🧑‍🤝‍🧑User Roles & Rights (Permissions)

Role Management

https://docs.aspnetzero.com/common/latest/Features-Angular-Role-Management

Organization Units

https://docs.aspnetzero.com/common/latest/Features-Angular-Organization-Units

Permissions

Category	GUI Name	API Name	Description
AI
	AI Assistance	AiAssistance	Allow to use AI Assistance
	AI Assistance Management	AiAssistanceManagement	Allow to Manage AI Assistance
	AI Templates	AiTemplate	Allow to use AI Templates
	AI Templates Management	AiTemplateManagement	Allow to Manage AI Templates
Background Operations	Background Operations	BackgroundOperations	API permission that allows access (including cancellation) to all background operations, independently on whom has launched a background operation
Data Sources
	Use Data Sources	UseDataSources	Allow user to use Data Sources
Distribution Lists
	Edit Distribution Lists	DistributionListsEdit	Allow to Edit Distribution Lists
	Get Distribution Lists	DistributionListsGet	Allow to Get Distribution Lists
Enqueue Background Operations	Enqueue Background Operations	EnqueueBackgroundOperations	Allows scheduling background operations for execution
External Operations	External Operations	ExternalOperations	API permission that allows access to endpoints used for external operations: loading \ uploading STIX objects and unlocking them after all external operations complete
Foreign PIARA Server Consumer
	Duplicate STIX Objects from Foreign PIARA Services	ForeignMeridianServicesDuplicateToLocal	Allow user to duplicate STIX Objects from Foreign PIARA Services
	Export STIX Objects from Foreign PIARA Services	ForeignMeridianServicesExport	Allow user to export STIX Objects from Foreign PIARA Services
	Import Published STIX Objects from Foreign PIARA Services	ForeignMeridianServicesImportPublished	Allow user to Import Published STIX Objects from Foreign PIARA Services
	Use Foreign PIARA Services	UseForeignMeridianServices	Allows user to use Foreign PIARA functionality (communication between different instances of PIARA)
Foreign PIARA Server Provider
	ES Deepsearch on Foreign PIARA Services	ForeignMeridianServicesEsDeepsearch	Allow user to run ES Deepsearch on Foreign PIARA Services
	Foreign PIARA Services tunneling*	ForeignServicesTunneling	Allow user to share Foreign PIARA Services
	Share Data to Foreign PIARA Services	ShareDataToForeignMeridianServices	Allow user to run operations that send data to other PIARA instances
Foreign PIARA Servers Management
	Enumerate Foreign Meridian Services	EnumerateForeignMeridians	Allows user to see the list of configured instances of PIARA
	Manage List of Foreign PIARA Services	ManageForeignMeridianServices	Allows user to manage list of Foreign PIARA Services
Get Server Metadata	Get Server Metadata	GetServerMetadata	Allow to get server metadata
Get TAXII Collections List*	Get TAXII Collections List	GetTaxiiCollectionsList	Allow to get a list of all TAXII Collections
Get Users List*	Get Users List	GetUsersList	Allow to get a list of all users
Import MITRE Data	Import MITRE Data	ImportMitreData	Allow to Import MITRE Data
Management
	Maintenance	Maintenance	Allow to run maintenance endpoints (clear cache, etc.)
	Manage Foreign Requests Balance	ForeignRequestsBalanceManagement	Allow to manage Foreign Requests Balance
	Manage Local Requests Balance	LocalRequestsBalanceManagement	Allow to manage Local Requests Balance
	Manage Rate Limits	ManageRateLimits	Allow to manage Rate Limits
	Manage Server's identity and marking-definition	ManageServerIdentity	Allow user to manage Server's identity and marking-definition
	Manage SSO Providers	SsoProvidersManagement	Allow user to manage SSO Providers
	Migrate Users	MigrateUsers	Allows to migrate users from one server instance to another
	Orphaned Files Management	OrphanedFilesManagement	Allow user to manage Orphaned Files
	Re-index STIX objects	ReindexStix	Allows launching indexation of STIX objects in elasticsearch (primary read source), which immediately clears all STIX objects from elasticsearch and then adds all STIX objects from database to elasticsearch
	Run ES Deepsearch	EsDeepSearch	Allows to run ES deepsearch
	Run Service Endpoints	RunServiceEndpoints	Allows user to run service operations (like running a script that fixes inconsistency in database)
	Send Test Emails	SendTestEmails	Allow to send test emails
	Send Test Wickr Messages	SendTestWickrMessage	Allow to send test Wickr messages
	Send Test Zulip Messages	SendTestZulipMessage	Allow to send test Zulip messages
Meridian Main API Access	Meridian Main API Access	MeridianMainApiAccess	Ability to use methods exposed by PIARA API
Objects Permissions
	Full Access To All STIX Objects*	FullAccessToAllStixObjects	Full Access To All STIX Objects
	Ignore Taxii API Permissions Scheme*	IgnoreTaxiiApiPermissionsScheme	Ignore Taxii API Permissions Scheme
Open Fair	Open Fair	OpenFair	Allow to generate Open Fair reports
