Home
Administration
Define users, applications, policies, and configure DevOps integrations.
Users
User management allows you to control access to sensitive applications by assigning them to asset groups and then adding specific users to those groups.
Roles
A user's permission is determined by their role. There are five pre-defined roles: Administrator, Manager, Application Manager, Tester, and Reporting Viewer that cannot be modified or deleted. An administrator assigns users to asset groups. Administrators have the ability to change the default user role to any role (except Administrator), including a custom role. Users who have the permission to manage and invite other users cannot assign them a role that is higher than their own role. For example, a Manager cannot invite a user and assign them an Administrator role. Additionally, a user cannot invite someone to a role that has privileges that the inviting user does not have.

Getting started
Welcome to the documentation for HCL AppScan 360°, where you can find information about how to install, maintain, and use this service.
Installation
Learn how to install the AppScan Central Platform and AppScan 360° Static Analysis.
Administration
Define users, applications, policies, and configure DevOps integrations.
- Users
  User management allows you to control access to sensitive applications by assigning them to asset groups and then adding specific users to those groups.
  - Roles
    A user's permission is determined by their role. There are five pre-defined roles: Administrator, Manager, Application Manager, Tester, and Reporting Viewer that cannot be modified or deleted. An administrator assigns users to asset groups. Administrators have the ability to change the default user role to any role (except Administrator), including a custom role. Users who have the permission to manage and invite other users cannot assign them a role that is higher than their own role. For example, a Manager cannot invite a user and assign them an Administrator role. Additionally, a user cannot invite someone to a role that has privileges that the inviting user does not have.
    - Managing users
      Examine users and decide who needs access to which applications and asset groups. Consider grouping users by business unit or geography.
    - Defining custom user roles
      Administrators or Managers can create custom roles and assign a set of permissions to them so that they can perform certain administrative tasks. If Administrators or Managers create custom roles with permissions to create, modify, or assign user roles, these users will also have the privilege to define custom roles.
    - Changing the default user role
      Administrators can change the default user role to any role (except Administrator), including a custom role. This ability helps you customize user access for your organization.
  - Asset groups
    Asset groups represent abstract components of your organization, like "Finance" or "Engineering." Administrators can restrict access to specific applications by assigning them to an asset group and limiting the users who belong in the group.
- Applications
  An application is a collection of scans related to the same project. It can be a web site, a desktop app, a mobile app, a web service, or any component of an app. Applications enable you to asses risk, identify trends, and make sure that your project is compliant with industry and organization policies.
- Policies
  You can apply the predefined policies, as well as your own custom policies, to show only data for the issues that are relevant for you.
- DevOps
  Tools for incorporating AppScan 360° in your software development lifecycle.
- Personal scans
  A personal scan is a way of evaluating the relative security of an application in development without affecting overall application scan data (issues, for example), or compliance.
- Scan status
- Audit trail
  The audit trail (Organization > Audit trail) logs user activity.
Navigation
This section describes the items on the main AppScan 360° menu bar, with links to more detailed information.
Static analysis
Use static analysis (SAST) to scan for security vulnerabilities in web and desktop applications. Static analysis includes Intelligent Finding Analytics (IFA) and Intelligent Code Analytics (ICA).
Results
The Scans and Sessions page lists scans under the categories where you can view your scan results, including scan statistics. To view, rescan, or download reports, select a scan.
Reference
Some frequently asked questions, and information about integrating AppScan 360° into the product lifecycle (SDLC).

Roles

A user's permission is determined by their role. There are five pre-defined roles: Administrator, Manager, Application Manager, Tester, and Reporting Viewer that cannot be modified or deleted. An administrator assigns users to asset groups. Administrators have the ability to change the default user role to any role (except Administrator), including a custom role. Users who have the permission to manage and invite other users cannot assign them a role that is higher than their own role. For example, a Manager cannot invite a user and assign them an Administrator role. Additionally, a user cannot invite someone to a role that has privileges that the inviting user does not have.

Note: The Administrator role is assigned to a user when your organization is created at the Cloud Marketplace. The Administrator can perform tasks in any asset group; all other user roles including the Manager can perform tasks in only the asset groups to which they have been assigned. HCL recommends you specify at least one other user as a backup Administrator.

Table 1. Predefined roles capabilities
Capability	Administrator	Manager	Application Manager	Tester	Report Viewer
Applications
Create/modify apps, Assign apps to asset groups, Enable/disable policies in applications	✔	✔	✔
Reset/delete applications	✔	✔	✔
Create/modify webhooks	✔	✔
Asset Group Access
User has access only to selected asset groups (access that is granted from Asset groups management page)		✔	✔	✔	✔
User has access to all asset groups	✔
Create/modify asset groups (name, description, contact and propagate issue status) that this user can access	✔	✔
Delete asset groups that this user can access	✔	✔
Grant/remove access to asset groups that this user can access	✔	✔
Scanning
Create/edit scan configuration	✔	✔	✔	✔
Run scan/Rescan	✔	✔	✔	✔
Delete scan	✔	✔	✔	✔
Create/edit personal scan configuration	✔	✔	✔	✔
Run personal scan/Rescan	✔	✔	✔	✔
Delete personal scan	✔	✔	✔	✔
Promote personal scan	✔	✔	✔	✔
Issues
Update issue status	✔	✔	✔	✔
Policies
Create/delete custom policies	✔	✔
Associate/disassociate a policy with an application	✔	✔	✔
Users
View Users & Roles	✔	✔
Invite/delete user	✔	✔
Assign user roles	✔	✔
Create/modify roles	✔	✔
Delete roles	✔	✔
Premium Features
Schedule a call with an AppScan expert (Learn more about AppScan for You)	✔	✔