In addition to the system roles, Normal, Read-Only and Administrator, Cisco Vulnerability Management administrators can create custom roles based on the risk groups or applications and select specific user permissions.  

Creating a custom role with Role-Based Access Control (RBAC), allows you to control the specific risk meters and applications that a user has access to and control the permissions for the role. Only the risk meters that you select will be visible to the user from the Vulnerability Management pages and only the applications that you select will be visible to the user in the Application Security Module page. There are three permissions options available when you create a new custom role: 

• Read-only - grants users access to view assets and vulnerabilities specified by the selected Risk Meters and/or to specific applications.  
• Write - grants users access to view and edit assets and vulnerabilities specified by the selected Risk Meters and/or to specific applications.  
• Custom Access - allows for the granular selection of individual permissions. This allows you to set custom permissions based on what you want the user to accomplish in Cisco Vulnerability Management. 

Once created, administrators can assign user roles to new users as they are added to Cisco Vulnerability Management. Up to five roles can be assigned per user. For more information about using multiple roles per user, refer to the information here.

For more information about how you can use the API with RBAC, refer to the information here.

Create a Custom Role

1. In Cisco Vulnerability Management, hover over the Settings icon () in the upper right-hand corner of the page and click Roles.

On the Roles page, you can see the existing user roles, how many roles exist, and toggle between the users and roles pages that make up User Management. To edit a role, click the pencil icon (). To delete a role, click the trashcan icon (). 

2. Click Add Role

3. Enter a Name and a Description for the role, and select if the role should have access to the Home Page and Application Security Module Reporting page (if you use the Application Security Module). 

4. Click Continue.
5. Select the Risk Meters the role should have access to and click b.

6. If you are using the Application Security Module, select the applications the role should have access to and click Continue. 

7. Select a permission level for the role. Click Save and Continue. Note: When you select the Custom permissions option, toggle buttons display beside the options that you can choose for the role. 

8. Select the users to assign to the role.

  9. Click Finish. 
      The role view displays.

View Custom Roles

To view an overview of the Permissions, Risk Meters, Applications, and Users assigned to a role, click the role name in the roles table.    

Assign a role to an existing user

You can edit existing users and assign roles to them.
1. Hover over the Settings icon () in the upper right-hand corner of the page, and click Users.
2. Click the user that you want to edit.
3. Click Edit User.
4. Edit the user.
Note: When you edit a user with multiple roles that each have different permissions and access levels, you can hover over “Partial”, and the permissions associated with specific risk meters display. 

5. Click Update User.