How To
Summary
Administrators or app developers might need to view the available capabilities of user roles in QRadar. This technical note defines the existing capabilities and how to view them from the command line. Developers who need to assign permissions to an application can use the capabilities list to complete the required_capabilities field in the application manifest.json file.
Objective
To allow application developers to view existing permissions required for applications. The list in the capabilities file matches the permissions in the user interface.
Steps
To view the available capabilities for your current version, complete the following procedure. It is critical that administrators do not attempt to modify the capabilities file. These instructions are provided for administrators to review the latest capabilities provided for their users or review potential user roles that can be assigned to an application. For more information, see App authorization with QRadar.
Procedure
- Use SSH to log in to the Console as the root user.
- To view the list of capabilities, type:
less /opt/qradar/conf/capabilities.confNote: Do not modify or edit the capabilities file as incorrect entries can break permissions on the Console. This procedure is provided as reference information for administrators and app developers. - The command outputs the following capabilities:
Group Authorized service token capability Description 1 ADMIN System Administrator - Full permissions to all user interfaces. An ADMIN cannot modify the accounts of other administrators. 1 VIEWADMIN Remote Networks and Services Configuration - Allows users to access the Admin > Remote Networks and Services Configuration interface. 1 ADMINMANAGER Administrator Manager - 1 MNGELOCALONLY Manage Local Only Authentication Setting 0 ConfigServices ConfigServices 0 DISABLED Disabled 10 SYSTEM Delegated Administration 10 SYSTEM.USERADMIN Monitor User Activity 10 SYSTEM.NETWORKHIERARCHY Define Network Hierarchy 10 SYSTEM.LOGSOURCE Manage Log Sources 10 SYSTEM.MNGCENTCREDENTIAL Manage Centralized Credentials 10 SYSTEM.MNGREFERENCEDATA Manage Reference Data 10 SYSTEM.WINCOLLECT WinCollect 20 SEM Offense Management 20 SEM.VIEWRULES View Custom Rules 20 SEM.RULECREATION Maintain Custom Rules 20 SEM.ASSIGNOFFENSE Assign Offenses to Users 20 SEM.MANAGECLOSINGREASONS Manage Offense Closing Reasons 25 EventViewer Event Viewer 25 EventViewer.VIEWRULES View Custom Rules 25 EventViewer.RULECREATION Maintain Custom Rules 25 EventViewer.CUSTOMARIELPROPERTY User-defined CustomEvent Properties 25 EventViewer.MANAGETIMESERIES Manage Time Series 27 ASSETS Asset Management 27 ASSETS.VADATA View Vulnerability Assessment (VA) Data 27 ASSETS.VASCAN Perform Vulnerability Assessment (VA) Scans 27 ASSETS.SERVERDISCOVERY Server Discovery 27 ASSETS.REMOVEVULNS Remove Vulnerabilities 40 SURVEILLANCE Network Surveillance 40 SURVEILLANCE.VIEWRULES View Custom Rules 40 SURVEILLANCE.DATAMINECONTENT View Flow Content 40 SURVEILLANCE.CUSTOMFLOWPROPERTY User-defined Custom Flow Properties 40 SURVEILLANCE.MANAGETIMESERIES Manage Time Series 40 SURVEILLANCE.RULECREATION Maintain Custom Rules 50 REPORTING Reporting 50 REPORTING.MAINTAINTEMPLATES Maintain Templates 50 REPORTING.DISTRIBUTE Distribute Reports through Email 55 FORENSICS Incident Forensics 55 FORENSICS.CASECREATION Create cases in Incident Forensics 70 LOGAGGREGATION Log Aggregation 100 PLATFORMCONFIGURATION Platform Configuration 100 PLATFORMCONFIGURATION.NOTIF View System Notifications 100 PLATFORMCONFIGURATION.NOTIFDISMISS Dismiss System Notifications 100 PLATFORMCONFIGURATION.READONLYREFERENCEDATA View Reference Data 130 QVM.ASSIGNASSETOWNER Assign Asset Owner 130 QVM.VULNERABILITY Assign Vulnerability 130 QVM.EXCEPTION Exception Vulnerability N/A QVM.SCANPOLICY(Deprecated)Scan policy permissions - Allows users to configure scan policies.This capability is deprecated with the release of QRadar 7.5.0 Update Package 6. Users on older version might have access to the capabilities, but the user role is obsolete for users on 7.5.0 UP6 or later. For more information, see QRadar Vulnerability Manager end of life.N/A QVM.SCANPROFILE(Deprecated)Scan profile permissions - Provides permissions to configure scan profiles.This capability is deprecated with the release of QRadar 7.5.0 Update Package 6. Users on older version might have access to the capabilities, but the user role is obsolete for users on 7.5.0 UP6 or later. For more information, see QRadar Vulnerability Manager end of life.Important: Do NOT attempt to modify the capabilities file. - If you use a value that is deprecated or no longer exists, the application can fail to install properly or experience user interface issues for a permission that no longer exists.
Results
Select the best user role for your application. For more information, see QRadar app framework v2.
Document Location
Worldwide
[{"Type":"MASTER","Line of Business":{"code":"LOB24","label":"Security Software"},"Business Unit":{"code":"BU059","label":"IBM Software w\/o TPS"},"Product":{"code":"SSBQAC","label":"IBM Security QRadar SIEM"},"ARM Category":[{"code":"a8m0z000000cwt3AAA","label":"QRadar Apps"}],"ARM Case Number":"","Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"All Versions"}]
Was this topic helpful?
Document Information
Modified date:
14 August 2023
UID
ibm17026595