Assign Roles to VMDR OT Users 

In the Administration utility, go to Users > Role Management. This is where you create new roles and make changes to the permissions for existing roles. You can also quickly assign roles to users from here.

You need to have

1) full permissions and scope, or

2) a role with the Access Role Management Section permission enabled in the Administration utility.

You can configure two types of user roles:

-User with all privileges: We provide a predefined role named VMDR OT user. Assign the role to the required user.

-User with Reader privileges: The user with the Reader role can only view the data displayed in the VMDR OT application. Click New Role. Give the role a name and description, and then select the application and permissions to privileges be granted to a user when the role is assigned.

To know more about roles. see User Roles FAQ

Select the role you want to assign and choose Add To Users from the Quick Actions menu. Then tell us which users should be assigned the role and click Save. You can remove roles from users similarly - select the action Remove From Users.

Select any role in the list and choose Edit from the Quick Actions menu.

You can change the role name and description and edit the assigned permissions. Any changes you make to a role will apply to all users assigned to that role.

Warning - Be careful when removing the UI access permission from a role. A user will not be able to log into the UI if they don't have at least one role with the UI access permission assigned.

When you edit the permissions for a role, you will notice that you can define application access, applications to be accessible, and permissions within the application for the users with the current role. Currently, you can configure two types of users. Depending on the permissions you assign to the role, you can categorize the users with all permissions or read-only permissions.

Ensure that you have assigned the VMDR OT application to be accessible to the users. Click the title of a group to expand its permissions. Then select the permissions you want to assign to the role.

A user must have access to the assets to view the assets, vulnerabilities, and network list in the scope. Ensure that the user has access to those assets.

Adding tags in the scope of users

Only the Manager user has the right to assign the scope to another user. Manager users need to log in through the Administration utility to assign the scope to a user.

1. In the Administration utility, go to the User Management tab, select the user to which you want to assign the permissions and click Edit.

2. In the Edit window, go to the Roles and Scopes tab in the left pane and choose the Tags (Assets for which the user needs access) from the Global Scope.

Or

You can also assign the tags to scope from the Quick Actions menu of the user on the User Management tab.

Select the tag from the list.

3. Click Save, and the user permissions are assigned to the required user.

For more details on Tagging permission, refer to the section Steps to assign or remove the Tagging Permissions of online help of Administration Utility.

- All privileges: The user will have all the privileges in VMDR OT except creating and managing other users.

- Reader privileges: Users with a Reader role can only view the data displayed in the VMDR OT application.

Note: You need permissions related to tagging activities. There are various permissions like Create User Tag | Edit User Tag| Delete User Tag |Modify Dynamic Tag Rules| Add/Remove Tags.

You can add or remove permissions from multiple roles in a single action. Select the roles you want to change and then select Add Permissions or Remove Permissions from the Quick Actions menu.

Yes. Select the role and choose Delete from the Quick Actions menu. The role you delete will no longer be assigned to users. It is removed automatically from all users' accounts (that had it previously assigned), and those users will no longer have the permissions granted by the role.

Note: -If you edit permissions for a predefined role or delete a predefined role, the user associated with the roles you edit can experience the difference in access behavior.