How to create a WAS only user that does not have access to any VM data for the purpose of maintaining least privileges.
- Create an asset group with 0 IPs and call it "WAS only".
- Assign the user Reader role.
- On the Asset Groups tab, assign the user the "WAS only" asset group.
- On the Permissions tab, enable the following checkboxes
- Manage VM module
- Manage web applications
- Create web applications
- Select the WAS module.
- Select the Administration module at the bottom.
- In the Administration Module, edit the WAS only user.
- In the Roles & Scopes tab, uncheck the Allow user full permissions and scope box.
- Assign the appropriate WAS only role -- note these roles will may to be created first.