Skip to content

Users & Roles

Users

When you create a new account on qbee.io, the first user is automatically given a default role. This role has full access to all areas of the platform. You have the ability to create new roles and assign these to any user. If a user is assigned multiple roles, they will have a combination of all the permissions from each of their roles. This means they can access and use everything allowed by each of their roles.

Using one mail address for multiple accounts

qbee identifies the accounts by the user mail address. This means that you cannot use the same mail address for multiple accounts. If you need to create users in multiple accounts we recommend to extend your mail address with a "+org". So user@example.com can create a new user having the following address: user+org2@example.com. All mails and communication will be received in the original user mailbox while the user name is uniquely associated with the second account.

Users management

To see a list of all users, go to the Users section (top-right menu). From here you can see and search all users in your company, add new users, edit, disable and delete existing users.

qbee_role-based-access1

Creating a new user

  1. In Users section, click on the + Add user button.
  2. Enter the first and last name, and email address of the new user.
  3. Select the role(s) for the new user.
  4. Click on the Create button.

Once the user is created, they will receive an email with a link to set their password. New users need to accept Service Agreement before they can log in.

Editing a user

  1. In Users section, find the user you want to edit.
  2. Open the actions context menu () and select Edit.
  3. Change user details and/or roles.
  4. Click on the Save button.

Disabling a user

  1. In Users section, find the user you want to disable.
  2. Open the actions context menu () and select Disable.

Disabled users cannot log in anymore and are not counted towards the number of users in your subscription.

Deleting a user

  1. In Users section, find the user you want to delete.
  2. Open the actions context menu () and select Delete.
  3. Confirm the deletion.

Deleting a user

Deleting a user has immediate effect and cannot be undone.

Profile management

In the Profile section (top-right menu) you can change your personal details and password.

qbee-bootstrapping-menu1

Roles management

To see a list of all roles, go to the Roles section (top-right menu). From here you can see and search all roles in your company, add new roles, edit and delete existing roles.

qbee_role-based-access2

Creating a new role

  1. In Roles section, click on the + Add role button.
  2. Enter the name and optional description of the new role.
  3. Select the permissions for the new role.
  4. Click on the Create button.

Editing a role

  1. In Roles section, find the role you want to edit.
  2. Open the actions context menu () and select Edit.
  3. Change role details and/or permissions.
  4. Click on the Save button.

Deleting a role

  1. In Roles section, find the role you want to delete.
  2. Open the actions context menu () and select Delete.
  3. Confirm the deletion.

Deleting a role assigned to users

You cannot delete a role that is assigned to one or more users. You need to reassign the users to a different role first.

Permissions

Each role consists of a set of permissions. The following permissions are available:

PermissionAllowed API calls
analysis:readGET /analysis
POST /analysis
GET /analysis/orgstats
audit:readGET /commitlist
billing:readGET /stripe/subscriptions
billing:managePOST /stripe/create-customer-portal
POST /stripe/create-checkout-session
DELETE /stripe/cancel-subscription/{uuid}
bootstrap-keys:readGET /bootstrapkey/{bootstrapkey_id}
GET /bootstrapkeylist
bootstrap-keys:managePUT /bootstrapkey/{bootstrap_key}
POST /bootstrapkey
DELETE /bootstrapkey/{bootstrap_key}
company:readGET /company/{company_id}
company:managePUT /company/{company_id}
PATCH /company/{company_id}
configuration:readGET /change/{sha}
GET /changelist
GET /commit/{sha}
GET /config/{type}/{item_id}
GET /configpreview/{type}/{item_id}
GET /config/{device_id}
GET /configpreview/{node_id}
configuration:manageDELETE /changes
DELETE /change/{sha}
POST /change
POST /commit
cve:readGET /cve/{cve_id}
GET /cvelist
GET /cvescorestats
GET /cve_hosts_max_count
cve:managePATCH /cve/{cve_id}
GET /cve/status/cves
DELETE /cve/{cve_id}
device:readGET /grouptree
GET /grouptree/{node_id}
GET /node/{node_id}
GET /groupreportssummary/{group_id}
GET /deviceattribute/{device_id}
GET /tagslist
device:managePUT /grouptree
PATCH /deviceattribute/{device_id}
DELETE /inventory/{device_id}
PATCH /grouptree/{node_id}
device:approvePOST /pendinghost
GET /pendinghost
DELETE /removeapprovedhost/{node_id}
DELETE /pendinghost/{node_id}
files:readGET /file
GET /files
GET /file/stats
files:managePOST /file
POST /file/createdir
PATCH /file
DELETE /file
inventory:readGET /inventory/{device_id}
GET /inventorylist
GET /inventory

