Help Center/ SecMaster/ User Guide/ Permissions Management/ SecMaster Permissions and Supported Actions
Updated on 2025-06-25 GMT+08:00
View PDF

SecMaster Permissions and Supported Actions

This topic describes fine-grained permissions management for your SecMaster. If your account does not need individual IAM users, then you may skip over this section.

By default, new IAM users do not have any permissions assigned. You need to add a user to one or more groups, and assign permissions policies to these groups. Users inherit permissions from the groups to which they are added. After authorization, the user can perform specified operations on cloud services based on the permissions.

You can grant users permissions by using roles and policies. Roles: A type of coarse-grained authorization mechanism that defines permissions related to user responsibilities. Policies: A type of fine-grained authorization mechanism that defines permissions required to perform operations on specific cloud resources under certain conditions.

Limitations and Constraints

All actions supported by SecMaster support only IAM projects but not enterprise projects.

Supported Actions

SecMaster provides system-defined policies that can be directly used in IAM. You can also create custom policies and use them to supplement system-defined policies, implementing more refined access control.

  • Permission: A statement in a policy that allows or denies certain operations.
  • Action: Specific operations that are allowed or denied.
Table 1 Read-only permissions supported

Permission

Action

Obtaining a playbook version

secmaster:playbook:getVersion

Obtaining indicator details

secmaster:indicator:get

Obtaining the resource import template

secmaster:resource:getTemplate

Querying alert model details

secmaster:alertRule:get

Querying instance topology details

secmaster:playbook:getInstanceTopology

Querying data class details

secmaster:dataclass:get

Obtaining asset connection details

secmaster:connection:get

Obtaining playbooks statistics

secmaster:playbook:getStatistics

Exporting indicators

secmaster:indicator:export

Obtaining mapping information

secmaster:mapping:getMapper

Viewing a report

secmaster:report:get

Querying data pipeline details

secmaster:pipe:get

Querying alert details

secmaster:alert:get

Exporting emergent vulnerabilities

secmaster:emergencyVulnerability:export

Querying table details

secmaster:table:get

Viewing indicator results

secmaster:metric:getResult

Obtaining the category mapping data source

secmaster:mapping:getDatasource

Querying instance details

secmaster:playbook:getInstance

Obtaining incident details

secmaster:incident:get

Obtaining workspace details

secmaster:workspace:get

Download an indicator template

secmaster:indicator:downloadTemplate

Obtaining workflow details

secmaster:workflow:get

Obtaining page details

secmaster:layout:getWizard

Obtaining vulnerability group details

secmaster:vulnerability:getGroup

Obtaining playbooks operation monitoring data

secmaster:playbook:getMonitor

Obtaining field details

secmaster:dataclass:getField

Obtaining type details

secmaster:dataclass:getType

Obtaining the to-do list details

secmaster:task:get

Querying data space details

secmaster:dataspace:get

Querying the indicator list

secmaster:indicator:list

Querying a layout

secmaster:layout:get

Obtaining playbook details

secmaster:playbook:get

Viewing agencies

secmaster:agency:get

Viewing the subscribed version

secmaster:subscription:getVersion

Obtaining layout field details

secmaster:layout:getField

Querying search criteria details

secmaster:searchCondition:get

Exporting playbooks

secmaster:playbook:export

Querying the data pipeline consumption

secmaster:pipe:getConsumption

Obtaining workflow version details

secmaster:workflow:getVersion

Querying workflow instance topology

secmaster:workflow:getInstance

Querying the data pipeline index

secmaster:pipe:getIndex

Querying alert template details

secmaster:alertRuleTemplate:get

Obtaining category information

secmaster:mapping:getClassifier

Viewing resource statistics

secmaster:resource:getStatistics

Querying alert types

secmaster:alert:listTypes

Searching for an alert list

secmaster:alert:list

Querying the table overview

secmaster:table:listMetrics

Listing emergency vulnerabilities

secmaster:emergencyVulnerability:list

Listing resources

secmaster:resource:list

Searching for an incident list

secmaster:incident:list

Querying the data distribution histogram

