Users and WAS Features

Note: This information applies when WAS 1.0 is enabled for your subscription.

The web application scanning (WAS) module implements a two-level permissions system for managing user access to WAS features. WAS features are available to users when the WAS module is enabled for the subscription, and users have WAS permissions. Managers have full WAS permissions. Other users are assigned WAS permissions at the account level and web application level.

The following table provides a summary of user access to web application scanning features. A filled circle (bullet.jpg) indicates that permission to use the feature is granted to the user automatically. "n/a" indicates that the feature is not applicable to the user.

 

FEATURES

Manager

Web Application Owner

Other User
(Reader, Scanner, Unit Manager)

Web Application Reporting

Run web application reports

bullet.jpg

bullet.jpg

User must be granted:
- Manage web applications permission within the user account AND
- Read access permission within the web application

View web application scorecard reports from Report Share

bullet.jpg

User Role Permissions Apply

User must be granted:
- Manage web applications permission within the user account

User role permissions for Report Share access apply. Reader and Scanner automatically view reports launched by their own account. For a custom business unit, Unit Manager automatically views all reports launched by users in the same business unit.

Report access feature allows users to be granted access to any report in Report Share. Manager may grant any user access to any report. Unit Manager may grant any user in the same business unit access to any report launched by a user in the same unit.

Web Application Scanning

View web application scan results

bullet.jpg

bullet.jpg

User must be granted:
- Manage web applications permission within the user account  AND
- Read access permission within the web application

Manage web application scans
- Launch scans
- Schedule scans
- Cancel scans

bullet.jpg

bullet.jpg
 

User (Scanner or Unit Manager) must be granted:
- Manage web applications permission within the user account AND
- Execute access permission within the web application
- Create option profiles permission within the user account is recommended*

* If not granted this permission, the user must launch scans using the service-provided option profile or a global option profile created by another user.

Reader does not have Execute permission and cannot be assigned Execute permission even if the Reader is the web application owner.

Manage web application profiles

bullet.jpg

User Role Permissions Apply

User (Scanner or Unit Manager only) must be granted:
- Manage web applications permission within the user account AND
- Create option profiles permission within the user account

User role permissions (Scanner or Unit Manager) for option profiles apply. These users may create/edit their own option profiles. Unit Manager may create/edit global option profiles, which are available to users in the same business unit.

Web Application Management

View web application

bullet.jpg

bullet.jpg

User must be granted:
- Manage web applications permission within the user account AND
- Read access permission for the web application

Edit web application

bullet.jpg

bullet.jpg

User must be granted:
- Manage web applications permission within the user account AND
- Write access permission within the web application

Create web application

bullet.jpg

n/a

User must be granted:
- Manage web applications permission within the user account AND
- Create web applications permission within the user account

 

Related Reading

Getting Started with WAS

Granting WAS User Permissions

Granting User Access to Web Applications