Example: Least privileged access configuration and set up
Grant users only the minimum amount of access that they require to do their day-to-day tasks.
You can assign different privileges for IBM QRadar data and QRadar capabilities. You can do this assignment by specifying different accept and deny groups for security profiles and user roles. Accept groups assign privileges and deny groups restrict privileges.
Let's look at an example. Your company hired a group of student interns. John is in his final year of a specialized cyber security program at the local university. He was asked to monitor and review known network vulnerabilities and prepare a remediation plan based on the findings. Information about the company's network vulnerabilities is confidential.
As the QRadar administrator, you must ensure that the student interns have limited access to data and systems. Most student interns must be denied access to IBM QRadar Vulnerability Manager, but John's special assignment requires that he has this access. Your organization's policy is that student interns never have access to the QRadar API.
The following table shows that John must be a member of the company.interns and qvm.interns groups to have access to IBM QRadar Risk Manager and QRadar Vulnerability Manager.
| User Role | Accept | Deny |
|---|---|---|
| Admin | qradar.admin | company.firedemployees |
| QVM | qradar.qvm qvm.interns |
company.firedemployees qradar.qrm company.interns |
| QRM | qradar.qrm company.interns |
company.firedemployees |
The following table shows that the security profile for qvm.interns restricts John from accessing the QRadar API.
| Security profile | Accept | Deny |
|---|---|---|
| QVM | qradar.secprofile.qvm | company.firedemployees |
| API | qradar.secprofile.qvm.api | company.firedemployees qradar.secprofile.qvm.interns |