secmaster:search:listHistograms

Listing the indicator hits results

secmaster:metric:listHits

Querying alert models

secmaster:alertRule:list

Obtaining the category mapping function

secmaster:mapping:listFunctions

Querying the alert type list

secmaster:alert:listCategories

Obtaining a playbook version list

secmaster:playbook:listVersions

Querying an alert model overview

secmaster:alertRule:listMetrics

Querying the layout list

secmaster:layout:list

Listing indicator results

secmaster:metric:listResults

Obtaining the layout field list

secmaster:layout:listFields

Querying the incident category list

secmaster:incident:listCategories

Obtaining data class list details

secmaster:dataclass:list

Querying the indicator type list

secmaster:indicator:listTypes

Converting an alert into an incident

secmaster:alert:batchOrders

Querying the directory list

secmaster:catalogue:list

Obtaining the workflow version list

secmaster:workflow:listVersions

Querying the workspace list

secmaster:workspace:list

Querying data

secmaster:search:listLogs

Listing reports

secmaster:report:list

Querying the field list

secmaster:dataclass:listFields

Querying the search criteria list

secmaster:searchCondition:list

Querying data pipelines

secmaster:pipe:list

Querying the mapping list

secmaster:mapping:listMappers

Querying the vulnerability type list

secmaster:vulnerability:listType

Querying the type list

secmaster:dataclass:listTypes

Querying the asset connection list

secmaster:connection:list

Querying the vulnerability group list

secmaster:vulnerability:listGroup

Querying the workflow list

secmaster:workflow:list

Querying the review list

secmaster:playbook:listApproves

Querying the audit log list of an instance

secmaster:playbook:getInstanceAuditlog

Querying an alert template

secmaster:alertRuleTemplate:list

Searching for a category mapping list

secmaster:mapping:list

Querying the to-do list

secmaster:task:list

Querying the instance list

secmaster:playbook:listInstances

Querying the data space list

secmaster:dataspace:list

Querying a table

secmaster:table:list

Querying the alert template overview

secmaster:alertRuleTemplate:listMetrics

Searching the object mapping list

secmaster:dataobject:listRelation

Obtaining the layout type list

secmaster:layout:listBusinessTypes

Obtaining the playbook list

secmaster:playbook:list

Obtaining the incident type list

secmaster:incident:listTypes

Obtaining a page

secmaster:layout:listWizards

Exporting the vulnerability group list

secmaster:vulnerability:exportGroup
Table 2 Write permissions supported

Permission

Action

Deleting a page

secmaster:layout:deleteWizard

Deleting a data table

secmaster:table:delete

Creating a yearly/monthly order

secmaster:subscription:createPrePaidOrder

Creating a table

secmaster:table:create

Enabling an alert model

secmaster:alertRule:enable

Importing a playbook

secmaster:playbook:import

Disabling an alert model

secmaster:alertRule:disable

Operating a workflow instance

secmaster:workflow:operateInstance

Deleting an incident

secmaster:incident:delete

Updating an asset connection

secmaster:connection:update

Analyzing execution

secmaster:search:createAnalysis

Creating object relations

secmaster:dataobject:createRelation

Deleting fields

secmaster:dataclass:deleteField

Creating an incident

secmaster:incident:create

Updating a data class

secmaster:dataclass:update

Cloning a playbook version

secmaster:playbook:copyVersion

Creating an indicator

secmaster:indicator:create

Modifying a table

secmaster:table:update

Updating an indicator

secmaster:indicator:update

Operating a playbook instance

secmaster:playbook:operateInstance

Updating categories

secmaster:mapping:updateClassifier

Deleting a workflow

secmaster:workflow:delete

Deleting a data pipeline

secmaster:pipe:delete

Deleting an object relation

secmaster:dataobject:deleteRelation

Deleting a data space

secmaster:dataspace:delete

Creating a workflow version

secmaster:workflow:createVersion

Deleting a workspace

secmaster:workspace:delete

Deleting an alert type

secmaster:alert:deleteType

Deleting search criteria

secmaster:searchCondition:delete

Importing resources

secmaster:resource:import

Updating layout fields

secmaster:layout:updateField

Creating data spaces

secmaster:dataspace:create

Modifying a vulnerability type

secmaster:vulnerability:updateType

Setting the emergency vulnerability read status

secmaster:emergencyVulnerability:updateReadStatus

Updating a page

