QUESTION

Can I grant a Panther API token permissions for managing Lookup Tables and log schemas but not rules?

ANSWER

No, it is not possible to grant a Panther API token permissions for managing Lookup Tables and log schemas without also granting permissions for managing rules.

Schema management permissions are included in the Manage Log Sources permission.

Lookup Table management is included in the Bulk Upload permission, which also includes the ability to upload rules. As a result, it's not possible to configure an API token that can manage Lookup Tables and schemas but not rules.

To minimize the possession of the ability to manage rules, two separate API tokens can be created: one with the Modify Log Sources permission to manage schemas, and a second with the Bulk Upload permission to manage Lookup Tables (and rules). In this scenario, the first API token will not have the ability to manage rules.