Hello Sajin,
This is currently not a feature in Resilient, creating "Read Only" Fields. The way Permissions work in resilient is that you can Restrict the edit-ability to User/Owner as those are high impact Fields. Whereas, the majority of the time Analysts/Users will be interacting with the Alert and Investigation data (Incident Fields).
There are some cases where Level 1 Analysts/Monitoring Analysts are to just make determinations on the information present. Not to update that information. Which sounds like your case. The Resilient Ideas (RFEs) listed below should they be implemented will support your need.
Please review and vote for the existing Idea for this request here:
Read Only Tabs/Fields:
https://2e4ccba981d63ef83a875dad7396c9a0.ideas.aha.io/ideas/R-I-402Read Only Data Tables:
https://2e4ccba981d63ef83a875dad7396c9a0.ideas.aha.io/ideas/R-I-131In the interim, you if you would like to restrict User edit of some Fields while allowing them edit others (Member, Owner) you can:
Place any Fields you do not want Users to be able to edit in the
Incident Summary Layout. This will allow Users to review the information but not edit it (as there is no "Edit" feature of the Summary Layout).
Now this will be visually unappealing for any Fields with large amounts of data (Text Areas, ex: "Description"). And you will not be able to place Data Tables in the Summary Layout (as they will not fit).
------------------------------
Brenden Glynn
CISSP, GCIH
Incident Response Business Consultant
IBM Resilient
------------------------------
Original Message:
Sent: Mon April 01, 2019 08:40 AM
From: Sajin MB
Subject: Incident Details Page Edit option
Hi Team,
Incident details tab allows analysts to modify the incident details (please refer attached screen shot).Usually analysts should not modify the incident details .
We have tried with user roles and disabled Edit Incidents role. But this will not allow user to even modify Members, owner and status.
We need incident name and Description filed(contains source IP,Destination IP,Hash value etc) should not be modified by analysts and owner and status fields should be editable.
Please refer attached screen shots for more clarity.
Regards,
Sajin MB
------------------------------
Sajin MB
------------------------------