Custom user type permissions
These permissions are custom user permissions that you can assign to users to align with the workflows in your organization.
Permission | Description |
---|---|
Advanced View | Gives Standard users who have a QuickScan role the additional access to the advanced job configuration UI from the QuickScan configuration. |
Add Users/Groups | Adds and edits users and groups but cannot edit user security scan permissions. |
Edit Users/Groups | Edits users and groups, including user security scan permissions. The user who is editing security scan permissions can only assign scan permissions that they have, unless the user who is editing also has Server Groups or Security Test Policies permissions. Then all scan permissions are available. |
Configure Server Groups | Creates server groups (a group of items that can be tested as a unit) and assigns them to job administrators. |
Configure Security Test Policies | Creates security test policy (a predefined set of security tests). Users must be assigned both a server group and a test policy before they can run security scans. |
Configure Global Scan Settings | Provides access to the following pages in the Administration tab: Agent Servers, Servers and Domains, and Custom Error Pages. |
Application permissions | |
View Trends | Users can see the trend charts in the Dashboard tab. |
Delete Any Application | Users can delete any application, regardless of the access that is given for the specific application. |
Full DAST Client Configuration Access | Users can view and edit both Basic and Additional scan options in the AppScan Dynamic Analysis Client. |
View Application Attributes on All Applications | Users can view all applications. For example, you can create a user type for a Chief Security Officer that allows them to view applications, but not modify or delete application properties. |
Modify Application Attributes on All Applications | Users can modify all applications, regardless of the access that is given for the specific application. |
Manage Access Control on All Applications | Users can change the access for any individual application, regardless of the access that is given for the specific application. |
Modify Application Profile | Users can create, modify, or delete profile attributes (except predefined attributes) to describe applications. |
Issue permissions | |
Manage Issues on All Applications | Users can perform issue management on all applications. This permission is automatically added to the Basic and Full access type. |
Modify Issue Profile | Users can create, modify, or delete profile attributes (except predefined attributes) to define issues. |
Modify Scanner Profile | Users can create, modify, or delete profile attributes (except predefined attributes) to define scanners that import issues or findings. |
Modify Application Profile | Users can create, modify, or delete profile attributes (except predefined attributes) to define applications and the scans and users that are assigned to them. |
Third-party integration permissions | |
QRadar Service Account | This account uses a REST API to pull report data into QRadar. It does not access the user interface. |
Publish to QRadar | Grants report access to QRadar. |
Configure QRadar Integration | Configures integration with QRadar and can revoke report access. |
Publish to SiteProtector | Exports vulnerabilities to SiteProtector. |
Configure SiteProtector Integration | Configures integration with SiteProtector. |
AppScan Source related permissions | |
Ability to create (share) a custom rule | Users can create or delete custom rules in AppScan Source. |
Ability to delete a published assessment on the server | Users can delete assessment files that are published to AppScan Enterprise server. |
Ability to publish a new assessment to the server | Users can publish assessment files to AppScan Enterprise server from AppScan Source. |
Ability to retrieve a published assessment from the server | Users can view assessment files that are published to AppScan Enterprise server from AppScan Source. |
Ability to share a filter via the server | Users can view, create, modify, and delete shared filters in AppScan Source. |
Ability to share a scan configuration via the server | Users can view, create, modify, and delete shared scan configurations in AppScan Source. |
Ability to create a PBSA Scan Rule on the server. | Users can view, create, modify, and delete rules and rule-sets in AppScan Source. |