Role Permissions 101

This article will cover the differences between the following roles:

• Read-Only
• Write/Normal User
• Administrator
• Custom Roles

For information on creating and managing users and roles, please see our article on Custom Role Based Access Control.

System Roles

Administrator, Write/Normal User, and Read Only are the three standard "System Roles" that can be assigned to a Cisco Vulnerability Management user right out of the box. System Roles have access to ALL assets and Risk Meters whereas custom roles can be limited to specific Risk Meters. When adding a new user for the first time, you will see the standard three System Roles. These roles will always be in this list, but as you add Custom Roles, those will appear here too.

Important: Only System Roles can be assigned an API key which will correspond to their permissions level.

Read-Only User

• Read Access to All Assets 

• View/sort/filter Assets and Vulnerabilities

• Email and Export data from Cisco Vulnerability Management

• Manage personal Alerts settings

Write/Normal User

Everything listed above plus:

• Write permissions over all assets

• Modify and Delete Asset Groups (Risk Meters)

• Create Tickets

• Export Data

• Share Top Fixes

• Edit Asset Status

• Edit Asset Tags

• Edit Asset Locators

• Edit Asset Owner

• Edit Asset Priority

• Edit Asset Operating System

• Edit Asset Notes

• Edit Vulnerability Status

• Edit Vulnerability Custom Fields

• Edit Vulnerability Score Override

• Edit Vulnerability Due Date

• Edit Vulnerability Notes

Administrator

Everything listed above plus:

• Manage User Roles and Users

• Provision and manage API keys

• Add, delete and modify Asset Groups (Risk Meters)

• Add, delete and modify Applications

• Create and run Connectors
• Manage Custom Fields
• Manage SLA (Due Date) Policies
• Enable Dual Factor Authentication

Custom Roles

Custom Access User Roles get customized names and they may limit user permissions through our RBAC controls and limit access to assets by assigning risk meters to the role.

Important: When using Hierarchical Risk Meters, providing access to a parent or descendent will allow access to all assets in lower descendants in the hierarchy.

Access Type

Under Access Type, you can select the standard Read-only or Write permissions which would apply to all of the assets/Risk Meters that you gave the role control over. If you selected particular risk meters, the read-only or write access applies only to those risk meters and assets.

Important: Custom User Roles cannot be assigned API keys.

If you choose Custom permissions, you can choose the specific permissions you want to provide to this role.

General Options - toggle on/off

• Edit Asset Groups
• Create Tickets
• Share Top Fixes
• Export Data

Asset Options - toggle on/off

• Edit Asset Status
• Edit Asset Locators
• Edit Asset Priority
• Edit Asset Notes
• Edit Asset Tags
• Edit Asset Owner
• Edit Asset Operating System

Vulnerability Options - toggle on/off

• Edit Vulnerability Notes
• Edit Vulnerability Status
• Edit Vulnerability Custom Fields
• Edit Vulnerability Score Override
• Edit Vulnerability Due Date