User Roles and Permissions
The access to the Qualys Core and Qualys VMDRapplications is restricted based on the user roles.
The following table presents the user groups and associated roles and permissions for Qualys Core application:
|
Role |
Permissions |
|---|---|
|
x_qual5_core.admin |
Administrative user of the application. Create, Write, Read, and Delete access to all aspects of the application. |
|
x_qual5_core.kb_read |
Read access to the Qualys - KnowledgeBase records. |
|
x_qual5_core.create |
Can see the Create CI UI action from host records. |
|
x_qual5_core. |
Grants access to any Data Receiver API Endpoints that are available globaly across the Qualys for ServiceNow app and add-ins. These endpoints are used to Push data from Qualys into ServiceNow. This role would need to be given to the ServiceNow Service Account that is being used by Qualys for API Authentication. # API Endpoints
|
|
x_qual5_core.connector_user |
This role grants access to create, modify and delete Connector Records. |
|
x_qual5_core. |
Has access to FIM Incidents and information related to them. |
|
x_qual5_core. |
Has access to read/write the General Settings values of the application. |
|
x_qual5_core.import_user |
Has access to the import_set tables for debugging and API Calls. |
|
x_qual5_core.host_user |
Has Read access to Host Asset Records and related information such as Asset Tags and Asset Groups |
|
x_qual5_core. |
Role required to see/interact with Launching VM Scans |
|
x_qual5_core. |
This role grants access to view and manage patch deployments for Change Request |
|
x_qual5_core. |
This role grants access to view VM Scans and related data, such as Option Profiles and Scanner Appliances |
|
x_qual5_core.user |
This role grants basic access to the Data Tables within Qualys CORE and basic information within those tables. Typically, this role is not granted directly to users and is auto-granted based on the add-on application roles that come with Applications such as Qualys VMDR # Access to read the following
|
|
x_qual5_core. |
This role grants READ Only access to the Qualys KnowledgeBase |
The following table presents the user groups and associated roles and permissions for Qualys VMDR application.
|
Role |
Permissions |
|---|---|
|
x_qual5_vmdr.dashboard_viewer |
Can Access / View Dashboard from VMDR Application |
|
x_qual5_vmdr.admin |
Can create/read/write/delete items within this application scope. |
|
x_qual5_vmdr.exception_approver |
Can read vunlnerability incidentss where they are the Exception approver or if the incidents is assigned directly to them. |
|
x_qual5_vmdr.false_positive_approver |
Has access to read Vulnerability incidentss where they are involved in the approval process for it (regardless of which approval step). Has additional access to edit fields required to be filled by the False Positive Approver on the vulnerability incidents, when they are involved in the approval for that vulnerability incidents. |
|
x_qual5_vmdr.remediation_owner |
This role is intended for Remediation Owners who need to perform work on VMDR incidents or VMDR incidents Group records that belong to a Support/Assignment group they are a member of. ## VMDR incidents Grants Read/Write access to VMDR incidentss and Related Functions where the logged in user is a member of the Assignment Group for that incidents ## VMDR incidents Group Grants Read/Write access to VMDR incidents Group Records and Related Functions where the logged in user is a member of the Assignment Group for that incidents |
|
x_qual5_vmdr.vulnerability_analyst |
This role is intended for Security Analysts who must perform work or oversee all VMDR incidents and VMDR incidents Group records, regardless of which Assignment Group they are associated with. ## VMDR incidents Grants Read/Write/Create access to all VMDR incidentss and Related Functions ## VMDR incidents Group Grants Raad/Write/Create access to all VMDR incidents Group and Related Functions |