Assigning user capabilities for the QRadar User Entity Behavior Analytics app
Administrators use the User Role Management feature in IBM® QRadar® to configure and manage user accounts. As an administrator, you must enable the User Entity Analytics, Offenses, and Log Activity permissions for each user role that is permitted to use the QRadar User Entity Behavior Analytics (UEBA) app.
About this task
After you install UEBA, it is displayed as a capability in User Roles on the Admin tab. To use the app, a QRadar administrator must assign the app, and any other capabilities that it requires, to a user role.
Security profiles are different than user roles. Security profiles define which networks, log sources, and domains that a user can access. For more information, see the Security Profiles section in the IBM QRadar Administration Guide. Security profiles or user roles that are overly restrictive can result in data not appearing.
Note: If you are deploying UEBA for use in a multitenant environment, see UEBA user roles for multitenancy.