Role-Based Access Control
Sumo Logic supports聽Role-Based Access Control (RBAC) to control access to Sumo Logic functionality and to limit the data that users may view. 聽
To manage users and roles, you must have the Administrator role or your role must聽have been assigned聽the manage users and roles capability.
With RBAC, you don鈥檛 assign permissions directly to users. Instead, you assign permissions to roles, and then assign roles to users. Specifically, when you create a role, you assign it a set of capabilities and a role search filter.聽
A capability is the right to perform a particular function in Sumo Logic, for instance 鈥淢anage connections鈥�, 鈥淰iew collectors鈥� and 鈥淢anage password policy鈥�.聽
A role search filter limits what log data a user with that role may view鈥攊t鈥檚 essentially a log query. Like any other log query, a search filter can use Sumo Logic built-in metadata fields, keywords, and logical operators. You can assign multiple roles to a particular user. When a user has聽multiple Sumo roles, Sumo combines the role filters from each of the roles using OR to come up with the combined role filter. When a Sumo Logic user runs a log query, Sumo Logic silently prepends the user鈥檚 query with the user鈥檚 combined role filter.聽Note that, when multiple roles filters are applied to a query, the least restrictive filter takes precedence.