Creating a user role

Create user roles to manage the functions that a user can access in IBM® QRadar®. By default, your system provides a default administrative user role, which provides access to all areas of QRadar.

About this task

Users who are assigned an administrative user role cannot edit their own account. This restriction applies to the default Admin user role. Another administrative user must make any account changes.

Procedure

  1. Click the Admin tab.
  2. In the User Management section, click User Roles and then click New.
  3. In the User Role Name field, type a unique name.
    Note: In QRadar versions 7.5.0 UP5 and later, the user role name can have a maximum of 50 characters. In earlier versions, the name can have a maximum of 30 characters.
  4. Select the permissions that you want to assign to the user role.

    The permissions that are visible on the User Role Management window depend on which QRadar components are installed.

    Important: If you select a user role that has Admin privileges, you must also grant that user role the Admin security profile. See Creating a security profile.
    Table 1. User Role Management window permissions

    Permission

    Description

    Admin

    Grants administrative access to the user interface. You can grant specific Admin permissions.

    Users with System Administrator permission can access all areas of the user interface. Users who have this access cannot edit other administrator accounts.
    Administrator Manager
    Grants users permission to create and edit other administrative user accounts.
    Remote Networks and Services Configuration
    Grants users access to the Remote Networks and Services icon on the Admin tab.
    System Administrator
    Grants users permission to access all areas of user interface. Users with this access are not able to edit other administrator accounts.
    Manage Local Only
    Grants permission to assign and manage Local Only authentication. For more information about Local Only authentication, see Assigning Local Only authentication.
    Delegated Administration Grant users permissions to perform limited administrative functions. In a multi-tenant environment, tenant users with Delegated Administration permissions can see only data for their own tenant environment. If you assign other administrative permissions that are not part of Delegated Administration, tenant users can see data for all tenants.
    Offenses

    Grants administrative access to all functions on the Offenses tab.

    Users must have administrative access to create or edit a search group on the Offenses tab.

    User roles must have the Maintain Custom Rules permission to create and edit custom rules.

    Log Activity
    Grants access to functions in the Log Activity tab. You can also grant specific permissions:
    Maintain Custom Rules
    Grants permission to create or edit rules that are displayed on the Log Activity tab.
    Manage Time Series
    Grants permission to configure and view time series data charts.
    User Defined Event Properties
    Grants permission to create custom event properties.
    View Custom Rules
    Grants permission to view custom rules. If granted to a user role that does not also have the Maintain Custom Rules permission, the user role cannot create or edit custom rules.
    Network Activity
    Grants access to all the functions in the Network Activity tab. You can grant specific access to the following permissions:
    Maintain Custom Rules
    Grants permission to create or edit rules that are displayed on the Network Activity tab.
    Manage Time Series
    Grants permission to configure and view time series data charts.
    User Defined Flow Properties
    Grants permission to create custom flow properties.
    View Custom Rules
    Grants permission to view custom rules. If the user role does not also have the Maintain Custom Rules permission, the user role cannot create or edit custom rules.
    View Flow Content
    Grants permission to view source payload and destination payload in the flow data details.
    Assets This permission is displayed only if IBM QRadar Vulnerability Manager is installed on your system.
    Grants access to the function in the Assets tab. You can grant specific permissions:
    Perform VA Scans
    Grants permission to complete vulnerability assessment scans. For more information about vulnerability assessment, see the Managing Vulnerability Assessment Guide.
    Remove Vulnerabilities
    Grants permission to remove vulnerabilities from assets.
    Server Discovery
    Grants permission to discover servers.
    View VA Data
    Grants permission to vulnerability assessment data. For more information about vulnerability assessment, see the Managing Vulnerability Assessment guide.
    Reports
    Grants permission to access all of the functions on the Reports tab.
    Distribute Reports via Email
    Grants permission to distribute reports through email.
    Maintain Templates
    Grants permission to edit report templates.
    Risk Manager Grants users permission to access QRadar Risk Manager functions. QRadar Risk Manager must be activated.
    Vulnerability Manager

    Grants permission to QRadar Vulnerability Manager function. QRadar Vulnerability Manager must be activated.

    For more information, see the IBM QRadar Vulnerability Manager (https://www.ibm.com/docs/en/SS42VS_7.5/com.ibm.qradar.doc/c_qvm_vm_ov.html).

    Forensics
    Grants permission to QRadar Incident Forensics capabilities.
    Create cases in Incident Forensics
    Grants permission to create cases for collections of imported document and pcap files.
    IP Right Click Menu Extensions

    Grants permission to options added to the right-click menu.

    Platform Configuration
    Grants permission to Platform Configuration services.
    Dismiss System Notifications
    Grants permission to hide system notifications from the Messages tab.
    View Reference Data
    Grants permission to view reference data when it is available in search results.
    View System Notifications
    Grants permission to view system notifications from the Messages tab.
    Read-only Configuration
    Grants permission to view log sources and offenses.
    View Log Sources
    Grants permission to view, but not create or edit, log sources.
    View Offenses
    Grants permission to view, but not create or edit, offenses.
    View Users
    Grants permission to view, but not create or edit, other users.
    View User Roles
    Grants permission to view, but not create or edit user roles.
    QRadar Log Source Management Grants permission to the QRadar Log Source Management app.
    Pulse - Dashboard Grants permission to dashboards in the IBM QRadar Pulse app.
    Pulse - Threat Globe Grants permission to Threat Globe dashboard in the IBM QRadar Pulse app.
    QRadar Assistant Grants permission to the IBM QRadar Assistant app.
    QRadar Use Case Manager Grants permission to the QRadar Use Case Manager app.
  5. In the Dashboards section of the User Role Management page, select the dashboards that you want the user role to access, and click Add.
    Tip: A dashboard displays no information when the user role does not have permission to view dashboard data. If a user modifies the displayed dashboards, the defined dashboards for the user role appear at the next login.
  6. Click Save and close the User Role Management window.
  7. On the Admin tab menu, click Deploy Changes.