User roles & management

Users

When you create a new account on qbee.io, the first user is automatically given a default role. This role has full access to all areas of the platform. You have the ability to create new roles and assign these to any user. If a user is assigned multiple roles, they will have a combination of all the permissions from each of their roles. This means they can access and use everything allowed by each of their roles.

Users management

To see a list of all users, go to the Users section (top-right menu). From here you can see and search all users in your company, add new users, edit, disable and delete existing users.

Creating a new user

1. In Users section, click on the + Add user button.
2. Enter the first and last name, and email address of the new user.
3. Select the role(s) for the new user.
4. Click on the Create button.

Once the user is created, they will receive an email with a link to set their password. New users need to accept Service Agreement before they can log in.

Editing a user

1. In Users section, find the user you want to edit.
2. Open the actions context menu (⋮) and select Edit.
3. Change user details and/or roles.
4. Click on the Save button.

Disabling a user

1. In Users section, find the user you want to disable.
2. Open the actions context menu (⋮) and select Disable.

Disabled users cannot log in anymore and are not counted towards the number of users in your subscription.

Deleting a user

1. In Users section, find the user you want to delete.
2. Open the actions context menu (⋮) and select Delete.
3. Confirm the deletion.

Deleting a user

Deleting a user has immediate effect and cannot be undone.

Profile management

In the Profile section (top-right menu) you can change your personal details and password.

Roles management

To see a list of all roles, go to the Roles section (top-right menu). From here you can see and search all roles in your company, add new roles, edit and delete existing roles.

Creating a new role

1. In Roles section, click on the + Add role button.
2. Enter the name and optional description of the new role.
3. Select the permissions for the new role.
4. Click on the Create button.

Editing a role

1. In Roles section, find the role you want to edit.
2. Open the actions context menu (⋮) and select Edit.
3. Change role details and/or permissions.
4. Click on the Save button.

Deleting a role

1. In Roles section, find the role you want to delete.
2. Open the actions context menu (⋮) and select Delete.
3. Confirm the deletion.

Deleting a role assigned to users

You cannot delete a role that is assigned to one or more users. You need to reassign the users to a different role first.

Permissions

Each role consists of a set of permissions. The following permissions are available:

