Creating a user role
Create user roles to manage the functions that a user can access in IBM® QRadar®. By default, your system provides a default administrative user role, which provides access to all areas of QRadar.
About this task
Users who are assigned an administrative user role cannot edit their own account. This restriction applies to the default Admin user role. Another administrative user must make any account changes.
Procedure
- Click the Admin tab.
- In the User Management section, click User Roles and then click New.
-
In the User Role Name field, type a unique name. Note: In QRadar versions 7.5.0 UP5 and later, the user role name can have a maximum of 50 characters. In earlier versions, the name can have a maximum of 30 characters.
-
Select the permissions that you want to assign to the user role.
The permissions that are visible on the User Role Management window depend on which QRadar components are installed.
Important: If you select a user role that has Admin privileges, you must also grant that user role the Admin security profile. See Creating a security profile.Table 1. User Role Management window permissions Permission
Description
Admin Grants administrative access to the user interface. You can grant specific Admin permissions.
Users with System Administrator permission can access all areas of the user interface. Users who have this access cannot edit other administrator accounts.- Administrator Manager
- Grants users permission to create and edit other administrative user accounts.
- Remote Networks and Services Configuration
- Grants users access to the Remote Networks and Services icon on the Admin tab.
- System Administrator
- Grants users permission to access all areas of user interface. Users with this access are not able to edit other administrator accounts.
- Manage Local Only
- Grants permission to assign and manage Local Only authentication. For more information about Local Only authentication, see Assigning Local Only authentication.
Delegated Administration Grant users permissions to perform limited administrative functions. In a multi-tenant environment, tenant users with Delegated Administration permissions can see only data for their own tenant environment. If you assign other administrative permissions that are not part of Delegated Administration, tenant users can see data for all tenants. Offenses Grants administrative access to all functions on the Offenses tab.
Users must have administrative access to create or edit a search group on the Offenses tab.
User roles must have the Maintain Custom Rules permission to create and edit custom rules.
Log Activity Grants access to functions in the Log Activity tab. You can also grant specific permissions:- Maintain Custom Rules
- Grants permission to create or edit rules that are displayed on the Log Activity tab.
- Manage Time Series
- Grants permission to configure and view time series data charts.
- User Defined Event Properties
- Grants permission to create custom event properties.
- View Custom Rules
- Grants permission to view custom rules. If granted to a user role that does not also have the Maintain Custom Rules permission, the user role cannot create or edit custom rules.
Network Activity Grants access to all the functions in the Network Activity tab. You can grant specific access to the following permissions:- Maintain Custom Rules
- Grants permission to create or edit rules that are displayed on the Network Activity tab.
- Manage Time Series
- Grants permission to configure and view time series data charts.
- User Defined Flow Properties
- Grants permission to create custom flow properties.
- View Custom Rules
- Grants permission to view custom rules. If the user role does not also have the Maintain Custom Rules permission, the user role cannot create or edit custom rules.
- View Flow Content
- Grants permission to view source payload and destination payload in the flow data details.
Assets This permission is displayed only if IBM QRadar Vulnerability Manager is installed on your system. Grants access to the function in the Assets tab. You can grant specific permissions:- Perform VA Scans
- Grants permission to complete vulnerability assessment scans. For more information about vulnerability assessment, see the Managing Vulnerability Assessment Guide.
- Remove Vulnerabilities
- Grants permission to remove vulnerabilities from assets.
- Server Discovery
- Grants permission to discover servers.
- View VA Data
- Grants permission to vulnerability assessment data. For more information about vulnerability assessment, see the Managing Vulnerability Assessment guide.
Reports Grants permission to access all of the functions on the Reports tab.- Distribute Reports via Email
- Grants permission to distribute reports through email.
- Maintain Templates
- Grants permission to edit report templates.
Risk Manager Grants users permission to access QRadar Risk Manager functions. QRadar Risk Manager must be activated. Vulnerability Manager Grants permission to QRadar Vulnerability Manager function. QRadar Vulnerability Manager must be activated.
For more information, see the IBM QRadar Vulnerability Manager (https://www.ibm.com/docs/en/SS42VS_7.5/com.ibm.qradar.doc/c_qvm_vm_ov.html).
Forensics Grants permission to QRadar Incident Forensics capabilities.- Create cases in Incident Forensics
- Grants permission to create cases for collections of imported document and pcap files.
IP Right Click Menu Extensions Grants permission to options added to the right-click menu.
Platform Configuration Grants permission to Platform Configuration services.- Dismiss System Notifications
- Grants permission to hide system notifications from the Messages tab.
- View Reference Data
- Grants permission to view reference data when it is available in search results.
- View System Notifications
- Grants permission to view system notifications from the Messages tab.
Read-only Configuration Grants permission to view log sources and offenses.- View Log Sources
- Grants permission to view, but not create or edit, log sources.
- View Offenses
- Grants permission to view, but not create or edit, offenses.
- View Users
- Grants permission to view, but not create or edit, other users.
- View User Roles
- Grants permission to view, but not create or edit user roles.
QRadar Log Source Management Grants permission to the QRadar Log Source Management app. Pulse - Dashboard Grants permission to dashboards in the IBM QRadar Pulse app. Pulse - Threat Globe Grants permission to Threat Globe dashboard in the IBM QRadar Pulse app. QRadar Assistant Grants permission to the IBM QRadar Assistant app. QRadar Use Case Manager Grants permission to the QRadar Use Case Manager app. -
In the Dashboards section of the User Role Management page, select the
dashboards that you want the user role to access, and click Add.
Tip: A dashboard displays no information when the user role does not have permission to view dashboard data. If a user modifies the displayed dashboards, the defined dashboards for the user role appear at the next login.
- Click Save and close the User Role Management window.
- On the Admin tab menu, click Deploy Changes.