Roles and Permissions in FIM

You can create users and then assign a role to it to grant access as per the role you define. Not all users have access to execute all the operations. Depending on the roles and permissions assigned, you can perform actions like creating, editing, or deleting rules and actions. You can use the Qualys Administration module to create FIM users and assign roles and permissions. FIM provides certain predefined user roles and depending on the role, you get the associated set of permissions.

FIM supports role-based access control, which ensures that FIM users have access only to the tasks for which they have permission. These roles give an additional level of security to accomplish required tasks and prevent users from accessing anything beyond their assigned roles.

 

The following table captures the predefined roles in FIM and the associated permissions:

Roles Permissions

FIM Manager

General UI: Access

Dashboard: Create, Update, Delete, Print

Events: View, Ignore, Whitelist, Event Insights, Download

Incidents: View, Create, Update, Review*, Reopen, Download, Delete#

Correlation Rules: View, Create, Update, Delete, Activate, Deactivate

Reports: View, Create, Delete, Download

Report Rules: View, Create, Update, Delete, Schedule, Resume, Pause

Profiles: View, Create, Update, Delete, Activate, Deactivate, Link, Assign, Download

Profile Library: View, Import, Download

Asset: View, Download

Responses (alerting): Access, Create, Edit, Delete

Responses (alerting rules): Create, Edit, Delete

FIM Author

General UI: Access

Dashboard: Create, Update, Print

Events: View, Event Insights, Download

Incidents: View, Create, Update, Download

Correlation Rules: View, Create, Update

Reports: View, Create, Download

Report Rules: View, Create, Download

Profile: View, Create, Update, Download, Link, Assign

Profile Library: View, Import, Download

Assets: View, Download

Responses (alerting): Access Alert, Create Alert, Edit Alert

Responses (alerting rules): Create, Edit

FIM Auditor

General UI: Access

Dashboard: Print

Events: View, Download

Incidents: View, Download

Correlation Rules: View

Reports: View, Download

Report Rules: View

Profiles: View, Download

Profile Library: View, Download

Assets: View, Download

Responses (alerting): Access Alert

FIM Analyst

General UI: Access

Dashboard: Create, Update, Print

Events: View, Ignore, Whitelist, Event Insights, Download

Incidents: View, Create, Update, Review*, Reopen, Download

Correlation Rules: View, Create, Update, Activate, Deactivate

Reports: View, Create, Download

Report Rules: View, Create, Update, Schedule, Resume, Pause

Profiles: View, Create, Update, Activate, Deactivate, Link, Assign, Download

Profile Library: View, Import, Download

Assets: View, Download

Responses (alerting): Access Alert, Create Alert, Edit Alert

Responses (alerting rules):  Create, Edit

  • Review*: You can review an incident when you are one of the reviewers and have review access.
  • Delete#: You can delete an incident only when you are a FIM user who is one of the reviewers of the incident and has incident deletion permission.

A user with the Manager role is considered a super-user and has all the available permissions. They have full privileges and access to all modules in the subscription. Only users with Manager role can create other users and assign roles. By default, this role has all FIM permissions and alerting Permissions.

The Manager user can customize permissions for the FIM User and FIM Manager.

By default, the FIM User role has permission to FIM UI Access and Alert Access. So, the user with FIM user role can see the rules and actions but cannot create, edit, or delete them.

The default permissions for FIM User role:

FIM User role

The default permissions for FIM Manager role:

FIM Manager User Permissions

If the user is assigned a role with no Alerting Access permission, the user will not see the Responses tab on the FIM UI

.No Responses tab

Users created before FIM version 2.5 will continue to have the same permissions.