Assign the Vulnerability Response persona roles using Setup Assistant

  • Release version: Zurich
  • Updated July 31, 2025
  • 5 minutes to read

    • Assign the Vulnerability Response persona roles to groups or users with Setup Assistant.

    Before you begin

    If you have already assigned persona roles in Vulnerability Response using Setup Assistant and you want more information about editing and managing your granular roles and role assignments in the User Administration module, see Manage persona and granular roles for Vulnerability Response.

    If you are an upgrade customer, you can continue using your existing roles for the Vulnerability Response application. Access for users and groups assigned with the sn_vul.vulnerability_read and sn_vul.vulnerability_write permissions and remediation owner roles available in previous versions of Vulnerability Response has not changed.

    However, for more control over what users and groups can do and see in the Vulnerability Response application at the task level, you may prefer using persona and granular roles.

    If you have not already assigned the sn_vul.vulnerability_admin persona role using Setup Assistant, follow the steps below to assign it. Once assigned, the vulnerability administrator with this persona role has permission to complete the Setup Assistant tasks after the first section, and manage rules and third-party integrations in the Vulnerability Response application.

    For an overview about persona roles and granular roles, see Vulnerability Response personas and granular roles.

    If you are an upgrade customer, use the following table as a reference.

    Previous assignment Recommended assignment [User persona] Description
    sn_vul.admin sn_vul.vulnerability_admin [Vulnerability Admin] Provides complete access to the Vulnerability Response (VR) application. Users with this role configure VR applications and rules and install third-party integrations.
    sn_vulnerability_write sn_vul.vulnerability_analyst [Vulnerability Analyst] Allows viewing and updating of all records for VIT remediation.
    sn_vul.remediation_owner sn_vul.remediation_owner [Remediation Owner] Allows users and groups to remediate vulnerabilities assigned to them or their group, and update the related records.
    sn_vul.admin sn_vul.ci [CI Manager] Allows management of unmatched configuration items not found in the CMDB, including updating discovered items.
    sn_vul.admin sn_vul.exception_approver [Exception Approver] Allows approval of exceptions, deferrals, and closures of remediation tasks and vulnerable items.
    sn_vul.vulnerability_read sn_vul.read_all or sn_vul.read_group_rules Grants read-only access to specific areas in the application. Use sn_vul.read_all to view all VR records, or sn_vul.read_group_rules to view remediation task rules. Users with these roles cannot update records.
    Note:
    Several other read roles are available in the Vulnerability Response scope for more granular access.

    To view the granular roles a user or groups with a persona role inherits by default, navigate to All > User Administration > Roles. Locate the role you want, and click it to open the record. The Contains Roles tab lists all the granular roles of the persona role as well as any inherited roles.

    You may prefer to verify that you have all your required users and groups created before you assign roles in Setup Assistant. Alternatively, to add new users and groups from inside Setup Assistant, click the User Administration module link in the form shown in the following figure.

    For the following example, to limit access to the Vulnerability Response application, this example shows how to assign a user with the vulnerability admin persona. Usually, you may prefer to assign persona roles other than sn_vul.vulnerability_admin to groups.

    Role required: admin

    Procedure

    1. Navigate to All > Vulnerability Response > Administration > Setup Assistant.
      The Setup Assistant page is displayed.
    2. Click Vulnerability Response User and Groups.
      The System Administration Vulnerability Response Users and Groups page is displayed.
      System Administration Vulnerability Response Users and Groups page with no personas assigned.
    3. With Assign roles to a user selected, choose an existing user from the list.

      You can only assign a user or a group with one persona role.

      On the right of the form, after you select a user or group, the default persona, Remediation owner [sn_vul.remediation_owner] is assigned by default and remains displayed in the list until you change it.

      Note:
      If you are upgrading to a newer version of Vulnerability Response and you previously assigned the sn_vul.vulnerability_read or sn_vul.vulnerability_write role to a user or group prior to the upgrade, it is displayed along with the new persona roles, as shown in the following figure.

      If you are an upgrade customer, you can keep using your existing roles for the Vulnerability Response application. Access for users and groups assigned with the sn_vul.vulnerability_read and sn_vul.vulnerability_write permissions and remediation owner prior to v10.3 has not changed.

      Note that for existing users or a groups currently assigned with the sn_vul.vulnerability_read or sn_vul.vulnerability_write roles, these roles are displayed along with the persona roles in the list. Once you assign a persona role, the old role is no longer available going forward. For example, as shown in following figure, the Write [sn_vul.vulnerability_write] role is no longer displayed as an option for this user or group after it is assigned one of the persona roles.

      List of available roles prior to version 10.3.
    4. From the list on the right of the form, select Vulnerability Admin [sn_vul.vulnerability_admin].
      A message is displayed that indicates the user or group is successfully assigned with the persona.
      Figure 1. Remediation Owner persona assigned to a group, and Vulnerability admin persona assigned to a user
      User assigned vulnerability admin persona.
    5. Using the descriptions of the persona roles listed above, continue to assign any users and groups to the remaining persona roles: Remediation Owner, Vulnerability Analyst, CI Manager, and Exception Approver.
      You have successfully completed assigning persona roles to users and groups using Setup Assistant.
    6. Optional: To edit the users in a group from Setup Assistant, follow these steps.
      1. With the group displayed on the form, click the name of the group you want to edit.
        The Group record is displayed.
      2. With the Group Members tab selected, click Edit.
        The Edit Members form is displayed
      3. Use the slushbucket to select or remove users.
      4. Click Save to save your changes and return to the Group record.
      5. Click Update to return to Setup Assistant.
      6. On the Setup Assistant page, click Vulnerability Response Users and Groups to continue with your configuration in Setup Assistant.

    What to do next

    As system admin, continue with the configuration of Vulnerability Response in Setup Assistant. Note that after the first section is completed, you can have a user you assigned with the vulnerability admin persona role complete the tasks in Setup Assistant. For more information about managing granular roles and examples, see Manage persona and granular roles for Vulnerability Response.