Default Roles and Permissions
Click to view navigation pane

Roles Created from Vulnerability Management and Administration Applications and Assigned Permissions

When the centralized Role-Based Access Control feature is enabled, the specific or default VM roles that are created are assigned to the user. You can choose to assign additional or custom roles in addition to these default roles.

Note: By default, the Regular Manager has managerial access to Vulnerability Management (VM) and Policy Compliance (PC).  
In addition to VM and PC, you also have access to CyberSecurity Asset Management (CSAM), Global AssetView (GAV), Cloud Agent (CA), and Unified Dashboard (UD) from API. However, you can choose to select or deselect them from the UI.

  

Role Created from Vulnerability Management

Role Created from Administration Utility 

Permissions Assigned

MANAGER

VM_USER, PC_USER, REPORTING_READER, REPORTING_MANAGER, UD USER, CASM Manager, CAUI Manager

-  Report Permissions: REPORT_READ, REPORT_CREATE, REPORT_UPDATE, REPORT_DISTRIBUTE, REPORT_DELETE

-  User Permissions: USER_UPDATE

-  Tagging Permissions: CREATE_USER_TAG, EDIT_USER_TAG, DELETE_USER_TAG

-  AV Permissions: ASSET_READ, AM_ACCESS, AM_DASHBOARD_CREATE, AM_DASHBOARD_EDIT, AM_DASHBOARD_DELETE

-  VMDR Dashboard Permissions: QWEB_VM_DASHBOARD_CREATE, QWEB_VM_DASHBOARD_EDIT, QWEB_VM_DASHBOARD_DELETE

- UD Permissions: DASHBOARD_CREATE, DASHBOARD_UPDATE, DASHBOARD_DELETE, DASHBOARD_PRINT,TEMPLATE_CREATE, TEMPLATE_UPDATE, TEMPLATE_DELETE

-  VMUI permissions: UI_ACCESS, QWEB_VM_ACCESS, QWEB_VM_UI_ACCESS

-  PCUI permissions: UI_ACCESS, QWEB_PC_ACCESS, QWEB_PC_UI_ACCESS

-  CAUI: All permissions

-  CSAM: All managerial permissions.

UNIT MANAGER

UNIT MANAGER, VM_USER, PC_USER, REPORTING_READER, REPORTING_MANAGER, UD USER

-  Report Permissions: REPORT_READ, REPORT_CREATE, REPORT_UPDATE, REPORT_DISTRIBUTE, REPORT_DELETE

-  VMDR Dashboard Permissions: QWEB_VM_DASHBOARD_CREATE, QWEB_VM_DASHBOARD_EDIT, QWEB_VM_DASHBOARD_DELETE

-  UD Permissions: DASHBOARD_CREATE, DASHBOARD_UPDATE, DASHBOARD_DELETE, DASHBOARD_PRINT,TEMPLATE_CREATE, TEMPLATE_UPDATE, TEMPLATE_DELETE

-  VMUI permissions: UI_ACCESS, QWEB_VM_ACCESS, QWEB_VM_UI_ACCESS

-  PCUI permissions: UI_ACCESS, QWEB_PC_ACCESS, QWEB_PC_UI_ACCESS

Note: It depends on the manage_vm and manage_pc permissions. If manage_pc is true, the PC_USER role is added; if manage_vm is true, the VM_USER role is added.

SCANNER

SCANNER, VM_USER, PC_USER, REPORTING_READER, UD USER

-  Report Permissions: REPORT_READ, REPORT_CREATE, REPORT_UPDATE, REPORT_DISTRIBUTE, REPORT_DELETE

-  UD Permissions: QWEB_VM_DASHBOARD_CREATE, DASHBOARD_CREATE, TEMPLATE_CREATE

-  VMUI permissions: QWEB_VM_ACCESS, QWEB_VM_UI_ACCESS

-  PCUI permissions: QWEB_PC_ACCESS, QWEB_PC_UI_ACCESS

Note: It depends on the manage_vm and manage_pc permissions. If manage_pc is true, the PC_USER role is added; if manage_vm is true, the VM_USER role is added.

AUDITOR

AUDITOR, PC_USER, REPORTING_READER, REPORTING_MANAGER

-  Report Permissions: REPORT_READ, REPORT_CREATE, REPORT_UPDATE, REPORT_DISTRIBUTE, REPORT_DELETE

-  PCUI permissions: QWEB_PC_ACCESS, QWEB_PC_UI_ACCESS

READER

READER, REMEDIATION, VM_USER, PC_USER, REPORTING_READER, REPORTING_MANAGER, UD USER

-  Report Permissions: REPORT_READ, REPORT_CREATE, REPORT_UPDATE, REPORT_DISTRIBUTE, REPORT_DELETE

-  VMUI permissions: QWEB_VM_ACCESS, QWEB_VM_UI_ACCESS

-  PCUI permissions: QWEB_PC_ACCESS, QWEB_PC_UI_ACCESS

Note: It depends on the manage_vm and manage_pc permissions. If manage_pc is true, the PC_USER role is added; if manage_vm is true, the VM_USER role is added.

REMEDIATION USER

REMEDIATION, PC_USER, REPORTING_READER, REPORTING_MANAGER

-  Report Permissions: REPORT_READ, REPORT_CREATE, REPORT_UPDATE, REPORT_DISTRIBUTE, REPORT_DELETE

-  PCUI Permissions: QWEB_PC_ACCESS, QWEB_PC_UI_ACCESS

ADMINISTRATOR USER

ADMINISTRATOR, VM_USER, PC_USER, REPORTING_READER, REPORTING_MANAGER

-  Report Permissions: REPORT_READ, REPORT_CREATE, REPORT_UPDATE, REPORT_DISTRIBUTE, REPORT_DELETE

-  VMUI/PCUI Permissions: QWEB_VM_ACCESS, QWEB_VM_UI_ACCESS, QWEB_PC_ACCESS, QWEB_PC_UI_ACCESS

-  ADMIN Permissions: ADMIN_ACCESS, USER_READ, USER_CREATE, USER_UPDATE,USER_ROLE_ACCESS, USER_ROLE_CREATE, USER_ROLE_UPDATE, USER_ROLE_DELETE, DEFAULTS_UPDATE

CONTACT

CONTACT, VM_USER, PC_USER, REPORTING_READER, REPORTING_MANAGER

-  General Permissions: UI_ACCESS

-  Report Permissions: REPORT_READ, REPORT_CREATE, REPORT_UPDATE, REPORT_DISTRIBUTE, REPORT_DELETE

-  VMUI Permissions: QWEB_VM_ACCESS, QWEB_VM_UI_ACCESS

-  PCUI Permissions: QWEB_PC_ACCESS, QWEB_PC_UI_ACCESS