User Roles

A user role defines the functions that a user can access in JSA.

During the installation, four default user roles are defined: Admin, All, WinCollect, and Disabled.

Before you add user accounts, you must create the user roles to meet the permission requirements of your users.

Creating a User Role

Create user roles to manage the functions that a user can access in JSA.

By default, your system provides a default administrative user role, which provides access to all areas of JSA. Users who are assigned an administrative user role cannot edit their own account. This restriction applies to the default Admin user role. Another administrative user must make any account changes.

On the Admin tab, click User Roles.
On the toolbar, click New.
In the User Role Name field, type a unique name for this user role.

Select the permissions that you want to assign to the user role.

The permissions that are visible on the User Role Management window depend on which JSA components are installed.

Table 1: User Role Management window permissions
Permission	Description
Admin	Grants administrative access to the user interface. You can grant specific Admin permissions. Users with System Administrator permission can access all areas of the user interface. Users who have this access cannot edit other administrator accounts. Administrator Manager Grants users permission to create and edit other administrative user accounts. Remote Networks and Services Configuration Grants users access to the Remote Networks and Services icon on the Admin tab. System Administrator Grants users permission to access all areas of user interface. Users with this access are not able to edit other administrator accounts.
Delegated Administration	Grant users permissions to perform limited administrative functions. In a multi-tenant environment, tenant users with Delegated Administration permissions can see only data for their own tenant environment. If you assign other administrative permissions that are not part of Delegated Administration, tenant users can see data for all tenants.
Offenses	Grants administrative access to all functions on the Offenses tab. Users must have administrative access to create or edit a search group on the Offenses tab. User roles must have the Maintain Custom Rules permission to create and edit custom rules.
Log Activity	Grants access to functions in the Log Activity tab. You can also grant specific permissions: Maintain Custom Rules Grants permission to create or edit rules that are displayed on the Log Activity tab. Manage Time Series Grants permission to configure and view time series data charts. User Defined Event Properties Grants permission to create custom event properties. View Custom Rules Grants permission to view custom rules. If granted to a user role that does not also have the Maintain Custom Rules permission, the user role cannot create or edit custom rules.
Network Activity	Grants access to all the functions in the Network Activity tab. You can grant specific access to the following permissions: Maintain Custom Rules Grants permission to create or edit rules that are displayed on the Network Activity tab. Manage Time Series Grants permission to configure and view time series data charts. User Defined Flow Properties Grants permission to create custom flow properties. View Custom Rules Grants permission to view custom rules. If the user role does not also have the Maintain Custom Rules permission, the user role cannot create or edit custom rules. View Flow Content Grants permission to view source payload and destination payload in the flow data details.
Assets	This permission is displayed only if JSA Vulnerability Manager is installed on your system. Grants access to the function in the Assets tab. You can grant specific permissions: Perform VA Scans Grants permission to complete vulnerability assessment scans. For more information about vulnerability assessment, see the Managing Vulnerability Assessment Guide. Remove Vulnerabilities Grants permission to remove vulnerabilities from assets. Server Discovery Grants permission to discover servers. View VA Data Grants permission to vulnerability assessment data. For more information about vulnerability assessment, see the Managing Vulnerability Assessment guide.
Reports	Grants permission to access all of the functions on the Reports tab. Distribute Reports via Email Grants permission to distribute reports through email. Maintain Templates Grants permission to edit report templates.
Risk Manager	Grants users permission to access JSA Risk Manager functions. JSA Risk Manager must be activated.
Vulnerability Manager	Grants permission to QRadar Vulnerability Manager function. QRadar Vulnerability Manager must be activated. For more information, see the Juniper Secure Analytics Vulnerability Manager User Guide.
IP Right Click Menu Extensions	Grants permission to options added to the right-click menu.
Platform Configuration	Grants permission to Platform Configuration services. Dismiss System Notifications Grants permission to hide system notifications from the Messages tab. View Reference Data Grants permission to view reference data when it is available in search results. View System Notifications Grants permission to view system notifications from the Messages tab.
JSA Log Source Management	Grants permission to the JSA Log Source Management app.
Pulse - Dashboard	Grants permission to dashboards in the QRadar Pulse app.
Pulse - Threat Globe	Grants permission to Threat Globe dashboard in the QRadar Pulse app.
QRadar Assistant	Grants permission to the IBM QRadar Assistant app.
QRadar Use Case Manager	Grants permission to the QRadar Use Case Manager app.

In the Dashboards area, select the dashboards that you want the user role to access, and click Add.

Note:
A dashboard displays no information when the user role does not have permission to view dashboard data. If a user modifies the displayed dashboards, the defined dashboards for the user role appear at the next login.
Click Save and close the User Role Management window.
On the Admin tab menu, click Deploy Changes.

Editing a User Role

You can edit an existing role to change the permissions that are assigned to the role.

To quickly locate the user role you want to edit on the User Role Management window, you can type a role name in the Type to filter text box.

On the Admin tab, click User Roles.
In the left pane of the User Role Management window, select the user role that you want to edit.
In the right pane, update the permissions, as necessary.
Modify the Dashboards options for the user role as necessary.
Click Save.
Close the User Role Management window.
On the Admin tab menu, click Deploy Changes.

Deleting a User Role

If a user role is no longer required, you can delete the user role.

If user accounts are assigned to the user role you want to delete, you must reassign the user accounts to another user role. The system automatically detects this condition and prompts you to update the user accounts.

You can quickly locate the user role that you want to delete on the User Role Management window. Type a role name in the Type to filter text box, which is located above the left pane.

On the Admin tab, click User Roles.
In the left pane of the User Role Management window, select the role that you want to delete.
On the toolbar, click Delete.
Click OK.
- If user accounts are assigned to this user role, the Users are Assigned to this User Role window opens. Go to Step 6.
- If no user accounts are assigned to this role, the user role is successfully deleted. Go to Step 7.
Reassign the listed user accounts to another user role:
1. From the User Role to assign list box, select a user role.
2. Click Confirm.
Close the User Role Management window.
On the Admin tab menu, click Deploy Changes.

ON THIS PAGE

User Roles

Creating a User Role

Editing a User Role

Deleting a User Role

Related Documentation