Management | Grants access to view the User Management Settings tab |
API Users #
This role allows access to the Lucidum API.
This role allows access to the following rights in Lucidum and is appropriate for the users who implement APIs.
This role also can view all Lucidum data for assets, assets-IPs, users, users-IPs, and vulnerabilities.
| Name | Description |
| API Operator | Access to the Lucidum API |
IT Operations #
This role is for IT and security operations staff.
This role allows access to the following rights in Lucidum and is appropriate for an operations user who needs access to all data in Luciudm.
This role also can view all Lucidum data for assets, assets-IPs, users, users-IPs, and vulnerabilities
| Name | Description |
| View Dashboards | Grants access to view Dashboards |
| View License Settings | Grants access to view the License Settings tab |
| View Settings | Grants access to view the Settings page |
| View System Settings | Grants access to view System Settings and Tunnel Proxy Settings tabs |
| View User Management | Grants access to view the User Management Settings tab |
Lucidum Support (Lucidum internal role only) #
This is a role assigned to Lucidum support staff, to maintain customer systems.
This role allows access to the following rights in Lucidum and is appropriate for Lucidum employees who maintain customer systems.
This role also can view all Lucidum data for assets, assets-IPs, users, users-IPs, and vulnerabilities.
| Name | Description |
| View Dashboards | Grants access to view Dashboards |
| View License Settings | Grants access to view the License Settings tab |
| View Settings | Grants access to view the Settings page |
| View System Settings | Grants access to view System Settings and Tunnel Proxy Settings tabs |
| View User Management | Grants access to view the User Management Settings tab |
All Rights #
The following table describes all the permissions you can assign to a role.
| Name | Description |
| API Operator | Grants access to interact with the API |
| View Dashboards | Grants access to view Dashboards |
| View License Settings | Grants access to view the License Settings tab |
| View Settings | Grants access to view the Settings page |
| View System Settings | Grants access to view System Settings and Tunnel Proxy Settings tabs |
| View User Management | Grants access to view the User Management Settings tab |
