You can create any number of roles and customize its permissions based on your requirement. To learn how to create/modify roles, refer to this document. While creating a new role or modifying existing roles, you'll have the option to specify permission levels for each module of Vulnerability Manager Plus. The permission levels are broadly classified into:
This document details the actions/operations that are associated with each module and which actions/operations are permitted based on the permission specified to each module while creating/modifying a role. Note that the administrator level permission will be restricted to the administrator role alone and can't be granted to any other roles. The reason that administrator permission is listed below is to show the limitations of other permission levels when compared with the administrator permission.
Note: Provision to configure permissions for Vulnerability Management module exclusively is available only in Vulnerability Manager Plus 10.1.2119.3 and above. For versions below 10.1.2119.3, Patch Management module permissions will cover all the actions listed in the table under the Vulnerability Management module.
Action | Admin | Full Control | Write | Read |
---|---|---|---|---|
Vulnerability Management | ||||
View software vulnerabilities, system misconfigurations, high-risk software, and active port details | ||||
Resolve misconfigurations in systems | ||||
Uninstall Software | ||||
Update vulnerability database | ||||
Add/remove threat exceptions | ||||
View all compliance policies and their details | ||||
Group Compliance policies | ||||
View policy groups and their details | ||||
Modify policy group | ||||
Delete policy group | ||||
Create Audits | ||||
Delete audits | ||||
Modify audits | ||||
View compliance audit results | ||||
Patch Management | ||||
Install patches (or) Manual patch deployment | ||||
Automate Patch Deployment (APD) | ||||
APD Task List View | ||||
Edit or Delete APD | ||||
View Configurations | ||||
View Deployment Templates | ||||
Add, Edit or Delete Deployment Templates | ||||
Approve/Decline/Un Approve - Applicable Patches | ||||
Download / Re-download /Delete Patches | ||||
Deploy Missing Patches to All Managed Systems | ||||
Scan/Scan All | ||||
Patch Report | ||||
Patch Settings | ||||
Update Vulnerability Database | ||||
Wake On LAN - Wake up & schedule wake up | ||||
Remote Shutdown - Shutdown now & schedule shutdown | ||||
Network Devices | ||||
Adding Network Devices | ||||
Managed Devices Table View | ||||
Managing (Adding/Editing) Credentials | ||||
Removing Network Devices | ||||
Scanning Devices | ||||
Devices Summary/Hardware Details/Vulnerabilities | ||||
Upload and Install Patch | ||||
Detect Vulnerabilities | ||||
Dashboard | ||||
Credential Manager | ||||
Deployment View | ||||
Deployment configuration summary | ||||
Create, Delete, Modify custom group | ||||
Save as custom group | ||||
SoM | ||||
Remove computers | ||||
Remote Offices | ||||
IP Scope | ||||
Agent settings | ||||
Reports | ||||
View reports | ||||
Download Reports | ||||
Schedule reports | ||||
Delete reports | ||||
Query reports |