System generated roles and entitlements

Forcepoint RBI has following system generated roles:

Table 1. System generated roles
Role Description
Admin Allows the viewing and editing of all administrative pages within the organization. The Admin role allows you can create, edit, and delete users; manage the policy; and configure and create reports. Admins can access the Forcepoint RBI Admin Portal, but cannot browse. If you want to allow an Administrator to use the isolated browser, then assign both an Admin role (either Admin or Admin-Read Only) and a User role.
Admin Read Only Allows the viewing of the Dashboard and Reports pages only. With the Admin - Read Only role, you can interact with the Dashboard widgets and generate, print, and download reports.
User Allows isolated browsing only. With the User role, you cannot sign into or access the Forcepoint RBI Admin Portal.

Forcepoint RBI provides following entitlements:

Table 2. Entitlements
Entitlements Description
Identity Administrator
  • IDM UI Access.
  • Read, Add, update, delete: user, group, role, IDP.
  • Read and dismiss alerts.
  • Read and update authentication and notification settings.
  • Accept EULA.
Identity Administrator Read Only
  • IDM UI Access.
  • Read: user, group, role, IDP.
  • Read alerts.
  • Read authentication and notification settings.
Insights Administrator
  • Insights UI Access
  • Create and read Widgets, ROI, Dashboards.
  • Read and Search collections.
  • Read and Dismiss alerts.
  • Read EULA
  • Configure SIEM profiles.
Insights Administrator Read Only
  • Insights UI Access
  • Read ROI, Dashboard, Widgets.
  • Read and search collections.
  • Read SIEM Profiles
RBI Administrator
  • Entire access for configuration, sandboxes, CA certificates rendering, pixel rendering pattern, download, upload, policy engine, session, device, tenant settings, policy profiles, override user agent, site visits, RBC, policy, DLP settings, User Scopes, cookie data.
  • Read applications, user, downloads, partner settings.
  • Write downloads.
  • Complete file transactions.
  • Alerts read dismiss
  • SMTP all access
  • Accept and read EULA
RBI Administrator Read Only
  • Complete access of control center, Analytics, FTIS.
  • Read site visits, audit trails, downloads, uploads, messages, sessions, user, user group, policy profiles, category override, ID Provider, log aggregate, tenant settings menu, DLP settings menu, override user agent, sandboxes, applications.
  • Change user Password.
  • Recycle Nodes
  • Read my organization details.
  • Alert read
  • Search EULA
RBI User
  • Complete access for browsing, pixel rendering pattern.
  • Read and write cookie data, downloads, uploads, sessions, site visits
  • Read, write, and delete devices.
  • Read policy profile, user policy, user group policy, tenant policy, node, tenant, tenant settings, DLP Settings, Isolation modes, override user agent. (for internal use).
  • Write node allocations, DLP Incidents, AD Incidents, Switched isolation modes.
  • Identify session bandwidth usage.
  • IDP Logout
  • Search EULA
RBI Policy reader
  • Read applications, policy profiles, user policy, tenant policy, user group policy.
  • User read, group read, EULA search.
RBI Policy writer
  • Read applications.
  • Read and write policy profiles, user policy, tenant policy, user group policy, EULA search.