utmstack
Add “View-Only” User role for Dashboards, Threat Management, and Incidents
Describe the feature
Introduce a new user role with read-only (view-only) permissions, allowing users to access and review data in Dashboards, Threat Management, and Incidents modules without the ability to modify, delete, or trigger any actions.
Use Case
Enhance role-based access control (RBAC) by providing a permission level suitable for analysts, auditors, or external reviewers who need visibility into security data but should not perform operational changes.
Proposed Solution
dd a new user role, e.g., VIEW_ONLY_USER or READ_ONLY_ANALYST. • Grant the following permissions: •. View Dashboards: Full access to dashboard visualizations and metrics. • View Threat Management: Can browse alerts, investigate details, and view echoes but cannot modify states or create rules. • View Incidents: Can view incident details, timelines, and response actions, but cannot edit or close incidents. • Restrict all write actions, including: • Creating or editing incidents, alerts, or rules. • Changing alert statuses. • Deleting or tagging items.
Other Information
Expected Behavior • Users with the view-only role can navigate normally across the assigned modules but see disabled or hidden action buttons (edit, delete, tag, etc.). • Attempting restricted actions should display a permission message (e.g., “You don’t have permission to perform this action.”). • Role is fully compatible with existing authentication and authorization mechanisms.
Impact • Improves security and compliance by preventing unauthorized changes. • Enables safe sharing of platform visibility with external stakeholders or junior analysts. • Aligns with common least-privilege access best practices.
Acknowledgements
- [ ] I may be able to implement this feature request
- [ ] This feature might incur a breaking change
