Assigning user capabilities for QRadar Pulse

After you install QRadar® Pulse, it is displayed as a capability in User Roles on the Admin tab, provided the add_app_capability flag is not set to false. To use the app, a QRadar administrator must assign the app, and any other capabilities that it requires, to a user role.

Non-administrators can work with data that is limited to the restrictions set in their security profile, if permitted by their user role, but they cannot configure IBM® QRadar Pulse. Users are limited to 100 dashboards and 800 dashboard items each. Capabilities are sets of permissions that user roles have.

Security profiles are different than user roles. Security profiles define which networks, log sources, and domains that a user can access. For more information, see the Security Profiles section in the IBM QRadar Administration Guide. Security profiles or user roles that are overly restrictive can result in data not appearing.

Procedure

  1. Click User Roles in the User Management section on the Admin tab.
  2. From the list of available user roles, select the user role that you want to assign the app to.
  3. Select the check box for QRadar Pulse, and then select the check boxes for these capabilities: Offenses, Log Activity, Network Activity, and Pulse - Dashboard, and then click Save.
    Tip: To restrict a user role to seeing offense data but not associated events or flows, select the Offenses check box and clear the following check boxes below it:
    • Assign Offenses to Users
    • Manage Offense Closing Reasons
    • Maintain Custom Rules
    • View Custom Rules
  4. On the Admin tab, click Deploy Changes.