This page describes how data role-based access control (data RBAC)
administrators and users can assign scopes to data tables. Data tables are
multicolumn data constructs that let you input your own data into
Google Security Operations. They can function as lookup tables with defined columns and
data stored in rows. By assigning scopes to a data table, you can control
which users and resources can access and utilize it (for example, rules and unified data model (UDM) search instances).
Access permissions vary by user type (scoped versus global):
Scoped users can create a scoped data table using all or a subset of the
scopes that are assigned to them.
Global users can create either an unscoped data table (a data table
that all the users can use) or a scoped data table. An unscoped data table
can be viewed by all users, but only global users can write to it.
Another way of looking at this is from the perspective of a data table:
Scoped data tables with selected can be accessed by specific users or rules that have
matching scopes. However, to perform write operations on a scoped table, the
user or rule needs to have the same matching scopes.
Unscoped data tables are accessible to all users and rules for read operations.
However, write operations are limited to global users only.
In the Data tables window, select the data table that you want to add scopes
to.
At the top, select the scope assignment list.
Select all the scopes that the data table must have access to.
Click Save. The scopes are added to the data table.
Update scopes in a data table
To update the scopes for a data table, you must have access to all the data
scopes that you intend to add to the data table. You cannot add or remove scopes
that you don't have access to.
The following considerations apply when updating a data table:
Removing scopes from a data table is only allowed if all existing rules
that use the data table remain functional after the change.
For example:
An update for a data table from scopes A and B to scope A is
not allowed if a rule scoped to B uses the data table.
An update for an unscoped data table to Scope A is not allowed
if a rule with scoped to B uses the data table.
Removing scope B is not allowed if a rule with scope B uses the data
table.
A scoped user can remove a scope from a data table, which can cause
other scoped users to lose access.
For example, a user with scopes A and B can remove scope B from a data table
with scopes A and B. After this change, the user can still use the
data table, but another user with only scope B can no longer view or
access the data table.
Adding more scopes can cause some users to lose their edit access to a data
table. To have read and write permissions, you need access to all scopes.
Having access to one or just a few only gives you read permissions.
For example, a user with scopes A and B can add scope B to a data table
that has scope A. After this change, the user can still edit the data table,
but another user with only scope A is no longer able to edit the data table.
To read a data table, a user only needs one scope assigned to the data table.
To write to data table or modify it, the user needs all of the scopes assigned
to the data table.
To update the scopes in a data table, do the following:
[[["Easy to understand","easyToUnderstand","thumb-up"],["Solved my problem","solvedMyProblem","thumb-up"],["Other","otherUp","thumb-up"]],[["Hard to understand","hardToUnderstand","thumb-down"],["Incorrect information or sample code","incorrectInformationOrSampleCode","thumb-down"],["Missing the information/samples I need","missingTheInformationSamplesINeed","thumb-down"],["Other","otherDown","thumb-down"]],["Last updated 2025-08-29 UTC."],[],[],null,["# Configure data RBAC for data tables\n===================================\n\nSupported in: \nGoogle secops [SIEM](/chronicle/docs/secops/google-secops-siem-toc)\n\nThis page describes how *data role-based access control* (*data RBAC*)\nadministrators and users can assign scopes to data tables. Data tables are\nmulticolumn data constructs that let you input your own data into\nGoogle Security Operations. They can function as lookup tables with defined columns and\ndata stored in rows. By assigning scopes to a data table, you can control\nwhich users and resources can access and utilize it (for example, rules and unified data model (UDM) search instances).\n\nAccess permissions vary by user type (scoped versus global):\n\n- *Scoped users* can create a scoped data table using all or a subset of the\n scopes that are assigned to them.\n\n- *Global users* can create either an unscoped data table (a data table\n that all the users can use) or a scoped data table. An unscoped data table\n can be viewed by all users, but only global users can write to it.\n\nAnother way of looking at this is from the perspective of a data table:\n\n- Scoped data tables with selected can be accessed by specific users or rules that have\n matching scopes. However, to perform write operations on a scoped table, the\n user or rule needs to have the same matching scopes.\n\n- Unscoped data tables are accessible to all users and rules for read operations.\n However, write operations are limited to global users only.\n\nFor more information on how data RBAC and scopes work, see\n[Overview of Data RBAC](/chronicle/docs/administration/datarbac-overview).\n\nFor detailed information about user access permissions, see the table in [Access permissions for users in data tables](/chronicle/docs/administration/datarbac-impact#access_permissions_for_users_in_data_tables).\n\nAdd scopes to data tables\n-------------------------\n\nTo add scopes to a data table, you must have access to all the scopes that\nyou intend to add. You cannot add scopes that you don't have access to.\n\nTo add scopes to an unscoped data table or add more scopes to a scoped data\ntable, do the following:\n\n1. [Log in to Google SecOps](/chronicle/docs/log-in-to-ui).\n\n2. Click **Investigation** \\\u003e **Data tables**.\n\n3. In the **Data tables** window, select the data table that you want to add scopes\n to.\n\n4. At the top, select the scope assignment list.\n\n5. Select all the scopes that the data table must have access to.\n\n6. Click **Save**. The scopes are added to the data table.\n\nUpdate scopes in a data table\n-----------------------------\n\nTo update the scopes for a data table, you must have access to all the data\nscopes that you intend to add to the data table. You cannot add or remove scopes\nthat you don't have access to.\n\nThe following considerations apply when updating a data table:\n\n- Removing scopes from a data table is only allowed if all existing rules\n that use the data table remain functional after the change.\n For example:\n\n - An update for a data table from scopes A and B to scope A is not allowed if a rule scoped to B uses the data table.\n - An update for an unscoped data table to Scope A is not allowed if a rule with scoped to B uses the data table.\n - Removing scope B is not allowed if a rule with scope B uses the data table.\n- A scoped user can remove a scope from a data table, which can cause\n other scoped users to lose access.\n\n For example, a user with scopes A and B can remove scope B from a data table\n with scopes A and B. After this change, the user can still use the\n data table, but another user with only scope B can no longer view or\n access the data table.\n- Adding more scopes can cause some users to lose their edit access to a data\n table. To have read and write permissions, you need access to all scopes.\n Having access to one or just a few only gives you read permissions.\n\n For example, a user with scopes A and B can add scope B to a data table\n that has scope A. After this change, the user can still edit the data table,\n but another user with only scope A is no longer able to edit the data table.\n To read a data table, a user only needs one scope assigned to the data table.\n To write to data table or modify it, the user needs all of the scopes assigned\n to the data table.\n\nTo update the scopes in a data table, do the following:\n\n1. [Log in to Google SecOps](/chronicle/docs/log-in-to-ui).\n\n2. Click **Investigation** \\\u003e **Data tables**.\n\n3. In the **Data tables** window, select the data table that you want to update.\n\n4. At the top, select the scope assignment drop-down.\n\n5. Select all the scopes that the data table should have access to. Deselect the\n scopes the data table shouldn't have access to.\n\n6. Click **Save**. The scope assignment for the data table is updated.\n\n**Need more help?** [Get answers from Community members and Google SecOps professionals.](https://security.googlecloudcommunity.com/google-security-operations-2)"]]