User Roles FAQ

Tell me about roles for new users

When you create a new user in the VM/VMDR application, you assign a role to that user, and the same role is automatically assigned to the user for certain applications within our Cloud Security Platform like AV, WAS, WAF, MD, CM, etc. Learn more about roles for new users.

How do I create a WAS manager with no permissions in the VM/VMDR application?

To create a WAS Manager with no permissions in the VM/VMDR application, follow these steps:

  1. Go to the VM/VMDR application > Create a user >  Assign the Scanner role and do not assign any assets.
  2. Go to the Administration utility > Edit the user > Remove the Scanner role and add the WAS Manager role.

How do I assign a user API access so the user can use the WAS API?

To assign a user API access for using the WAS API, follow these steps:

  1. In the Administration utility, edit the user and assign a role that has the permission API Access in the Access Permissions group.
  2. You can create a new role and assign it this permission.
  3. Another option is to edit the permissions of an existing role.

By editing permissions of an existing role, you change the permissions for all users assigned this role.

How do I assign/remove tagging permissions for a user with reader role?

You can grant GLOBAL permissions to a role. Upon assigning a role to a particular user, the global permissions are applied to that user. Learn more about how to Manage User Roles.

Depending on when a customer has subscribed with Qualys, a user with reader role may or may not have tagging permissions (Create User Tag, Edit User Tag, Delete User Tag) assigned to him. To know more details about tagging permissions and a user role:

  • Subscribed to Qualys before Cloud Platform 3.7 release: By default, a user with reader role will have tagging permissions (Create User Tag, Edit User Tag, Delete User Tag). You can remove the permissions by altering the tagging permissions in Admin utility.
  • Subscribed to Qualys after Cloud Platform 3.7 release: By default, a user with reader role does not have tagging permissions (Create User Tag, Edit User Tag, Delete User Tag). You need to explicitly assign the permissions to them.

Steps to assign or remove the Tagging Permissions

You can grant GLOBAL permissions to a role. Upon assigning a role to a particular user, the global permissions are applied to that user. Learn more about how to Manage User Roles.

  1. In the Administration utility,  go to Role Management tab > Select the user to which you want to assign the permissions > click Edit.
  2. In the Edit window, go to Permissions tab in the left pane and choose Tagging from the Modules drop-down.
  3. To modify the permissions, Click Change and assign the required permissions.
  4. Click Save and the user permissions are assigned to the required user.

How to assign or restrict access to Unified Dashboard application?

We provide a pre-defined role named Unified Dashboard User to provide access to the Unified Dashboard application. Once this role is assigned to a user, the Unified Dashboard application is listed in the application picker and user is able to access the application.

To provide the access, you can either assign the predefined role or change the permissions associated with existing role. If you have users with existing roles, you can edit the permissions associated with the role and assign "Unified Dashboard Application Access" permission to an existing role.

© 2025 Qualys, Inc. All rights reserved. Privacy Policy.