This article will cover the differences between the following roles:
- Read-Only
- Write/Normal User
- Administrator
- Custom Roles
For information on creating and managing users and roles, please see our article on Custom Role Based Access Control.
System Roles
Administrator, Write/Normal User, and Read Only are the three standard "System Roles" that can be assigned to a Cisco Vulnerability Management user right out of the box. System Roles have access to ALL assets and Risk Meters whereas custom roles can be limited to specific Risk Meters. When adding a new user for the first time, you will see the standard three System Roles. These roles will always be in this list, but as you add Custom Roles, those will appear here too.
Important: Only System Roles can be assigned an API key which will correspond to their permissions level.
Read-Only User
-
Read Access to All Assets
-
View/sort/filter Assets and Vulnerabilities
-
Email and Export data from Cisco Vulnerability Management
-
Manage personal Alerts settings
Write/Normal User
Everything listed above plus:
-
Write permissions over all assets
-
Modify and Delete Asset Groups (Risk Meters)
-
Create Tickets
-
Export Data
-
Share Top Fixes
-
Edit Asset Status
-
Edit Asset Tags
-
Edit Asset Locators
-
Edit Asset Owner
-
Edit Asset Priority
-
Edit Asset Operating System
-
Edit Asset Notes
-
Edit Vulnerability Status
-
Edit Vulnerability Custom Fields
-
Edit Vulnerability Score Override
-
Edit Vulnerability Due Date
-
Edit Vulnerability Notes
Administrator
Everything listed above plus:
-
Manage User Roles and Users
-
Provision and manage API keys
-
Add, delete and modify Asset Groups (Risk Meters)
-
Add, delete and modify Applications
- Create and run Connectors
- Manage Custom Fields
- Manage SLA (Due Date) Policies
- Enable Dual Factor Authentication
Custom Roles
Custom Access User Roles get customized names and they may limit user permissions through our RBAC controls and limit access to assets by assigning risk meters to the role.
Important: When using Hierarchical Risk Meters, providing access to a parent or descendent will allow access to all assets in lower descendants in the hierarchy.
Access Type
Under Access Type, you can select the standard Read-only or Write permissions which would apply to all of the assets/Risk Meters that you gave the role control over. If you selected particular risk meters, the read-only or write access applies only to those risk meters and assets.
Important: Custom User Roles cannot be assigned API keys.
If you choose Custom permissions, you can choose the specific permissions you want to provide to this role.
General Options - toggle on/off
- Edit Asset Groups
- Create Tickets
- Share Top Fixes
- Export Data
Asset Options - toggle on/off
- Edit Asset Status
- Edit Asset Locators
- Edit Asset Priority
- Edit Asset Notes
- Edit Asset Tags
- Edit Asset Owner
- Edit Asset Operating System
Vulnerability Options - toggle on/off
- Edit Vulnerability Notes
- Edit Vulnerability Status
- Edit Vulnerability Custom Fields
- Edit Vulnerability Score Override
- Edit Vulnerability Due Date
Comments
Please sign in to leave a comment.