Learn more about the new features and enhancements to the Administration application, which enhance Role-Based Access Control (RBAC) at the Qualys platform level.
The Administration application is alternatively called the Administration module or Administration utility.
The enhanced RBAC system at the platform level leverages each product within the platform to honor the RBAC framework defined by the Administration application.
Important to Know!
- Note that one admin role must be present in your subscription to enable centralized Role Based Access Control (RBAC).
- After the new enhanced RBAC is enabled for your subscription, you cannot perform user management operations from the Vulnerability Management application.
- New Role Management tab: We have introduced a new Role Management tab to provide an enhanced experience to manage roles and permissions.
- User and Role Management APIs: We have introduced few new User and Role management APIs for better experience. For more information, see Administration API Guide.
- New QQL tokens: We have introduced new QQL tokens for the Roles tab.
- Centralized User Management: A unified user management system simplifies the administration of user roles, permissions, and access across the Qualys platform.
- API Support for User Management: New User and Role Management APIs are introduced. These APIs allow users to integrate the platform with existing systems, enabling automated and customized user provisioning, role assignments, and access management. For more information, see the API User Guide.
Important: Earlier, you could use the User List (/msp/user_list.php) and Add/Edit User (/msp/user.php) APIs to perform the user management operations. With the enhanced RBAC enablement, you can no longer use these APIs. As stated earlier, you must use the newly introduced APIs to perform the user and role management operations.
- Super User Role: A new Role, Super User, has been introduced. The user with this role is provided with all permissions for all applications except the Administration application. However, there is a provision to grant all permissions for the Administration application. The Grant Admin Rights to this User checkbox is introduced for this purpose. For more information, see the User Role section from the Create User topic.
A Super Administrator has all the accesses at the subscription level.
The Administrator is provided with User Management across the Qualys platform. However, the administration can be granted permission to delete the other administrator privileges.
The Manager role only provides module-level access. A user with the manager role can't perform user management operations. Also, note that platform-level access is not granted to the manager role.
- Tags and Tag Set Inclusion Support to the User Scope: While creating or editing the user, you can add tags and tag sets to the scope of the selected user. For more information, see the User Role section from the Create User topic.