Custom Roles with RBAC
In addition to the system roles, Normal, Read-Only and Administrator, Administrators can create custom roles based on the risk groups or Applications in Cisco Vulnerability Management and select specific user permissions.
Creating a custom role with Role-Based Access Control (RBAC), allows customers to control the specific risk meters and applications a user has access to as well as the permissions. Only the risk meters selected will be visible to the user from the VM tab and only the applications selected will be visible to the user in the AppSec tab. There are three permissions options when creating a new custom role:
- Read-only-- grants users access to view assets and vulnerabilities specified by the selected Risk Meters and/or to specific applications.
- Write—grants users access to view and edit assets and vulnerabilities specified by the selected Risk Meters and/or to specific applications.
- Custom Access allows for the granular selection of individual permissions. This allows customers to set custom permissions based on what you want the user to be able to accomplish in Cisco Vulnerability Management.
Once created, administrators can assign user roles to new users as they are added to the platform. Up to five roles can be assigned per user. Click here to learn more about our Multiple Roles per User feature.
Creating a Custom Role
To create a new custom user role, click the gear in the upper right corner and click on Roles:
From the Roles page, administrators can see the existing user roles, how many roles exist, and easily toggle between the users and roles pages that make up User Management. Click the pencil icon to edit a role and click the trash icon to delete a role.
From here, click the Add Role button and begin by giving the new role a name, description, and selecting whether the role should have access to the Home Page and AppSec Reporting page (if using AppSec).
Next, select the Risk Meters this role should have access to.
If using the AppSec product, select the applications the role should have access to.
Next, select whether this role will have read-only, write, or custom permissions. When selecting custom permissions, the permissions listed below will appear with a toggle button to select the permissions that should be turned on.
Finally, select the users to assign to this role and click Finish.
Viewing Custom Roles
After creating a new role, administrators will be directed to the role view. This view can be accessed by clicking on the name of a role from the roles table. This view is an overview of the Permissions, Risk Meters, Applications, and Users assigned to the role.
Users can also be assigned to specific roles from the Users page when they are created, or by editing current users. When editing a user with multiple roles that have different permissions and access, the permissions will be indicated below and when hovering over “Partial” a box will pop up detailing the permissions associated with specific risk meters.