Role-Based Access Control (RBAC)

The Sublime Platform's built-in roles make it easy to give everyone on your team the right level of access.

Managing Roles

When you create a new user from the Admin > Account page, you'll have the option to select a role.

To change an existing user's role, select the user in the Users table, select Actions > Edit, and update the user's role.

Roles

RoleDescription
AdminAll Sublime features.
EngineerBuild detection rules, Backtest, Hunt, investigate and remediate flagged and user reported messages, view system error notifications, and more.
AnalystInvestigate and remediate flagged and user reported messages, view system error notifications. Cannot create or modify rules, Search, Backtest, or Hunt.

The below table enumerates the Sublime Platform permissions and denotes which role contains it. A green check ✅ denotes that the permission is included in the role. A green check with an asterisk ✅* denotes that the role has the listed permission, but can only operate on resources that the current user has created themselves (e.g. an Engineer can only read API keys that were created by themselves, whereas an Admin can read API keys regardless of which user they were created by).

CategoryPermissionAdminEngineerAnalyst
Audit Logmanage_audit_log
Audit Logread_audit_log
IP Allowlistmanage_ip_allowlist
IP Allowlistread_ip_allowlist
Authenticationmanage_oidc
Authenticationread_oidc
MDM Retentionread_mdm_retention
MDM Retentionupdate_mdm_retention
Mailbox Auto-Activationread_auto_activate
Mailbox Auto-Activationupdate_auto_activate
Abuse Mailbox Settingsmanage_abuse_mailbox
Abuse Mailbox Settingsread_abuse_mailbox
API Keyscreate_api_keys✅*✅*
API Keysread_api_keys✅*✅*
API Keysdelete_api_keys✅*✅*
Userscreate_users
Usersread_users
Usersupdate_users
Usersdelete_users
Message Sourcescreate_message_sources
Message Sourcesread_message_sources
Message Sourcesupdate_message_sources
Message Sourcesdelete_message_sources
Mailboxesread_mailboxes
Mailboxesactivate_mailbox
Mailboxesdeactivate_mailbox
Rulescreate_rules
Rulesread_rules
Rulesupdate_rules
Rulesdelete_rules
Listscreate_lists
Listsread_lists✅*
Listsupdate_lists✅*
Listsdelete_lists
Actionscreate_actions
Actionsread_actions
Actionsupdate_actions
Actionsdelete_actions
Actionsassociate_rules_to_actions
Feedscreate_feeds
Feedsread_feeds
Feedsupdate_feeds
Feedsdelete_feeds
Backtestbacktest
Hunthunt
Searchsearch
Investigationaccess_message_contents
Remediationperform_actions
Error Logaccess_error_logs
Link Clicksread_link_clicks