Ransomware Resilience access roles for NetApp Console
Ransomware Resilience roles provide users access to NetApp Ransomware Resilience. Ransomware Resilience supports the following roles:
Baseline roles
-
Ransomware Resilience admin - Configure Ransomware Resilience settings; investigate and respond to encryption alerts
-
Ransomware Resilience viewer - View encryption incidents, reports, and discovery settings
User behavior activity roles
Suspicious user activity detection alerts provide visibility into data such as file activity events; these alerts include file names and file actions (such as Read, Write, Delete, Rename) performed by the user. To limit the visibility of this data, only users with these roles can manage or view these alerts.
-
Ransomware Resilience user behavior admin - Activate suspicious user activity detection, investigate and respond to suspicious user activity alerts
-
Ransomware Resilience user behavior viewer - View suspicious user activity alerts
|
|
User behavior roles are not standalone roles; they are designed to be added to Ransomware Resilience admin or viewer roles. For more information, see User behavior roles. |
Consult the following tables for detailed descriptions of each role.
Baseline roles
The following table describes the actions available to the Ransomware Resilience admin and viewer roles.
| Feature and action | Ransomware Resilience admin | Ransomware Resilience viewer |
|---|---|---|
View dashboard and all tabs |
Yes |
Yes |
On dashboard, update recommendation status |
Yes |
No |
Start free trial |
Yes |
No |
Initiate discovery of workloads |
Yes |
No |
Initiate rediscovery of workloads |
Yes |
No |
On the Protect tab: |
||
Add, modify, or delete protection plans for encryption policies |
Yes |
No |
Protect workloads |
Yes |
No |
Identify exposure to sensitive data with Data Classification |
Yes |
No |
List protection plans and details |
Yes |
Yes |
List protection groups |
Yes |
Yes |
View protection group details |
Yes |
Yes |
Create, edit, or delete protection groups |
Yes |
No |
Download data |
Yes |
Yes |
On the Alerts tab: |
||
View encryption alerts and alert details |
Yes |
Yes |
Edit encryption incident status |
Yes |
No |
Mark encryption alert for recovery |
Yes |
No |
View encryption incident details |
Yes |
Yes |
Dismiss or resolve encryption incidents |
Yes |
No |
Get full list of impacted files in encryption event |
Yes |
No |
Download encryption event alerts data |
Yes |
Yes |
Block user (with Workload Security agent configuration) |
Yes |
No |
On the Recover tab: |
||
Download impacted files from encryption event |
Yes |
No |
Restore workload from encryption event |
Yes |
No |
Download recovery data from encryption event |
Yes |
Yes |
Download reports from encryption event |
Yes |
Yes |
On the Settings tab: |
||
Add or modify backup destinations |
Yes |
No |
List backup destinations |
Yes |
Yes |
View connected SIEM targets |
Yes |
Yes |
Add or modify SIEM targets |
Yes |
No |
Configure readiness drill |
Yes |
No |
Start, reset, or edit readiness drill |
Yes |
No |
Review readiness drill status |
Yes |
Yes |
Update discovery configuration |
Yes |
No |
View discovery configuration |
Yes |
Yes |
On the Reports tab: |
||
Download reports |
Yes |
Yes |
User behavior roles
To configure suspicious user behavior settings and respond to alerts, a user must have the Ransomware Resilience user behavior admin role. To only view suspicious user behavior alerts, a user should have the Ransomware Resilience user behavior viewer role.
User behavior roles should be conferred on users with existing Ransomware Resilience admin or viewer priviliges who need access to suspicious user activity settings and alerts. A user with the Ransomware Resilience admin role, for example, should receive the Ransomware Resilience user behavior admin role to configure user activity agents and block or unblock users. The Ransomware Resilience user behavior admin role should not be conferred on a Ransomware Resilience viewer.
|
|
To activate suspicious user activity detection, you must have the Console Organization admin role. |
The following table describes the actions available to the Ransomware Resilience user behavior admin and viewer roles.
| Feature and action | Ransomware Resilience user behavior admin | Ransomware Resilience user behavior viewer |
|---|---|---|
On the Settings tab: |
||
Create, modify, or delete user activity agent |
Yes |
No |
Create or delete user directory connector |
Yes |
No |
Pause or resume data collector |
Yes |
No |
Run data breach readiness drill |
Yes |
No |
On the Protect tab: |
||
Add, modify, or delete protection plans for suspicious user behavior policies |
Yes |
No |
On the Alerts tab: |
||
View user activity alerts and alert details |
Yes |
Yes |
Edit user activity incident status |
Yes |
No |
Mark user activity alert for recovery |
Yes |
No |
View user activity incident details |
Yes |
Yes |
Dismiss or resolve user activity incidents |
Yes |
No |
Get full list of impacted files |
Yes |
Yes |
Download user activity event alerts data |
Yes |
Yes |
Block or unblock user |
Yes |
No |
On the Recover tab: |
||
Download impacted files for user activity event |
Yes |
No |
Restore workload from user activity event |
Yes |
No |
Download recovery data from user activity event |
Yes |
Yes |
Download reports from user activity event |
Yes |
Yes |