I'm curious to see how the community is generally addressing the question of user management in enterprise deployments. We have a couple of access products for people to order that are linked to reader, BU manager etc. roles in Qualys, and people using those roles undergo a periodic recertification. However, all users do have global view access to all assets registered in Quays and their associated vulnerability/PCI information which makes me as an owner a little nervous. Is there a standard approach that people are using to segment user access on a per-configuration item or per-business unit level?
Welcome any thoughts.