Skip to content
Permalink
Branch: master
Find file Copy path
Find file Copy path
1 contributor

Users who have contributed to this file

51 lines (29 sloc) 2.6 KB

Organisations, Users and sharing

User role, profile and permission

User

In TheHive, a user is a member of one or more organisations. One user has a profile for each organisation and can have different profiles for different organisations. For example:

  • analyst” in “organisationA”;
  • and “admin” in “organisationB”;
  • and “read-only” in “organisationC”.

Organisations and sharing

TheHive comes with a default organisation named "admin" and is dedicated to users with administrator permissions of TheHive instance. This organisation is very specific so that it can manage global objects and cannot contain cases or any other related elements.

By default, organisations can’t see each other, and can't share with any. To do so, an organisation must be "linked" with another one. Only super administrators or users with manageOrganisation permissions can give the ability of a organisation to see an other one. This ability named “link” is unidirectional.

Link with other organisations

To share a case with another organisation, a user must be able to see it: its organisation must be "linked" with the targeted organisation.

List organisations

Link organisations

Share and effective permissions

When a user creates a case, the case is linked to the user’s organisation with the profile “org-admin”. It means that there is no restriction, the effective permissions are the permissions the user has in his organisation.

If he decides to share that case with another organisation, he must choose the profile applied on that share.

Case sharing

To exerce a action on a case, the related permission must be present in the user profile and in the case share.

Sharing rules

When you share a case, you can share its tasks or observables but it is not mandatory. Tasks (and observables) can be unitary shared.

Case task sharing

Case observable sharing

They can be shared only with organisations for which case is already shared. A case can be shared only once for a given organisation. Thus a case an its tasks/observables are shared with the same permissions for the same organisation.

You can’t perform that action at this time.