Qualys supports distributed management through the creation of user accounts. This allows Managers to delegate responsibility for scanning, reporting, and remediation to multiple users. Any user with management authority can add users with unique roles and privileges. Each user receives a user account with unique login credentials so they can securely log into the subscription and access account configurations.
The service has a role-based model for granting privileges to users. Each user is assigned a predefined user role that has certain privileges.
A sample subscription with multiple users is shown below. There are two Managers, two Scanners, and one Reader. Scanners and Readers are also referred to as sub-users since they have limited privileges on assigned assets.
Managers can access all assets in the subscription -- IPs for scanning, domains for mapping, and scanner appliances. Initially a subscription has one Manager, the subscriber. When there are multiple Managers, all Managers have the same privileges on all assets. Note that one Manager is the primary contact for the subscription. Initially, the subscriber is assigned as the primary contact, and this may be changed to another Manager.
Scanners and Readers can run reports and take action on remediation tickets. Scanners can also launch maps and scans on assigned assets.
See Sample Subscription for information on how vulnerability management is distributed across multiple users in an organization.