User types

Every user is assigned a User Type by the Product Administrator. The User Type applies across an instance.

Product Administrator

The Product Administrator has full access to all areas and can perform the functions of any other type of user.

Standard User

Standard Users are users who are assigned a role in any folder. They can create applications. If the security model within your organization permits, the Default User type can be set to Standard User. That way, the first time a new user logs in, a new user account with a user type of Standard User will be automatically set up. This is a way of automating the creation of new user accounts. Within folders or applications that they can access, a Standard User can:
  • Create applications
  • Grant application access to users
  • Create and delete folders in folders they can access
  • Create, edit, run, view, and delete scan jobs
  • Create, edit, run, view, and delete dashboards
  • Create, edit, run, view, and delete report packs
  • Grant or deny users access to report packs, dashboards and folders
  • Classify issues according to their status
  • Export report data
  • Configure all options (Basic and Additional) in the AppScan Dynamic Analysis Client

No Access

Upon trying to log in, if the Default User is set to No Access, a new account will not be created. If the user has an existing account, the account remains, but access is denied.

The No Access user type is often used to create an account in anticipation of the arrival of a new employee who will require access at some future time.

Inherit Access

This user type only applies to users imported from an LDAP server. When a user with an Inherit Access user type logs in for the first time, they will automatically be created as a user (whatever the Default User is) and be assigned the user privileges associated with any LDAP group they belong to, if the group exists in the database and has been granted access. If they belong to more than one group, they will inherit the highest permissions of all the groups they belong to. Otherwise, their type will be No Access.

QuickScan User

QuickScan Users use a simplified view of the Enterprise Console to create quick, easy-to-use scans to test the applications they are responsible for. Most users are QuickScan users. QuickScan Users can be given explicit permissions on specific applications, but they cannot create them.

If a QuickScan user is given access to the advanced scan configuration for the template they are using, there are restrictions on some of the scan options that they can modify. Here are some examples:
  • What to Scan > Additional server and domains: Modify existing domains and make changes, but cannot add new domain or delete existing domain.
  • Exclude Paths and File > Overall Exceptions: Add new overall URL exception but not remove them.
  • Explore options > Parser Setting: Add Search Patterns and Exclusions but not delete any.
  • Explore options > WebSphere® Portal Advanced Settings: Modify the context root, but not delete them.
  • Parameter and Cookies > Normalization Rules: Add new normalization rules but not delete them.
  • Parameter and Cookies > Custom Parameter Definitions: Modify the existing parameters and cookies values but cannot add or delete any.
  • Parameter and Cookies: Modify the existing parameters and cookies values but cannot add or delete any.
  • Login Management: Cannot delete URL from login sequence.
  • Automatic form fill: Disable and enable Auto form fill values, but cannot add/delete/modify any.
  • General Scan Options > Custom error pages: Cannot add/delete/modify any custom error pages.
  • Malware: Add new exclusion patterns but not delete any.
  • Advanced options > XRules: Modify XRules but cannot add or delete any.

Other Custom User Types

Product administrators can create custom user types to align with the particular workflows of their organization. These types of users are assigned limited administrative permissions, such as the ability to create and edit users, to configure security test policies and server groups, to modify application attributes, or to manage AppScan Enterprise integrations with other HCL products. See Custom user type permissions for more details.