Configuring Object-Level Sharing and Access Control

Object-Level Sharing and Access Control enables you to assign granular access permissions to user-created objects in the Stellar Cyber Platform. This feature lets you control which users can view (read-only) or edit (read/write) shared content. In this release, Object-Level Sharing and Access Control applies to custom dashboards.

This feature enhances collaboration and security by letting you share objects selectively within your organization while maintaining control over who can modify or redistribute them. It also helps protect proprietary or sensitive configurations by restricting access to authorized users only.

You can configure sharing permissions globally in System | Settings and individually for each custom dashboard.

Global Default Access Settings

Global default access settings define how access control lists (ACLs) behave for all new or existing custom dashboards that do not have specific sharing rules applied.

To configure the global settings:

  1. Navigate to System | Settings.

  2. Locate the Object-ACL (Access Control List) Settings section.

    Screen capture of the Access control default behavior settings in System | Settings

  3. Select the default sharing mode:

    Default Allow – All users with appropriate role-based access control (RBAC) privileges have Reader access to all objects unless otherwise specified.

    Default Deny – Only the object owner has access to the object unless additional users are explicitly granted permissions.

    When upgrading to version 6.2, Stellar Cyber defaults to Default Allow to preserve existing access behavior. You can switch to Default Deny to enforce stricter data and configuration security.

    Dashboards created or modified after changing this setting inherit the new default behavior unless explicitly configured otherwise.

    Users with Super Admin privileges in RBAC can bypass all object-level access controls. This ensures that administrators with full system authority retain access to all user-created objects regardless of individual sharing settings.

Sharing Custom Dashboards

You can assign specific users with Editor access or Reader access to custom dashboards. Dashboard-specific settings override global defaults.

To configure sharing for a dashboard, you must have Owner or Editor permissions for it.

To configure sharing for a dashboard:

  1. Go to Dashboards | Custom.

  2. Select a custom dashboard.

  3. Select Open in Visualizer, and then select Share.

    The Share dialog box displays the following information:

    • Shared with – Users who currently have access to the dashboard and their privilege roles: Owner, Editor, or Reader. The owner is the one who created the dashboard. Owners have full control, including editing, sharing, and ownership transfer. Ownership cannot be removed and must be transferred to another active user when an owner account is deleted.

    • Add User – Grant additional users access with specific privileges. You can assign the following roles:

      Editor – Can view, modify, and share the dashboard with other users.

      Reader – Can view the dashboard but cannot edit or share it.

      Screen capture of the Share dialog box for a custom dashboard

  4. To assign access privileges for the dashboard to users, choose a username from the drop-down list and select a role—Editor or Reader.

  5. To assign access privileges to an additional user, select + Add, choose the username, and select a role. Repeat as needed to add multiple users.

  6. Select Share to apply the settings.

    The system immediately updates the ACL for the dashboard. All assigned users see the shared dashboard listed in their dashboard library according to their permissions.

    If the number of users with access exceeds the display limit in the dashboard list, an indicator such as +1 or +2 appears to show additional users with access.