.Each user's role determines a basic set of privileges. These privileges may be extended or restricted on an individual basis.
User Permissions: Managers can grant extended permissions to any user in the subscription. Unit Managers can grant extended permissions to any user in their business unit as long as the Unit Manager performing the edit also has the permission. For example, if the Unit Manager performing the edit has permission to purge host information/history, then the Unit Manager can grant that permission to another user. If the Unit Manager does not have permission to purge host information/history, then the Unit Manager cannot grant that permission to another user.
1. Select User Accounts from the left menu, under Tools.
2. Identify
the user account you want to grant extended permissions to, and click
.
3. Click the Advanced button.
4. Select the Permissions tab.
5. Select the permissions you'd like to grant to this user. Your options are:
• Add Assets. (Applicable to Unit Manager accounts only.) Select to allow the Unit Manager to add IPs and domains to their business unit, and thus to the subscription. Once new assets are added, they are available to all Managers for inclusion in other business units and asset groups.
• Create option profiles. (Applicable to Scanner and Unit Manager accounts.) Clear this option if you do not want to allow the user to create personal option profiles. This enables Managers to control the options applied to map and scan tasks by limiting users to Manager-provided global option profiles. Note that by default, Unit Managers and Scanners have the privilege to create option profiles.
• Purge host information/history. (Applicable to Reader, Scanner and Unit Manager accounts.) Select to allow this user to purge host information collected from scans. Purging hosts permanently removes host information from your account.
• Create/edit remediation policy. (Applicable to Unit Manager accounts only.) Select to allow this user to create a remediation policy for their business unit. The remediation policy is made up of one or more policy rules which determine when tickets are created, who they are assigned to, and when they should be resolved. The rules set in the business unit's remediation policy will take precedence over the policy set for the subscription.
• Create/edit authentication records/vaults. (Applicable to Unit Manager accounts only.) Select to allow this user to create and edit authentication records and vaults. These configurations are used for authenticated scanning.
• Manage compliance. (Applicable to Reader, Scanner and Unit Manager accounts.) This option is only available when the policy compliance (PC) module is enabled for the subscription. Select to allow this user to perform compliance tasks appropriate for the user's role. All users with this permission will be allowed to view policies in their account and generate reports for these policies. When the FDCC module is enabled for the subscription, the user will be allowed to manage compliance policies and FDCC policies. Scanners and Unit Managers with this permission will be able to create compliance profiles, and launch compliance scans and FDCC scans. For Unit Managers, select the Accept/Reject exceptions option to give the user the ability to accept/reject exceptions for compliance policies including hosts in their business unit.
• Manage web applications. (Applicable to Reader, Scanner and Unit Manager accounts.) This option is only available when the web application scanning (WAS) module is enabled for the subscription. Select to allow this user to perform web application management tasks based on the user's access rights to web applications. Select Create web applications to give the user the ability to create web applications.
• Create/edit virtual host. (Applicable to Scanner and Unit Manager accounts.) Select to allow this user to add, edit and delete virtual hosts for IP addresses that are included in the user's account.
6. Click Save.
Managers can set global user permissions to restrict sub-users from viewing sensitive information in the subscription. See Setting Global User Permissions to learn more.
There are also some global remediation privileges that may be granted to all Readers and Scanners, including the ability to mark tickets as Closed/Ignored and the ability to delete tickets. See Setting Remediation Options to learn more.