https://live.paloaltonetworks.com/t5/cortex-xsoar-discussions/restrict-visibility-of-specific-incident-types-based-on-user/m-p/597995#M3614 <P>Hello Everyone,</P> <P>We're currently focused on improving our access control model to limit the visibility of certain incident types based on user roles. Currently, this is done manually through the system command:</P> <P>```<BR />/set_incident role = &lt;role name&gt;<BR />```</P> <P>This command is executed at each incident level and isn't available for execution within playbooks. We are investigating how to integrate this command into a playbook to automate role-based logic.</P> <P>What is the best way to implement this, or are there alternative approaches we should consider? We're seeking input from the community on this.</P> <P>&nbsp;</P> Tue, 17 Sep 2024 12:43:59 GMT M.IbrahimHabibullah 2024-09-17T12:43:59Z https://live.paloaltonetworks.com/t5/cortex-xsoar-discussions/restrict-visibility-of-specific-incident-types-based-on-user/m-p/597995#M3614 <P>Hello Everyone,</P> <P>We're currently focused on improving our access control model to limit the visibility of certain incident types based on user roles. Currently, this is done manually through the system command:</P> <P>```<BR />/set_incident role = &lt;role name&gt;<BR />```</P> <P>This command is executed at each incident level and isn't available for execution within playbooks. We are investigating how to integrate this command into a playbook to automate role-based logic.</P> <P>What is the best way to implement this, or are there alternative approaches we should consider? We're seeking input from the community on this.</P> <P>&nbsp;</P> Tue, 17 Sep 2024 12:43:59 GMT https://live.paloaltonetworks.com/t5/cortex-xsoar-discussions/restrict-visibility-of-specific-incident-types-based-on-user/m-p/597995#M3614 M.IbrahimHabibullah 2024-09-17T12:43:59Z https://live.paloaltonetworks.com/t5/cortex-xsoar-discussions/restrict-visibility-of-specific-incident-types-based-on-user/m-p/599765#M3684 <P>Hi&nbsp;<a href="https://live.paloaltonetworks.com/t5/user/viewprofilepage/user-id/545486011">@M.IbrahimHabibullah</a>&nbsp;,</P> <P>&nbsp;</P> <P>You can use setIncident to restrict the incidents to be reachable by specific roles. Please see the screenshot below. The users only having Administrator role will have access to the incident.<BR /><BR /></P> <P><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="gyldz_0-1728374047465.png" style="width: 400px;"><img src="https://live.paloaltonetworks.com/t5/image/serverpage/image-id/62611iA00B4FE15D210DE2/image-size/medium?v=v2&amp;px=400" role="button" title="gyldz_0-1728374047465.png" alt="gyldz_0-1728374047465.png" /></span></P> <P>I hope this answers your question.</P> Tue, 08 Oct 2024 07:54:47 GMT https://live.paloaltonetworks.com/t5/cortex-xsoar-discussions/restrict-visibility-of-specific-incident-types-based-on-user/m-p/599765#M3684 gyldz 2024-10-08T07:54:47Z https://live.paloaltonetworks.com/t5/cortex-xsoar-discussions/restrict-visibility-of-specific-incident-types-based-on-user/m-p/1224286#M3955 <P>Little late to the party....<BR />Hi&nbsp;<a href="https://live.paloaltonetworks.com/t5/user/viewprofilepage/user-id/287891">@gyldz</a>&nbsp;<BR />Do you know if this is also working with indicators?</P> Thu, 20 Mar 2025 10:28:43 GMT https://live.paloaltonetworks.com/t5/cortex-xsoar-discussions/restrict-visibility-of-specific-incident-types-based-on-user/m-p/1224286#M3955 JBoehm 2025-03-20T10:28:43Z