Role-Based Access Control (RBAC)

The Sublime Platform's built-in roles make it easy to give everyone on your team the right level of access.

Managing Roles

When you create a new user from the Admin > Account page, you'll have the option to select a role.

To change an existing user's role, select the user in the Users table, select Actions > Edit, and update the user's role.

Roles

Role

Description

Admin

All Sublime features.

Engineer

Build detection rules, Backtest, Hunt, investigate and remediate flagged and user reported messages, and more.

Analyst

Investigate and remediate flagged and user reported messages. Cannot create or modify rules, Search, Backtest, or Hunt.

The below table enumerates the Sublime Platform permissions and denotes which role contains it. A green check ✅ denotes that the permission is included in the role. A green check with an asterisk ✅* denotes that the role has the listed permission, but can only operate on resources that the current user has created themselves (e.g. an Engineer can only read API keys that were created by themselves, whereas an Admin can read API keys regardless of which user they were created by).

Category

Permission

Admin

Engineer

Analyst

Audit Log

manage_audit_log

Audit Log

read_audit_log

IP Allowlist

manage_ip_allowlist

IP Allowlist

read_ip_allowlist

Authentication

manage_oidc

Authentication

read_oidc

MDM Retention

read_mdm_retention

MDM Retention

update_mdm_retention

Mailbox Auto-Activation

read_auto_activate

Mailbox Auto-Activation

update_auto_activate

Abuse Mailbox Settings

manage_abuse_mailbox

Abuse Mailbox Settings

read_abuse_mailbox

API Keys

create_api_keys

✅*

✅*

API Keys

read_api_keys

✅*

✅*

API Keys

delete_api_keys

✅*

✅*

Users

create_users

Users

read_users

Users

update_users

Users

delete_users

Message Sources

create_message_sources

Message Sources

read_message_sources

Message Sources

update_message_sources

Message Sources

delete_message_sources

Mailboxes

read_mailboxes

Mailboxes

activate_mailbox

Mailboxes

deactivate_mailbox

Rules

create_rules

Rules

read_rules

Rules

update_rules

Rules

delete_rules

Lists

create_lists

Lists

read_lists

✅*

Lists

update_lists

✅*

Lists

delete_lists

Actions

create_actions

Actions

read_actions

Actions

update_actions

Actions

delete_actions

Actions

associate_rules_to_actions

Feeds

create_feeds

Feeds

read_feeds

Feeds

update_feeds

Feeds

delete_feeds

Backtest

backtest

Hunt

hunt

Search

search

Investigation

access_message_contents

Remediation

perform_actions