Skip to main content

Role Capabilities

You can assign any of the following capabilities when you create roles.

Data Management

CapabilityDescription
Manage connectionsManage the connections that allow you to send alerts to other tools.
Manage CollectorsInstall and manage and Installed/Hosted Collectors and Sources. Manage permission automatically includes view permission.
Manage Ingest BudgetsManage ingest budgets. Enabling this will automatically enable the Manage Collectors capability. The Manage Collectors capability on its own permits the re-assignment of budgets to different Collectors, but not creating or deleting them.
Manage data volume feedEnable and manage the data volume index for your account to avoid using On-Demand Capacity, and to determine when you need to upgrade your account.
View CollectorsView Collectors and Sources that have already been installed or added.
View fieldsView fields, which are custom metadata fields you can assign to logs.
Manage fieldsManage fields, which are custom metadata fields you can assign to logs.

Note that if you grant a role the Manage Fields capability, users with that role will also have the View Fields and View field extraction rules capabilities.

View field extraction rulesView field extraction rules, which speed the search process by automatically parsing fields as log messages are ingested.
Manage field extraction rulesManage field extractions, which speed the search process by automatically parsing fields as log messages are ingested.

Note that if you grant a role the Manage field extraction rules capability, users with that role will also have the Manage Fields, View Fields, and View field extraction rules capabilities.

View PartitionsView Partitions.
Manage PartitionsView, create, edit, and delete Partitions.

Note that if you grant a role the Manage Partitions capability, users with that role will also have View Partitions and Manage S3 data forwarding capabilities.

View Scheduled ViewsView Scheduled Views.
Manage Scheduled ViewsView, create, edit, and delete Scheduled Views. Note that if you grant a role the Manage Schedule View capability, users with that role will also have View Scheduled View capabilities.
Manage S3 data forwardingManage S3 data forwarding from Sumo Logic to an S3 bucket.
Manage ContentManage the content for your organization. This provides access to Admin Mode in the Library.
Manage TokensManage Installation Tokens.
View Account OverviewView the Account Overview page.
View ParsersView Parsers.
Download Search ResultsExport log query results to a .csv file.

Metrics

CapabilityDescription
Manage Logs-to-MetricsCreate, edit, or delete Logs-to-Metrics rules.
Manage Metrics Transformation RulesCreate, edit, or delete Metrics Transformation rules.
Manage Metric RulesCreate, edit, or delete Metric Rules.

Security

CapabilityDescription
Manage password policySet the password policy for your Sumo Logic account.
Allowlist IP addressesExplicitly grant access to specific IP addresses or address ranges.
Create access keysAllows users to create their own access keys on the Preferences page.
Manage access keysSet up, activate, deactivate, or delete access keys for your organization.
Manage support account accessEnable management of the Sumo Logic support account for your organization.
Manage audit data feed.Enable and manage the Audit Index, which provides information on the internal events that occur in your account associated with account management, user activity, and scheduled searches.
Manage SAMLProvision and manage SAML for single sign-on to your Sumo Logic accounts.
Manage Share dashboards outside of the organizationShare a dashboard with users who don't have access to Sumo Logic.
Manage organization settingsUsers with this capability can configure a concurrent user sessions limit and enable the Data Access Level for Shared Dashboards security policy.
Change Data Access LevelUsers with this capability can change the data access level of dashboards or scheduled searches to which they have edit or manage permission.

Dashboards

CapabilityDescription
Share dashboards with the allowlistShare dashboards in view-only mode with no login required. Viewers must be connecting from IP addresses specified in your service allowlist.
Share dashboards with the worldShare dashboards in view-only mode with no login required. Anyone with the URL can view the dashboard without logging in.

User Management

CapabilityDescription
Manage users and rolesAccess the web app pages to manage users and roles.

Alerts

Folder-level permissions are available if your org has fine-grained Monitor permissions enabled. If you'd like to use this feature, contact Sumo Logic Support to have it enabled.

CapabilityDescription
View MonitorsView Monitors.

If Monitor folder permissions are enabled for your org, users with this capability can view folders on the Monitors page to which they've been granted View access, and the Monitors contained in those folders.

Manage MonitorsA user with this capability can create new folders and Monitors, and grant other roles permissions to the folders they create.

