Assigning user capabilities for the QRadar User Behavior Analytics app

Administrators use the User Role Management feature in IBM® QRadar® to configure and manage user accounts. As an administrator, you must enable the User Analytics, Offenses, and Log Activity permissions for each user role that is permitted to use the QRadar User Behavior Analytics (UBA) app.

About this task

After you install UBA, it is displayed as a capability in User Roles on the Admin tab. To use the app, a QRadar administrator must assign the app, and any other capabilities that it requires, to a user role.

Security profiles are different than user roles. Security profiles define which networks, log sources, and domains that a user can access. For more information, see the Security Profiles section in the IBM QRadar Administration Guide. Security profiles or user roles that are overly restrictive can result in data not appearing.

Note: If you are deploying UBA for use in a multitenant environment, see UBA user roles for multitenancy.

Procedure

  1. On the navigation menu ( Navigation menu icon ), click Admin.
  2. In the System Configuration section, click User Management, and then click the User Roles icon.
  3. Select an existing user role or create a new role.
  4. Select the following checkboxes to add the permissions to the role.
    • User Analytics
    • Offenses
    • Log Activity
  5. Click Save.