Roles and Permissions in FIM
You can create users and then assign a role to it to grant access as per the role you define. Not all users have access to execute all the operations. Depending on the roles and permissions assigned, you can perform actions like creating, editing, or deleting rules and actions. You can use the Qualys Administration module to create FIM users and assign roles and permissions. FIM provides certain predefined user roles and depending on the role, you get the associated set of permissions.
FIM supports role-based access control, which ensures that FIM users have access only to the tasks for which they have permission. These roles give an additional level of security to accomplish required tasks and prevent users from accessing anything beyond their assigned roles.
The following table captures the predefined roles in FIM and the associated permissions:
Roles | Permissions |
---|---|
FIM Manager |
General UI: Access Dashboard: Create, Update, Delete, Print Events: View, Ignore, Whitelist, Event Insights, Download Incidents: View, Create, Update, Review*, Reopen, Download, Delete# Correlation Rules: View, Create, Update, Delete, Activate, Deactivate Reports: View, Create, Delete, Download Report Rules: View, Create, Update, Delete, Schedule, Resume, Pause Profiles: View, Create, Update, Delete, Activate, Deactivate, Link, Assign, Download Profile Library: View, Import, Download Asset: View, Download Responses (alerting): Access, Create, Edit, Delete Responses (alerting rules): Create, Edit, Delete |
FIM Author |
General UI: Access Dashboard: Create, Update, Print Events: View, Event Insights, Download Incidents: View, Create, Update, Download Correlation Rules: View, Create, Update Reports: View, Create, Download Report Rules: View, Create, Download Profile: View, Create, Update, Download, Link, Assign Profile Library: View, Import, Download Assets: View, Download Responses (alerting): Access Alert, Create Alert, Edit Alert Responses (alerting rules): Create, Edit |
FIM Auditor |
General UI: Access Dashboard: Print Events: View, Download Incidents: View, Download Correlation Rules: View Reports: View, Download Report Rules: View Profiles: View, Download Profile Library: View, Download Assets: View, Download Responses (alerting): Access Alert |
FIM Analyst |
General UI: Access Dashboard: Create, Update, Print Events: View, Ignore, Whitelist, Event Insights, Download Incidents: View, Create, Update, Review*, Reopen, Download Correlation Rules: View, Create, Update, Activate, Deactivate Reports: View, Create, Download Report Rules: View, Create, Update, Schedule, Resume, Pause Profiles: View, Create, Update, Activate, Deactivate, Link, Assign, Download Profile Library: View, Import, Download Assets: View, Download Responses (alerting): Access Alert, Create Alert, Edit Alert Responses (alerting rules): Create, Edit |
- Review*: You can review an incident when you are one of the reviewers and have review access.
- Delete#: You can delete an incident only when you are a FIM user who is one of the reviewers of the incident and has incident deletion permission.
A user with the Manager role is considered a super-user and has all the available permissions. They have full privileges and access to all modules in the subscription. Only users with Manager role can create other users and assign roles. By default, this role has all FIM permissions and alerting Permissions.
The Manager user can customize permissions for the FIM User and FIM Manager.
By default, the FIM User role has permission to FIM UI Access and Alert Access. So, the user with FIM user role can see the rules and actions but cannot create, edit, or delete them.
The default permissions for FIM User role:
The default permissions for FIM Manager role:
If the user is assigned a role with no Alerting Access permission, the user will not see the Responses tab on the FIM UI
.
Users created before FIM version 2.5 will continue to have the same permissions.