User roles and permissions

You can create any number of roles and customize its permissions based on your requirement. To learn how to create/modify roles, refer to this document. While creating a new role or modifying existing roles, you'll have the option to specify permission levels for each module of Vulnerability Manager Plus. The permission levels are broadly classified into:

  • Full Control
  • Write
  • Read
  • No Access

This document details the actions/operations that are associated with each module and which actions/operations are permitted based on the permission specified to each module while creating/modifying a role. Note that the administrator level permission will be restricted to the administrator role alone and can't be granted to any other roles. The reason that administrator permission is listed below is to show the limitations of other permission levels when compared with the administrator permission.

Note: Provision to configure permissions for Vulnerability Management module exclusively is available only in Vulnerability Manager Plus 10.1.2119.3 and above. For versions below 10.1.2119.3, Patch Management module permissions will cover all the actions listed in the table under the Vulnerability Management module.

Action Admin Full Control Write Read
Vulnerability Management
View software vulnerabilities, system misconfigurations, high-risk software, and active port details
Resolve misconfigurations in systems
Uninstall Software
Update vulnerability database
Add/remove threat exceptions
View all compliance policies and their details
Group Compliance policies
View policy groups and their details
Modify policy group
Delete policy group
Create Audits
Delete audits
Modify audits
View compliance audit results
Patch Management
Install patches (or) Manual patch deployment
Automate Patch Deployment (APD)
APD Task List View
Edit or Delete APD
View Configurations
View Deployment Templates
Add, Edit or Delete Deployment Templates
Approve/Decline/Un Approve - Applicable Patches
Download / Re-download /Delete Patches
Deploy Missing Patches to All Managed Systems
Scan/Scan All
Patch Report
Patch Settings
Update Vulnerability Database
Wake On LAN - Wake up & schedule wake up
Remote Shutdown - Shutdown now & schedule shutdown
Network Devices
Adding Network Devices
Managed Devices Table View
Managing (Adding/Editing) Credentials
Removing Network Devices
Scanning Devices
Devices Summary/Hardware Details/Vulnerabilities
Upload and Install Patch
Detect Vulnerabilities
Dashboard
Credential Manager
Deployment View
Deployment configuration summary
Create, Delete, Modify custom group
Save as custom group
SoM
Remove computers
Remote Offices
IP Scope
Agent settings
Reports
View reports
Download Reports
Schedule reports
Delete reports
Query reports