Skip to content

User roles & management

Users

When you create a new account on qbee.io, the first user is automatically given a default role. This role has full access to all areas of the platform. You have the ability to create new roles and assign these to any user. If a user is assigned multiple roles, they will have a combination of all the permissions from each of their roles. This means they can access and use everything allowed by each of their roles.

Users management

To see a list of all users, go to the Users section (top-right menu). From here you can see and search all users in your company, add new users, edit, disable and delete existing users.

qbee_role-based-access1

Creating a new user

  1. In Users section, click on the + Add user button.
  2. Enter the first and last name, and email address of the new user.
  3. Select the role(s) for the new user.
  4. Click on the Create button.

Once the user is created, they will receive an email with a link to set their password. New users need to accept Service Agreement before they can log in.

Editing a user

  1. In Users section, find the user you want to edit.
  2. Open the actions context menu () and select Edit.
  3. Change user details and/or roles.
  4. Click on the Save button.

Disabling a user

  1. In Users section, find the user you want to disable.
  2. Open the actions context menu () and select Disable.

Disabled users cannot log in anymore and are not counted towards the number of users in your subscription.

Deleting a user

  1. In Users section, find the user you want to delete.
  2. Open the actions context menu () and select Delete.
  3. Confirm the deletion.

Deleting a user

Deleting a user has immediate effect and cannot be undone.

Profile management

In the Profile section (top-right menu) you can change your personal details and password.

qbee-bootstrapping-menu1

Roles management

To see a list of all roles, go to the Roles section (top-right menu). From here you can see and search all roles in your company, add new roles, edit and delete existing roles.

qbee_role-based-access2

Creating a new role

  1. In Roles section, click on the + Add role button.
  2. Enter the name and optional description of the new role.
  3. Select the permissions for the new role.
  4. Click on the Create button.

Editing a role

  1. In Roles section, find the role you want to edit.
  2. Open the actions context menu () and select Edit.
  3. Change role details and/or permissions.
  4. Click on the Save button.

Deleting a role

  1. In Roles section, find the role you want to delete.
  2. Open the actions context menu () and select Delete.
  3. Confirm the deletion.

Deleting a role assigned to users

You cannot delete a role that is assigned to one or more users. You need to reassign the users to a different role first.

Permissions

Each role consists of a set of permissions. The following permissions are available:

Permission Allowed API calls
alerts:read GET /alert/{uuid}
GET /alerts
GET /alert-logs
GET /alert-devices
GET /group-recipients/{uuid}
GET /groups-recipients
GET /notification-template/{uuid}
GET /notification-templates
GET /notification-logs
GET /changes-logs
GET /criteria-template/{uuid}
GET /criteria-templates
alerts:acknowledge GET /alert-reset/{uuid}
GET /alert-set-resolved/{uuid}
POST /alert-devices/clear
alerts:manage POST /alert
POST /group-recipients
POST /notification-template
POST /criteria-template
PATCH /alert/{uuid}
PATCH /group-recipients/{uuid}
PATCH /notification-template/{uuid}
PATCH /criteria-template/{uuid}
DELETE /alert/{uuid}
DELETE /group-recipients/{uuid}
DELETE /notification-template/{uuid}
DELETE /criteria-template/{uuid}
analysis:read GET /analysis
POST /analysis
GET /analysis/orgstats
audit:read GET /commitlist
billing:read GET /stripe/subscriptions
billing:manage POST /stripe/create-customer-portal
POST /stripe/create-checkout-session
DELETE /stripe/cancel-subscription/{uuid}
bootstrap-keys:read GET /bootstrapkey/{bootstrapkey_id}
GET /bootstrapkeylist
bootstrap-keys:manage PUT /bootstrapkey/{bootstrap_key}
POST /bootstrapkey
DELETE /bootstrapkey/{bootstrap_key}
company:read GET /company/{company_id}
company:manage PUT /company/{company_id}
PATCH /company/{company_id}
configuration:read GET /change/{sha}
GET /changelist
GET /commit/{sha}
GET /config/{type}/{item_id}
GET /configpreview/{type}/{item_id}
GET /config/{device_id}
GET /configpreview/{node_id}
configuration:manage DELETE /changes
DELETE /change/{sha}
POST /change
POST /commit
cve:read GET /cve/{cve_id}
GET /cvelist
GET /cvescorestats
GET /cve_hosts_max_count
cve:manage PATCH /cve/{cve_id}
GET /cve/status/cves
DELETE /cve/{cve_id}
device:read GET /grouptree
GET /grouptree/{node_id}
GET /node/{node_id}
GET /groupreportssummary/{group_id}
GET /deviceattribute/{device_id}
GET /tagslist
device:manage PUT /grouptree
PATCH /deviceattribute/{device_id}
DELETE /inventory/{device_id}
PATCH /grouptree/{node_id}
device:approve POST /pendinghost
GET /pendinghost
DELETE /removeapprovedhost/{node_id}
DELETE /pendinghost/{node_id}
files:read GET /file
GET /files
GET /file/stats
files:manage POST /file
POST /file/createdir
PATCH /file
DELETE /file
inventory:read GET /inventory/{device_id}
GET /inventorylist
GET /inventory