Portal IOC
	Free Search STIX Objects	PortalIocFreeSearch	Allow to search STIX objects for free users
	Search STIX Objects	PortalIocSearch	Allow to search STIX objects
Resources
	Edit Categories	Edit Categories	Allows editing categories
	Edit Emails List to Send Alerts	AlertsEmailAddressListsFull	Allows viewing and editing email lists used for alerts distribution
	Edit Emails List to Send Reports	ReportsEmailAddressListsFull	Allows viewing and editing email lists used for reports distribution
	Edit Emails List to Send Wickr Messages	WickrEmailAddressListsFull	Allows viewing and editing email lists used for wickr messages distribution
	Edit Emails List to Send Zulip Messages	ZulipEmailAddressListsFull	Allows viewing and editing email lists used for zulip messages distribution
	Edit Languages	EditLanguages	Allows editing languages
	Edit Locations	EditLocations	Allows editing locations
	Edit STIX Relationship Types	EditStixRelationshipTypes	Allow to edit STIX relationship types
	Edit STIX Vocabulary	EditStixVocabulary	Allows editing STIX Vocabularies
	Search Field Sets	SearchFieldSets	Allow to customize Search Field Sets
Saved Queries
	Get Emails List to Send Alerts	AlertsEmailAddressListsGet	Allows viewing email lists used for alerts distribution
	Get Emails List to Send Wickr Messages	WickrEmailAddressListsGet	Allows viewing email lists used for wickr messages distribution
	Get Emails List to Send Zulip Messages	ZulipEmailAddressListsGet	Allows viewing email lists used for zulip messages distribution
	Saved Queries	Alerts	Work With Saved Queries
	Send Alert Email Notification to Owner	AlertsEmailNotifyToOwner	Allows user to send alert email notifications to himself
	Send Alert Wickr Messages to Owner	ZulipNotifyToOwner	Allows user to send alert wickr notifications to himself
	Send Alert Zulip Messages to Owner	WickrNotifyToOwner	Allows user to send alert zulip notifications to himself
STIX Objects
	Create STIX Objects	CreateStixObjects	Allow to create STIX objects
	Create STIX Objects Bulk	BulkCreateStixObjects	Allow to use endpoints for bulk creating STIX objects
	Delete STIX Objects	DeleteStixObjects	Allow to delete STIX objects
	Publish Object	PublishObject	Allows publishing STIX objects
	Push STIX Objects	PushStixObjects	Allow to push STIX objects
	Revoke Object	RevokeObject	Allows revoking published STIX objects
	Update STIX Objects	UpdateStixObjects	Allow to update STIX objects
STIX Objects Export
	Export STIX Objects	ExportStixObjects	Allow export STIX objects
	Generate Reports	GenerateReports	Allow to generate reports
	Get Emails List to Send Reports	ReportsEmailAddressListsGet	Allows viewing email lists used for reports distribution
Stripe	Stripe	Stripe	Allow to use Stripe resources
Swagger Document Storage
	Read Swagger Document	SwaggerStorageRead	Allow to read Swagger Document from storage
	Save Swagger Document	SwaggerStorageSave	Allow to save Swagger Document to storage
TAXII Collection
	Access To All TAXII Collections*	AccessToAllTaxiiCollections	Allows read\write access to all TAXII collections, disregarding any TAXII permissions set
	Add Objects To Collection	AddObjectsToCollection	Allows adding STIX objects to TAXII collections
	Create/Edit/Delete TAXII Collections	EditTaxiiCollections	Allows user to create/edit/delete TAXII collections
	Delete Objects From Collection	DeleteObjectsFromCollection	Allows deleting STIX objects from TAXII collections
	Create/Edit/Delete TAXII Collections	EditTaxiiCollections	Allows user to create/edit/delete TAXII collections
Tokens Management
	Manage Other User's Tokens	OthersTokensManagement	Allows to manage user's own JWT tokens
	Manage Own Tokens	OwnTokensManagement	Allows to manage other user's JWT tokens
Translation Service
	Use Bing Translation Service	UseBingTranslationService	Allows using translation service built upon Bing engine
	Use Systran9 Translation Service	UseSystran9TranslationService	Allows using translation service built upon Systran9 engine
Use dashboard	Use dashboard	Dashboard	Allow to use dashboard
FullSyncServers	FullSyncServers	Use Full Sync between PIARA servers	Import all missing STIX objects, relationships and collections from another PIARA server
Use Meridian Dashboard Login
	Change Own Password	ChangePassword	Allows user to change own password in PIARA Dashboard user profile (when signed in)
	Reset Own Password Using Email Address	ResetPassword	Allows user to reset password when not signed in (temporary password is sent to registered email address)
	Sign into Meridian Using Username/Password	InternalLogin	Allows signing into PIARA Dashboard using username/password
Use Webhose Service	Use Webhose Service	UseWebhoseService	Allows using Webhose via proxy PIARA endpoints

* Feature-permissions change endpoints internal logic.

Other feature-permissions (those which are not marked with *) deny using appropriate endpoints.