Available user role capabilities
Capabilities are sets of permissions that are tied to user roles that are defined in the IBM® QRadar® Admin tab.
The following table lists the capabilities that are supported by the QRadar GUI Application
Framework. Use the values in the Capability column to define the user
privileges for your app in the required_capabilities field of the object type block
in your application’s manifest.json file.
The following table describes supported user role capabilities.
| Capability | Description |
|---|---|
| ADMIN | System administrator. Grants permission to access all areas of the user interface. Users who have this access cannot edit other administrator accounts. |
| VIEWADMIN | Remote networks and services configuration. Grants permission to configure remote networks and services on the Admin tab. |
| SEM | Offense management |
| SEM.VIEWRULES | View custom rules |
| SEM.RULECREATION | Maintain custom rules |
| SEM.ASSIGNOFFENSE | Assign offenses to users |
| SEM.MANAGECLOSINGREASONS | Close offenses, manage offense closing reasons |
| EventViewer | Event viewer |
| EventViewer.VIEWRULES | View custom rules |
| EventViewer.RULECREATION | Maintain custom rules |
| EventViewer.CUSTOMARIELPROPERTY | User-defined event properties |
| EventViewer.MANAGETIMESERIES | Manage time series |
| ASSETS | Asset management |
| ASSETS.VADATA | View VA data |
| ASSETS.VASCAN | Perform VA scans |
| ASSETS.SERVERDISCOVERY | Server discovery |
| ASSETS.REMOVEVULNS | Remove vulnerabilities |
| SURVEILLANCE | Network Surveillance |
| SURVEILLANCE.VIEWRULES | View custom rules |
| SURVEILLANCE.DATAMINECONTENT | View flow content |
| SURVEILLANCE.CUSTOMFLOWPROPERTY | User-defined flow properties |
| SURVEILLANCE.MANAGETIMESERIES | Manage time series |
| SURVEILLANCE.RULECREATION | Maintain custom rules |
| REPORTING | Reporting |
| REPORTING.MAINTAINTEMPLATES | Maintain templates |
| REPORTING.DISTRIBUTE | Distribute reports via email |
| FORENSICS | Incident Forensics |
| FORENSICS.CASECREATION | Create cases in Incident Forensics |
| QRM | QRM permission |
| QVM | QVM permissions |
| QVM.ASSIGNASSETOWNER | Assign asset owner |
| QVM.VULNERABILITY | Assign vulnerability permissions |
| QVM.EXCEPTION | Exception vulnerability permissions |
For more information about capabilities and user roles in QRadar, see the IBM QRadar Administration Guide.