GET /inventoryreport/{device_id}
GET /inventoryreport/docker/{device_id}
GET /inventorysummarybytype/{node_id}
GET /inventoryonlinestats
metrics:read GET /metric/last
GET /metric/{node_id}/conn/overview
GET /metric/{device_id}/filesystem
GET /metric/{node_id}/conn/last
GET /metric/{node_id}/conn/outage
GET /metric/{node_id}
GET /metric/{node_id}/conn/summary
GET /metric/{node_id}/conn/series
GET /metric/{node_id}/top
GET /metric/{node_id}/topdetailed
GET /metric/{node_id}/traffic
remote-access:connect GET /remoteconsoletoken/{device_id}
GET /remoteconsoletokenv2/{node_id}
GET /qbee-connect/{device_id}/portmaplist/auto
GET /qbee-connect/numconnection
GET /qbee-connect/{device_id}/portmap/{remote_port}
GET /qbee-connect/portmaplist/autoall
GET /qbee-connect/{device_id}/portmaplist
remote-access:manage POST /qbee-connect/portmap
PATCH /qbee-connect/portmap
reports:acknowledge PATCH /reportmarkread
reports:read GET /reportlist
GET /reportsummary/{device_id}
roles:read GET /role/{role_id}
GET /roleslist
GET /permissionslist
roles:manage POST /role
PUT /role/{role_id}
DELETE /role/{role_id}
users:read GET /user/{user_id}
GET /userlist
users:manage POST /user
PUT /user/{user_id}
PATCH /user/{user_id}
DELETE /user/{user_id}

Permissions used in the UI

Certain parts of the UI are only visible when the user has the corresponding permissions assigned through a role. Following is the list of UI elements and their corresponding permissions:

UI Element Permission
Dashboard analysis:read
device:read
inventory:read
metrics:read
reports:read
Devices cve:read
device:read
inventory:read
metrics:read
reports:read
Devices → Pending hosts device:approve
Devices → Update attributes & Delete device:manage
Devices → Show configuration configuration:read
Device → Connect to console remote-access:connect
Configure configuration:read
device:read
Configure → Modify configuration:manage
Configure → File selector files:read
Configure → User & Ports Popups inventory:read
Files manager files:read
Files manager → Write access files:manage
Logs reports:read
Logs → Mark as read reports:acknowledge
Alerts alerts:read
Alerts → Manage alerts:manage
device:read
Alerts → Acknowledge alerts:acknowledge
Map inventory:read
Audit audit:read
Audit → Show reports reports:read
CVE cve:read
CVE → Manage cve:manage
Remote console device:read
inventory:read
remote-access:connect
Remote console → Manage remote-access:manage
Analysis analysis:read
device:read
Bootstrap Keys bootstrap-keys:read
device:read
Bootstrap Keys → Manage bootstrap-keys:manage
Company company:read
Company → Manage company:manage
Users users:read
Users → Manage roles:read
users:manage
Roles roles:read
Roles → Manage roles:manage
Order subscription billing:read
Order subscription → Manage billing:manage

Remote Access

Allowing remote access for users

In order to give a user remote access to devices, it needs to have a role assigned with the remote-access:connect permission set. All access attempts will appear in the audit log with a detailed entry which device was accessed.

qbee-user-remote-access