secmaster:layout:updateWizard

Updating a data space

secmaster:dataspace:update

Creating a report

secmaster:report:create

Creating a page

secmaster:layout:createWizard

Creating fields

secmaster:dataclass:createField

Creating search criteria

secmaster:searchCondition:create

Creating a workspace

secmaster:workspace:create

Deleting an indicator

secmaster:indicator:delete

Updating fields

secmaster:dataclass:updateField

Deleting layout fields

secmaster:layout:deleteField

Updating data pipelines

secmaster:pipe:update

Creating a playbook

secmaster:playbook:create

Deleting the data pipeline consumption

secmaster:pipe:deleteConsumption

Updating an incident

secmaster:incident:update

Modifying an alert model

secmaster:alertRule:update

Reviewing a workflow version

secmaster:workflow:approveVersion

Deleting an asset connection

secmaster:connection:delete

Deleting categories

secmaster:mapping:deleteClassifier

Enabling or disabling an alert type

secmaster:alert:enableType

Modifying an incident type

secmaster:incident:updateType

Updating a workspace

secmaster:workspace:update

Deleting a layout

secmaster:layout:delete

Deleting an incident type

secmaster:incident:deleteType

Review playbooks

secmaster:playbook:approve

Updating the data pipeline index

secmaster:pipe:updateIndex

Creating a pipeline

secmaster:pipe:create

Creating an alert model

secmaster:alertRule:create

Deleting a playbook version

secmaster:playbook:deleteVersion

Deleting a report

secmaster:report:delete

Creating a layout field

secmaster:layout:createField

Modifying an alert type

secmaster:alert:updateType

Creating an alert

secmaster:alert:create

Importing an Indicator

secmaster:indicator:import

Updating the workflow version debugging result

secmaster:workflow:simulate

Deleting a mapping

secmaster:mapping:deleteMapper

Deleting a data class

secmaster:dataclass:delete

Updating a directory

secmaster:catalogue:update

Updating a report

secmaster:report:update

Binding incident types to layouts

secmaster:incident:bindLayout

Updating a to-do task

secmaster:task:update

Unlocking a table

secmaster:table:deleteLock

Enabling/Disabling a vulnerability type

secmaster:vulnerability:enableType

Creating an asset connection

secmaster:connection:create

Updating a playbook version

secmaster:playbook:updateVersion

Creating a vulnerability type

secmaster:vulnerability:createType

Deleting an alert model

secmaster:alertRule:delete

Deleting a pay-per-use order

secmaster:subscription:deletePostPaidOrder

Creating an alert type

secmaster:alert:createType

Deleting a category mapping

secmaster:mapping:delete

Creating a pay-per-use order

secmaster:subscription:createPostPaidOrder

Updating an alert

secmaster:alert:update

Simulating an alert model

secmaster:alertRule:createSimulation

Associating vulnerability types with layouts

secmaster:vulnerability:bindLayout

Creating a playbook version

secmaster:playbook:createVersion

Deleting a playbook

secmaster:playbook:delete

Deleting a vulnerability type

secmaster:vulnerability:deleteType

Creating the data pipeline consumption

secmaster:pipe:createConsumption

Creating a workflow

secmaster:workflow:create

Verifying a workflow version

secmaster:workflow:validate

Updating the category mapping status

secmaster:mapping:update

Creating a data class

secmaster:dataclass:create

Creating a category

secmaster:mapping:createClassifier

Updating a workflow

secmaster:workflow:update

Creating a to-do task

secmaster:task:create

Creating an incident type

secmaster:incident:createType

Deleting an alert

secmaster:alert:delete

Deleting a workflow version

secmaster:workflow:deleteVersion

Updating a layout

secmaster:layout:update

Associating alert types with layouts

secmaster:alert:bindLayout

Copying a category mapping

secmaster:mapping:copy

Associating indicator types with layouts

secmaster:indicator:bindLayout

Enabling or disabling an incident type

secmaster:incident:enableType

Updating a workflow version

secmaster:workflow:updateVersion

Updating search criteria

secmaster:searchCondition:update

Designing a table

secmaster:table:updateSchema

Saving as template

secmaster:layout:createTemplate

Updating mappings

secmaster:mapping:updateMapper

Creating an agency

secmaster:agency:create

Locking a table

secmaster:table:createLock

Creating a mapping

secmaster:mapping:createMapper

Updating a playbook

secmaster:playbook:update

Creating a layout

secmaster:layout:create
Parent topic: Permissions Management