Permission	Allowed API calls
alerts:read	GET /alert/{uuid} GET /alerts GET /alert-logs GET /alert-devices GET /group-recipients/{uuid} GET /groups-recipients GET /notification-template/{uuid} GET /notification-templates GET /notification-logs GET /changes-logs GET /criteria-template/{uuid} GET /criteria-templates
alerts:acknowledge	GET /alert-reset/{uuid} GET /alert-set-resolved/{uuid} POST /alert-devices/clear
alerts:manage	POST /alert POST /group-recipients POST /notification-template POST /criteria-template PATCH /alert/{uuid} PATCH /group-recipients/{uuid} PATCH /notification-template/{uuid} PATCH /criteria-template/{uuid} DELETE /alert/{uuid} DELETE /group-recipients/{uuid} DELETE /notification-template/{uuid} DELETE /criteria-template/{uuid}
analysis:read	GET /analysis POST /analysis GET /analysis/orgstats
audit:read	GET /commitlist
billing:read	GET /stripe/subscriptions
billing:manage	POST /stripe/create-customer-portal POST /stripe/create-checkout-session DELETE /stripe/cancel-subscription/{uuid}
bootstrap-keys:read	GET /bootstrapkey/{bootstrapkey_id} GET /bootstrapkeylist
bootstrap-keys:manage	PUT /bootstrapkey/{bootstrap_key} POST /bootstrapkey DELETE /bootstrapkey/{bootstrap_key}
company:read	GET /company/{company_id}
company:manage	PUT /company/{company_id} PATCH /company/{company_id}
configuration:read	GET /change/{sha} GET /changelist GET /commit/{sha} GET /config/{type}/{item_id} GET /configpreview/{type}/{item_id} GET /config/{device_id} GET /configpreview/{node_id}
configuration:manage	DELETE /changes DELETE /change/{sha} POST /change POST /commit
cve:read	GET /cve/{cve_id} GET /cvelist GET /cvescorestats GET /cve_hosts_max_count
cve:manage	PATCH /cve/{cve_id} GET /cve/status/cves DELETE /cve/{cve_id}
device:read	GET /grouptree GET /grouptree/{node_id} GET /node/{node_id} GET /groupreportssummary/{group_id} GET /deviceattribute/{device_id} GET /tagslist
device:manage	PUT /grouptree PATCH /deviceattribute/{device_id} DELETE /inventory/{device_id} PATCH /grouptree/{node_id}
device:approve	POST /pendinghost GET /pendinghost DELETE /removeapprovedhost/{node_id} DELETE /pendinghost/{node_id}
files:read	GET /file GET /files GET /file/stats
files:manage	POST /file POST /file/createdir PATCH /file DELETE /file
inventory:read	GET /inventory/{device_id} GET /inventorylist GET /inventory GET /inventoryreport/{device_id} GET /inventoryreport/docker/{device_id} GET /inventorysummarybytype/{node_id} GET /inventoryonlinestats
metrics:read	GET /metric/last GET /metric/{node_id}/conn/overview GET /metric/{device_id}/filesystem GET /metric/{node_id}/conn/last GET /metric/{node_id}/conn/outage GET /metric/{node_id} GET /metric/{node_id}/conn/summary GET /metric/{node_id}/conn/series GET /metric/{node_id}/top GET /metric/{node_id}/topdetailed GET /metric/{node_id}/traffic
remote-access:connect	GET /remoteconsoletoken/{device_id} GET /remoteconsoletokenv2/{node_id} GET /qbee-connect/{device_id}/portmaplist/auto GET /qbee-connect/numconnection GET /qbee-connect/{device_id}/portmap/{remote_port} GET /qbee-connect/portmaplist/autoall GET /qbee-connect/{device_id}/portmaplist
remote-access:manage	POST /qbee-connect/portmap PATCH /qbee-connect/portmap
reports:acknowledge	PATCH /reportmarkread
reports:read	GET /reportlist GET /reportsummary/{device_id}
roles:read	GET /role/{role_id} GET /roleslist GET /permissionslist
roles:manage	POST /role PUT /role/{role_id} DELETE /role/{role_id}
users:read	GET /user/{user_id} GET /userlist
users:manage	POST /user PUT /user/{user_id} PATCH /user/{user_id} DELETE /user/{user_id}

Permissions used in the UI

Certain parts of the UI are only visible when the user has the corresponding permissions assigned through a role. Following is the list of UI elements and their corresponding permissions:

UI Element	Permission
Dashboard	analysis:read device:read inventory:read metrics:read reports:read
Devices	cve:read device:read inventory:read metrics:read reports:read
Devices → Pending hosts	device:approve
Devices → Update attributes & Delete	device:manage
Devices → Show configuration	configuration:read
Device → Connect to console	remote-access:connect
Configure	configuration:read device:read
Configure → Modify	configuration:manage
Configure → File selector	files:read
Configure → User & Ports Popups	inventory:read
Files manager	files:read
Files manager → Write access	files:manage
Logs	reports:read
Logs → Mark as read	reports:acknowledge
Alerts	alerts:read
Alerts → Manage	alerts:manage device:read
Alerts → Acknowledge	alerts:acknowledge
Map	inventory:read
Audit	audit:read
Audit → Show reports	reports:read
CVE	cve:read
CVE → Manage	cve:manage
Remote console	device:read inventory:read remote-access:connect
Remote console → Manage	remote-access:manage
Analysis	analysis:read device:read
Bootstrap Keys	bootstrap-keys:read device:read
Bootstrap Keys → Manage	bootstrap-keys:manage
Company	company:read
Company → Manage	company:manage
Users	users:read
Users → Manage	roles:read users:manage
Roles	roles:read
Roles → Manage	roles:manage
Order subscription	billing:read
Order subscription → Manage	billing:manage

Remote Access

Allowing remote access for users

In order to give a user remote access to devices, it needs to have a role assigned with the remote-access:connect permission set. All access attempts will appear in the audit log with a detailed entry which device was accessed.