At times, it may be necessary for tenant admins to allow operators to manage Playbooks.
Delegation options include:
- Delegating all Playbooks and all their policies as they currently exist.
- Delegating one or more specific Playbooks, including all or some associated policies, as they exist today.
- Delegating one or more Playbooks and policies as they are created and shared.
Delegation and roles
Policy delegation grants the delegated operator permission to view and remediate the policy; however, it does not allow them to edit it. A Playbook Admin can only edit policies that they have created or those for which ownership has been transferred to them using the “Edit owner” button within the policy box.
Delegation process
Follow these steps to delegate Playbooks or individual policies to operators.
Step 1: access the Permission Set
- Navigate to “Settings” > “Permissions”.
- Choose to either:
- Select and modify an existing permission set
- Create a new permission set
Step 2: access Playbooks section in the Permission Set
In the Permission Set,
- Select the “Playbooks” section from the sidebar.
Here, you will find all the Playbooks (both Out-of-the-box and Custom).
Delegate Playbooks
To delegate one or more entire Playbooks, select the checkbox next to the Playbook name.
If you wish to delegate all Playbooks, you can also perform this operation in bulk by:
- Selecting the “show all Playbooks” toggle: this toggle allows administrators to grant access to all available Playbooks. Enabling this setting provides access to new Playbooks as they are created and shared.
- Checking the “Select all” checkbox: this checkbox allows for the selection of all Playbooks and policies.
Please note: Playbooks will only become visible when at least one of their contained policies is enabled. This does not affect the delegation process.
Delegate individual policies
You can delegate one or more policy belonging to a Playbook.
To do so,
- Expand a Playbook (e.g., “Security & Identity”) using the arrow.
- Select the checkbox next to each policy you wish to delegate.
Please, note that enabling the “Show all Playbooks” toggle will automatically include all policies from every Playbook as they are created and shared. When this option is selected, you will not be able to deselect individual policies.
The same logic applies when selecting a specific Playbook checkbox: all of its policies will be included, and you will not have the option to deselect them individually.
Once you’ve selected the Playbooks and/or policies, click “Submit” in the bottom-right corner.
Remember: delegated operators will only be able to see enabled policies and Playbooks.
Include/Exclude new policies button
- Blue “Include new policies”: all existing and future policies in the Playbook are automatically included (individual deselection disabled).
- White “Exclude new policies”: new policies are not auto-included and must be added manually.
Please, note that when the button status is set on “Include new policies”, all policies will be included in the Playbook and you will not be able to deselect policies individually.
