# User Roles & Rights (Permissions) ### Role Management ### Organization Units ### Permissions | **Category** | **GUI Name** | **API Name** | **Description** | | ------------------------------------ | --------------------------------------------------------- | --------------------------------------- | -------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | | **AI** | | | | | | AI Assistance | AiAssistance | Allow to use AI Assistance | | | AI Assistance Management | AiAssistanceManagement | Allow to Manage AI Assistance | | | AI Templates | AiTemplate | Allow to use AI Templates | | | AI Templates Management | AiTemplateManagement | Allow to Manage AI Templates | | **Background Operations** | Background Operations | BackgroundOperations | API permission that allows access (including cancellation) to all background operations, independently on whom has launched a background operation | | **Data Sources** | | | | | | Use Data Sources | UseDataSources | Allow user to use Data Sources | | **Distribution Lists** | | | | | | Edit Distribution Lists | DistributionListsEdit | Allow to Edit Distribution Lists | | | Get Distribution Lists | DistributionListsGet | Allow to Get Distribution Lists | | **Enqueue Background Operations** | Enqueue Background Operations | EnqueueBackgroundOperations | Allows scheduling background operations for execution | | **External Operations** | External Operations | ExternalOperations | API permission that allows access to endpoints used for external operations: loading \ uploading STIX objects and unlocking them after all external operations complete | | **Foreign PIARA Server Consumer** | | | | | | Duplicate STIX Objects from Foreign PIARA Services | ForeignMeridianServicesDuplicateToLocal | Allow user to duplicate STIX Objects from Foreign PIARA Services | | | Export STIX Objects from Foreign PIARA Services | ForeignMeridianServicesExport | Allow user to export STIX Objects from Foreign PIARA Services | | | Import Published STIX Objects from Foreign PIARA Services | ForeignMeridianServicesImportPublished | Allow user to Import Published STIX Objects from Foreign PIARA Services | | | Use Foreign PIARA Services | UseForeignMeridianServices | Allows user to use Foreign PIARA functionality (communication between different instances of PIARA) | | **Foreign PIARA Server Provider** | | | | | | ES Deepsearch on Foreign PIARA Services | ForeignMeridianServicesEsDeepsearch | Allow user to run ES Deepsearch on Foreign PIARA Services | | | Foreign PIARA Services tunneling\* | ForeignServicesTunneling | Allow user to share Foreign PIARA Services | | | Share Data to Foreign PIARA Services | ShareDataToForeignMeridianServices | Allow user to run operations that send data to other PIARA instances | | **Foreign PIARA Servers Management** | | | | | | Enumerate Foreign Meridian Services | EnumerateForeignMeridians | Allows user to see the list of configured instances of PIARA | | | Manage List of Foreign PIARA Services | ManageForeignMeridianServices | Allows user to manage list of Foreign PIARA Services | | **Get Server Metadata** | Get Server Metadata | GetServerMetadata | Allow to get server metadata | | **Get TAXII Collections List\*** | Get TAXII Collections List | GetTaxiiCollectionsList | Allow to get a list of all TAXII Collections | | **Get Users List\*** | Get Users List | GetUsersList | Allow to get a list of all users | | **Import MITRE Data** | Import MITRE Data | ImportMitreData | Allow to Import MITRE Data | | **Management** | | | | | | Maintenance | Maintenance | Allow to run maintenance endpoints (clear cache, etc.) | | | Manage Foreign Requests Balance | ForeignRequestsBalanceManagement | Allow to manage Foreign Requests Balance | | | Manage Local Requests Balance | LocalRequestsBalanceManagement | Allow to manage Local Requests Balance | | | Manage Rate Limits | ManageRateLimits | Allow to manage Rate Limits | | | Manage Server's identity and marking-definition | ManageServerIdentity | Allow user to manage Server's identity and marking-definition | | | Manage SSO Providers | SsoProvidersManagement | Allow user to manage SSO Providers | | | Migrate Users | MigrateUsers | Allows to migrate users from one server instance to another | | | Orphaned Files Management | OrphanedFilesManagement | Allow user to manage Orphaned Files | | | Re-index STIX objects | ReindexStix | Allows launching indexation of STIX objects in elasticsearch (primary read source), which immediately clears all STIX objects from elasticsearch and then adds all STIX objects from database to elasticsearch | | | Run ES Deepsearch | EsDeepSearch | Allows to run ES deepsearch | | | Run Service Endpoints | RunServiceEndpoints | Allows user to run service operations (like running a script that fixes inconsistency in database) | | | Send Test Emails | SendTestEmails | Allow to send test emails | | | Send Test Wickr Messages | SendTestWickrMessage | Allow to send test Wickr messages | | | Send Test Zulip Messages | SendTestZulipMessage | Allow to send test Zulip messages | | **Meridian Main API Access** | Meridian Main API Access | MeridianMainApiAccess | Ability to use methods exposed by PIARA API | | **Objects Permissions** | | | | | | Full Access To All STIX Objects\* | FullAccessToAllStixObjects | Full Access To All STIX Objects | | | Ignore Taxii API Permissions Scheme\* | IgnoreTaxiiApiPermissionsScheme | Ignore Taxii API Permissions Scheme | | **Open Fair** | Open Fair | OpenFair | Allow to generate Open Fair reports | | **Portal IOC** | | | | | | Free Search STIX Objects | PortalIocFreeSearch | Allow to search STIX objects for free users | | | Search STIX Objects | PortalIocSearch | Allow to search STIX objects | | **Resources** | | | | | | Edit Categories | Edit Categories | Allows editing categories | | | Edit Emails List to Send Alerts | AlertsEmailAddressListsFull | Allows viewing and editing email lists used for alerts distribution | | | Edit Emails List to Send Reports | ReportsEmailAddressListsFull | Allows viewing and editing email lists used for reports distribution | | | Edit Emails List to Send Wickr Messages | WickrEmailAddressListsFull | Allows viewing and editing email lists used for wickr messages distribution | | | Edit Emails List to Send Zulip Messages | ZulipEmailAddressListsFull | Allows viewing and editing email lists used for zulip messages distribution | | | Edit Languages | EditLanguages | Allows editing languages | | | Edit Locations | EditLocations | Allows editing locations | | | Edit STIX Relationship Types | EditStixRelationshipTypes | Allow to edit STIX relationship types | | | Edit STIX Vocabulary | EditStixVocabulary | Allows editing STIX Vocabularies | | | Search Field Sets | SearchFieldSets | Allow to customize Search Field Sets | | **Saved Queries** | | | | | | Get Emails List to Send Alerts | AlertsEmailAddressListsGet | Allows viewing email lists used for alerts distribution | | | Get Emails List to Send Wickr Messages | WickrEmailAddressListsGet | Allows viewing email lists used for wickr messages distribution | | | Get Emails List to Send Zulip Messages | ZulipEmailAddressListsGet | Allows viewing email lists used for zulip messages distribution | | | Saved Queries | Alerts | Work With Saved Queries | | | Send Alert Email Notification to Owner | AlertsEmailNotifyToOwner | Allows user to send alert email notifications to himself | | | Send Alert Wickr Messages to Owner | ZulipNotifyToOwner | Allows user to send alert wickr notifications to himself | | | Send Alert Zulip Messages to Owner | WickrNotifyToOwner | Allows user to send alert zulip notifications to himself | | **STIX Objects** | | | | | | Create STIX Objects | CreateStixObjects | Allow to create STIX objects | | | Create STIX Objects Bulk | BulkCreateStixObjects | Allow to use endpoints for bulk creating STIX objects | | | Delete STIX Objects | DeleteStixObjects | Allow to delete STIX objects | | | Publish Object | PublishObject | Allows publishing STIX objects | | | Push STIX Objects | PushStixObjects | Allow to push STIX objects | | | Revoke Object | RevokeObject | Allows revoking published STIX objects | | | Update STIX Objects | UpdateStixObjects | Allow to update STIX objects | | **STIX Objects Export** | | | | | | Export STIX Objects | ExportStixObjects | Allow export STIX objects | | | Generate Reports | GenerateReports | Allow to generate reports | | | Get Emails List to Send Reports | ReportsEmailAddressListsGet | Allows viewing email lists used for reports distribution | | **Stripe** | Stripe | Stripe | Allow to use Stripe resources | | **Swagger Document Storage** | | | | | | Read Swagger Document | SwaggerStorageRead | Allow to read Swagger Document from storage | | | Save Swagger Document | SwaggerStorageSave | Allow to save Swagger Document to storage | | **TAXII Collection** | | | | | | Access To All TAXII Collections\* | AccessToAllTaxiiCollections | Allows read\write access to all TAXII collections, disregarding any TAXII permissions set | | | Add Objects To Collection | AddObjectsToCollection | Allows adding STIX objects to TAXII collections | | | Create/Edit/Delete TAXII Collections | EditTaxiiCollections | Allows user to create/edit/delete TAXII collections | | | Delete Objects From Collection | DeleteObjectsFromCollection | Allows deleting STIX objects from TAXII collections | | | Create/Edit/Delete TAXII Collections | EditTaxiiCollections | Allows user to create/edit/delete TAXII collections | | **Tokens Management** | | | | | | Manage Other User's Tokens | OthersTokensManagement | Allows to manage user's own JWT tokens | | | Manage Own Tokens | OwnTokensManagement | Allows to manage other user's JWT tokens | | **Translation Service** | | | | | | Use Bing Translation Service | UseBingTranslationService | Allows using translation service built upon Bing engine | | | Use Systran9 Translation Service | UseSystran9TranslationService | Allows using translation service built upon Systran9 engine | | **Use dashboard** | Use dashboard | Dashboard | Allow to use dashboard | | **FullSyncServers** | FullSyncServers | Use Full Sync between PIARA servers | Import all missing STIX objects, relationships and collections from another PIARA server | | **Use Meridian Dashboard Login** | | | | | | Change Own Password | ChangePassword | Allows user to change own password in PIARA Dashboard user profile (when signed in) | | | Reset Own Password Using Email Address | ResetPassword | Allows user to reset password when not signed in (temporary password is sent to registered email address) | | | Sign into Meridian Using Username/Password | InternalLogin | Allows signing into PIARA Dashboard using username/password | | **Use Webhose Service** | Use Webhose Service | UseWebhoseService | Allows using Webhose via proxy PIARA endpoints | | | | | | \* Feature-permissions change endpoints internal logic. Other feature-permissions (those which are not marked with \*) deny using appropriate endpoints. --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://piara-docs.gitbook.io/piara-documentation/admin-guide/permissions.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.