AGMS Home

Changes to All group and asset groups

This help describes which assets a user will get when assigned the All group.

When the All group is assigned to a user in the Unassigned business unit

When the All group is assigned to a business unit

When the All group is assigned to a user in a business unit

When you change a user’s business unit

Personal asset groups cannot be called All

Asset groups no longer assigned to Contact users

UI changes when creating/updating asset groups

View User's Asset Groups in User Information

 

When the All group is assigned to a user in the Unassigned business unit

The user gets all assets and all Manager created asset groups. The user will get all the assets (IPs, domains, networks, scanner appliances) in the subscription AND all the personal asset groups owned by Managers in the subscription.

For example, here’s a look at the asset groups list for the Manager Patrick Slimmer. Since Patrick is a Manager, he has access to all asset groups created by all users. Patrick created Asset Group 1, Asset Group 2, Asset Group 3 and Asset Group 4. Another Manager, Maggie, created Asset Group 5, and there are a few groups created by sub-users Chloe and Mike.

Asset Groups list for Manager user

 

Patrick adds a new Scanner user, Pedro, and assigns this user the All group, as shown below.

All group assigned to sub-user

Since Pedro is assigned the All group and he’s in the Unassigned business unit, he now has access to all the assets in the subscription and all the asset groups owned by Managers in the subscription – Patrick and Maggie. As new asset groups are added by Managers they will automatically appear in Pedro’s asset groups list.  Pedro can also add his own asset groups.

Pedro can view and use any of the Manager created asset groups but he cannot edit or delete them since he is not the owner.

Asset groups available to sub-user

 

When the All group is assigned to a business unit

The business unit and the Unit Managers get all assets and all Manager created asset groups. The business unit will get all the assets in the subscription. Unit Managers in the business unit will get all the assets and all the Manager created asset groups. Unit Managers will also get asset groups created by other users in the same business unit.

All group assigned to business unit

 

For example, Business Unit ABC was assigned the All group. The Unit Manager for this business unit, Chloe, has all the asset groups created by Managers Patrick and Maggie. Chloe also has access to a group created by Mike who is in the same business unit. If any Manager creates new asset groups they will appear automatically on Chloe’s asset groups list.

Asset groups available to Unit Manager

 

When the All group is assigned to a user in a business unit

The user gets all the assets and asset groups in the business unit. When a user within a business unit is assigned the All group, the user gets all the assets in the business unit. If the business unit was also assigned the All group then that user gets all assets in the subscription, all Manager created groups and all Unit Manager created groups for the same business unit. If the business unit or the user is assigned individual asset groups (not the All group) then they will have a limited set of assets/asset groups, as shown in the table below.

User in BU

Asset groups
assigned to BU

Asset groups
assigned to user

What the user gets

Unit Manager

All

Unit Manager gets All by default

All assets in the subscription

All Manager created asset groups

All groups created by Unit Managers in the same business unit

All groups created by sub-users in the same business unit

Unit Manager

AG1, AG2

Unit Manager gets All by default

Asset groups AG1 and AG2 and the assets included in AG1 and AG2

All groups created by Unit Managers in the same business unit

All groups created by sub-users in the same business unit

Sub-user

All

All

All assets in the subscription

All Manager created asset groups

All groups created by Unit Managers in the same business unit

Sub-user

All

AG1, AG2

Asset groups AG1 and AG2 and the assets included in AG1 and AG2

Sub-user

AG1, AG2

All

Asset groups AG1 and AG2 and the assets included in AG1, AG2

All groups created by Unit Managers in the same business unit

Sub-user

AG1, AG2

AG1

Asset group AG1 and the assets included in AG1

 

When you change a user’s business unit

If a user's Business Unit is changed, you must also remove the old Business Unit from the user's scope in the Administration Module to remove access to assets via dashboards. Due to existing customer use cases and workflows, the old Business Unit will not be automatically removed. Qualys has plans to migrate completely to unifying Roles and Scopes into the Administration Module in the future, which will remove this requirement.

Personal asset groups cannot be called All

Users can no longer create their own asset groups with the title All (uppercase, lowercase or mixed case). This title is reserved by the service and this restriction is put in place to avoid confusion with the service provided All group. If you had a personal asset group with the title All (or ALL, all, aLl, etc) then you will need to change the asset group title.

Asset groups no longer assigned to Contact users

Users with the Contact user role are no longer assigned asset groups. This is true if the user is part of a business unit or not. When you create a new Contact user no asset groups are listed on the Asset Groups tab, as shown below. If an existing Contact user was assigned asset groups prior to AGMS being enabled, those asset groups will be removed from the user’s account. Add your Contact user to a distribution group to send the user scan email notifications.

No asset group assignment for new Contact user