If Monitor folder permissions are enabled for your org, users with this capability can also create, edit, delete, update and grant permissions to folders to which another user has granted them those permissions.

View AlertsView Alerts on the Alerts page.
Admin MonitorsIf Monitor folder permissions are enabled for your org, users with this capability have full access (Create, Edit, Delete, Update, and grant permissions) to ALL folders and monitors on the Monitors page. This is similar to the Content Administrator capability of the Content Library.

Organizations

CapabilityDescription
View OrganizationsView the Organizations UI.
Create OrganizationsCreate and provision child organizations.
Change Credits AllocationChange the credits allocation for a child organization.
Create Trial OrganizationsCreate trial organizations. (For Sumo Logic Service Providers only.)
Upgrade Trial OrganizationsUpgrade trial organizations. (For Sumo Logic Service Providers only.)
Deactivate OrganizationsDeactivate trial organizations. (For Sumo Logic Service Providers only.)

Cloud SIEM Enterprise

Cloud SIEM Enterprise (CSE) capabilities only appear in the Roles UI if CSE has been enabled for your account.

CapabilityDescription
View Cloud SIEM EnterpriseUsers with a role that grants this capability will see a "Cloud SIEM Enterprise" link in the left-nav bar of the Sumo Logic UI. When a user clicks on the link, the CSE Heads-Up Display (HUD) will open.
Comment on InsightsAdd comments to Insights.
Create InsightsCreate Insights.
Delete InsightsDelete Insights.
Invoke Insights ActionsChoose and run an Action from the Actions menu for an Insight.
Manage Insight AssigneeChange the user that is assigned to an Insights.
Manage Insight SignalsAdd Signals to Insights; remove Signals from Insights.
Manage Insight StatusChange the status of an Insights.
Manage Insight TagsAdd and delete tags assigned to Insights.
View RulesView CSE rules.
Manage RulesCreate, edit, and delete CSE rules.
View Threat IntelligenceView threat intel sources in CSE.
Manage Threat IntelligenceCreate, edit, and delete threat intel sources.
View Match ListsView Match Lists.
Manage Match ListsCreate, edit, and delete Match Lists.
View File AnalysisView file analysis (YARA) rules.
Manage File AnalysisCreate, edit, and delete file analysis (YARA) rules.
View Custom InsightsView custom Insight configurations.
Manage Custom InsightsCreate, edit, and delete custom Insight configurations.
View Network BlocksView network blocks.
Manage Network BlocksCreate, edit, and delete network blocks.
View Suppressed EntitiesView Suppressed Entities.
Manage Suppressed EntitiesSuppress and unsuppress Entities.
View MappingsView log mappings and ingest mappings.
Manage MappingsCreate, edit, and delete log mappings and ingest mappings.
View WorkflowView Insight detection settings, custom Insight statuses and resolutions, and tag schemas.
Manage WorkflowCreate, edit, and delete Insight detection settings, custom Insight statuses and resolutions, and tag schemas.
View Context ActionsView Context Actions.
Manage Context ActionsCreate, edit, and delete Context Actions.
Manage ActionsView, create, edit, and delete Actions.
View EnrichmentsView Enrichments.
Manage EnrichmentsUpload Insight, Signal, and Entity enrichments using the CSE API.
View Custom Entity TypesView custom Entity types.
Manage Custom Entity TypesCreate, edit, and delete custom Entity types.
View Entity NormalizationView the configurations on CSE’s Domain Normalization page.
Manage Entity NormalizationUpdate the configurations on CSE’s Domain Normalization page.
View Entity CriticalityView Entity Criticalities.
Manage Entity CriticalityCreate, edit, and delete Entity Criticalities.
View Tag SchemasView tag schemas.
Manage Tag SchemasCreate, edit, and delete schema key tags, which can be attached to Insights, Signals, Entities, and Rules.
Manage Favorite FieldsAdd and remove favorite fields by clicking the star icon next to the fields in CSE Records.
View Entity GroupsView Entity Groups.
Manage Entity GroupsCreate, edit, and delete Entity Groups.
Sumo Logic YouTubeSumo Logic Twitter
Legal
Privacy Statement
Terms of Use

Copyright © 2022 by Sumo Logic, Inc.