Reference: User-specific saved questions

When multiple users work with the same saved question, the following factors control which users can see the question, and which question settings and results the users can see:

  • User role permissions: To view and edit a saved question, a user must have the required role permissions for the content set to which the question is assigned (see Manage saved questions). Additionally, the following settings in the question configuration interact with role permissions to affect which users can see the question and which other settings they can see::
    • Visibility: Determines whether the question is visible only to the owner (question creator) and administrators or to any user who has the required role permissions.
  • User-specific configuration changes: When a user saves changes to the question configuration,Tanium Cloud the Tanium Server saves a copy of the question. When users sign in to Tanium Cloudthe server, the users see only the copy with their own changes.
  • Computer group management rights: The computer groups assigned to users, user groups, and personas determine the visibility of the saved question Reissue interval and recent question results.

The following sections describe how these factors determine the visibility of a question and its settings and results, using an example scenario. All the users in this example have the role permissions required to read, create, and edit the question Installed Applications on Windows Workstation. The following table lists the users in the order that they made changes to the question configuration.

 Table 1: Example user role permissions and computer group assignments
User name Role permissions Computer group management rights Question configuration edits
Admin1 Administrator reserved role Unrestricted management rights Created and saved the question with the Merging and Drilldown options disabled, the Default Tab set to Grid, and the Reissue interval set to 1 day.
User1 Read, create, and edit the saved question All Windows (endpoints that run any Windows operating system [OS]) Resaved the question with Merging enabled.
Admin2 Content Administrator reserved role Unrestricted management rights Resaved the question with the Default Tab set to Question. Admin2 also reverted Merging to disabled after User1 enabled it.
User2 Read, create, and edit the saved question All Windows desktops (endpoints that run the Windows desktop OS) Resaved the question with Drilldown enabled.
User3 Read, create, and edit the saved question All Windows Made no changes.

To see the question settings described in the following sections, go to Administration > Content > Saved Questions, select a question, and click Edit.

Role permissions

Visibility

Whether a saved question is visible to users depends on their role permissions and the Visibility option that is selected in the question configuration:

  • According to RBAC: All users who have the necessary role permissions can see the question. In this example, all the users have the role permissions required to read and edit saved questions in the content set that contains this question. Therefore, this option enables all the users to see the question.

  • Only the Owner and Admins can see this object: Only users with the Administrator or Content Administrator reserved role, and the question owner (creator), can see the question. In this example, this option enables only Admin1 and Admin2 to see the question.

Figure 1: Saved question Visibility options

saved_question_visibility.png