GET /inventoryreport/{device_id}
GET /inventoryreport/docker/{device_id}
GET /inventorysummarybytype/{node_id}
GET /inventoryonlinestats
metrics:readGET /metric/last
GET /metric/{node_id}/conn/overview
GET /metric/{device_id}/filesystem
GET /metric/{node_id}/conn/last
GET /metric/{node_id}/conn/outage
GET /metric/{node_id}
GET /metric/{node_id}/conn/summary
GET /metric/{node_id}/conn/series
GET /metric/{node_id}/top
GET /metric/{node_id}/topdetailed
GET /metric/{node_id}/traffic
remote-access:connectGET /remoteconsoletoken/{device_id}
GET /remoteconsoletokenv2/{node_id}
GET /qbee-connect/{device_id}/portmaplist/auto
GET /qbee-connect/numconnection
GET /qbee-connect/{device_id}/portmap/{remote_port}
GET /qbee-connect/portmaplist/autoall
GET /qbee-connect/{device_id}/portmaplist
remote-access:managePOST /qbee-connect/portmap
PATCH /qbee-connect/portmap
reports:acknowledgePATCH /reportmarkread
reports:readGET /reportlist
GET /reportsummary/{device_id}
roles:readGET /role/{role_id}
GET /roleslist
GET /permissionslist
roles:managePOST /role
PUT /role/{role_id}
DELETE /role/{role_id}
users:readGET /user/{user_id}
GET /userlist
users:managePOST /user
PUT /user/{user_id}
PATCH /user/{user_id}
DELETE /user/{user_id}

Permissions used in the UI

Certain parts of the UI are only visible when the user has the corresponding permissions assigned through a role. Following is the list of UI elements and their corresponding permissions:

UI ElementPermission
Dashboardanalysis:read
device:read
inventory:read
metrics:read
reports:read
Devicescve:read
device:read
inventory:read
metrics:read
reports:read
Devices → Pending hostsdevice:approve
Devices → Update attributes & Deletedevice:manage
Devices → Show configurationconfiguration:read
Device → Connect to consoleremote-access:connect
Configureconfiguration:read
device:read
Configure → Modifyconfiguration:manage
Configure → File selectorfiles:read
Configure → User & Ports Popupsinventory:read
Files managerfiles:read
Files manager → Write accessfiles:manage
Logsreports:read
Logs → Mark as readreports:acknowledge
Mapinventory:read
Auditaudit:read
Audit → Show reportsreports:read
CVEcve:read
CVE → Managecve:manage
Remote consoledevice:read
inventory:read
remote-access:connect
Remote console → Manageremote-access:manage
Analysisanalysis:read
device:read
Bootstrap Keysbootstrap-keys:read
device:read
Bootstrap Keys → Managebootstrap-keys:manage
Companycompany:read
Company → Managecompany:manage
Usersusers:read
Users → Manageroles:read
users:manage
Rolesroles:read
Roles → Manageroles:manage
Order subscriptionbilling:read
Order subscription → Managebilling:manage

Remote Access

Allowing remote access for users

In order to give a user remote access to devices, it needs to have a role assigned with the remote-access:connect permission set. All access attempts will appear in the audit log with a detailed entry which device was accessed.

qbee-user-remote-access