Assigning user permissions for QRadar Offenses Forwarder

After you install IBM® QRadar Offenses Forwarder, it is displayed as a capability in the User Roles window on the Admin tab. Capabilities are sets of permissions that user roles have. To use the app, a QRadar® administrator must assign the app, and any other capabilities that it requires, to a user role.

Before you begin

You must have administrator privileges to assign user permissions for the app.

About this task

Security profiles are different from user roles. Security profiles define which networks, log sources, and domains that a user can access. Security profiles or user roles that are overly restrictive can result in data not appearing.


  1. On the QRadar console, go to the Admin tab and click User Roles.
  2. On the User Roles window, select the user role that you want to assign the app permissions to.
  3. Select the checkbox for QRadar Offenses Forwarder and then click Save.
  4. On the Admin tab, click Deploy Changes so that your user role updates take effect.

What to do next

Ingesting QRadar offense alerts by creating an ingestion data source