This article will cover the differences between the following roles:
- Read-Only
- Write/Normal User
- Administrator
- Custom Roles
For information on creating and managing users and roles, refer to the information here.
System Roles
Administrator, Write/Normal User, and Read Only are the three standard "System Roles" that you can assign to a Cisco Vulnerability Management user immediately. System Roles have access to all assets and Risk Meters while custom roles can be limited to specific Risk Meters. When adding a new user for the first time, you will see the standard three System Roles. These roles will always be in this list, but as you add Custom Roles, those will appear here too.
Important: Only System Roles can be assigned an API key which will correspond to their permissions level.
Read-Only User
-
Read Access to All Assets
-
View/sort/filter Assets and Vulnerabilities
-
Email and Export data from Cisco Vulnerability Management
-
Manage personal Alerts settings
Write/Normal User
Everything listed above plus:
-
Write permissions over all assets
-
Modify and Delete Asset Groups (Risk Meters)
-
Create Tickets
-
Export Data
-
Share Top Fixes
-
Edit Asset Status
-
Edit Asset Tags
-
Edit Asset Locators
-
Edit Asset Owner
-
Edit Asset Priority
-
Edit Asset Operating System
-
Edit Asset Notes
-
Edit Vulnerability Status
-
Edit Vulnerability Custom Fields
-
Edit Vulnerability Score Override
-
Edit Vulnerability Due Date
-
Edit Vulnerability Notes
Administrator
Everything listed above plus:
-
Manage User Roles and Users
-
Provision and manage API keys
-
Add, delete and modify Asset Groups (Risk Meters)
-
Add, delete and modify Applications
-
Create and run Connectors
-
Manage Custom Fields
-
Manage SLA (Due Date) Policies
-
Enable Dual Factor Authentication
Custom Roles
Custom access user roles can limit user permissions through the RBAC controls and you can assign risk meters to the role to limit access to assets.
Important: When using Hierarchical Risk Meters, providing access to a parent or descendent allows access to all assets in lower descendants in the hierarchy.
Access Type
Under Access Type, you can select the standard Read-only or Write permissions which would apply to all of the assets/Risk Meters that you gave the role control over. If you selected particular risk meters, the read-only or write access applies only to those risk meters and assets.
Important: Custom User Roles cannot be assigned API keys.
If you choose Custom permissions, you can choose the specific permissions you want to provide to this role.
General Options
- Edit Asset Groups
- Create Tickets
- Share Top Fixes
- Export Data
- Read All Exports
Asset Options
- Asset Status
- Asset Locators
- Asset Priority
- Asset Notes
- Asset Tags
- Asset Owner
- Asset Operating System
Vulnerability Options
- Vulnerability Notes
- Vulnerability Status
- Vulnerability Custom Fields
- Vulnerability Score Override
- Vulnerability Due Date
Findings Options
- Finding Status
- Finding Custom Fields
- Finding Due Date
- Finding Score Override
Stacks Options
- View Stacks
- Edit Stacks
Applications Options
- View Applications
- Edit Applications
Comments
Please sign in to leave a comment.