Custom user type permissions
These permissions are custom user permissions that you can assign to users to align with the workflows in your organization.
Permission | Description |
---|---|
Advanced View | Gives Standard users who have a QuickScan role the additional access to the advanced job configuration UI from the QuickScan configuration. |
Add Users/Groups | Adds and edits users and groups but cannot edit user security scan permissions. |
Edit Users/Groups | Edits users and groups, including user security scan permissions. The user who is editing security scan permissions can only assign scan permissions that they have, unless the user who is editing also has Server Groups or Security Test Policies permissions. Then all scan permissions are available. |
Delete Users/Groups | Gives permission to delete the users and groups. |
Configure Server Groups | Creates server groups (a group of items that can be tested as a unit) and assigns them to job administrators. |
Configure Security Test Policies | Creates security test policy (a predefined set of security tests). Users must be assigned both a server group and a test policy before they can run security scans. |
Configure Global Scan Settings | Provides access to the following pages in the Administration tab: Agent Servers, Servers and Domains, and Custom Error Pages. |
Application permissions | |
View Trends | Users can see the trend charts in the Dashboard tab. |
Full DAST Client Configuration Access | Users can view and edit both Basic and Additional scan options in the AppScan Dynamic Analysis Client. |
Create New Applications | Users can create new applications. |
Delete Any Application | Users can delete any application, regardless of the access that is given for the specific application. |
View Application Attributes on All Applications | Users can view all applications. For example, you can create a user type for a Chief Security Officer that allows them to view applications, but not modify or delete application properties. |
Restrict access to modify Severity value and CVSS attributes | Users cannot modify the Severity value and CVSS attributes of the issues. |
Restrict access to modify the status of an issue | Users cannot modify the status of an issue. |
Modify Application Attributes on All Applications | Users can modify all applications, regardless of the access that is given for the specific application. |
Manage Access Control on All Applications | Users can change the access for any individual application, regardless of the access that is given for the specific application. |
Manage Associated Scans on All Applications | Users can manage the associsated scans on all applications, regardless of the access that is given for the specific application. |
Modify Application Profile | Users can create, modify, or delete profile attributes (except predefined attributes) to define applications and the scans and users that are assigned to them. |
Issue permissions | |
Manage Issues on All Applications | Users can perform issue management on all applications. This permission is automatically added to the Basic and Full access type. |
Modify Issue Profile | Users can create, modify, or delete profile attributes (except predefined attributes) to define issues. |
Modify Scanner Profile | Users can create, modify, or delete profile attributes (except predefined attributes) to define scanners that import issues or findings. |
Global Options | |
Read Global Options | Users can view the Global Options. |
Modify Global Options | Users can modify the Global Options. |
Third-party integration permissions | |
Export Traffic Data from DAST Client | Users can export traffic data from DAST client. |
AppScan Source related permissions | |
Ability to create (share) a custom rule | Users can create or delete custom rules in AppScan Source. |
Ability to delete a published assessment on the server | Users can delete assessment files that are published to AppScan Enterprise server. |
Ability to publish a new assessment to the server | Users can publish assessment files to AppScan Enterprise server from AppScan Source. |
Ability to retrieve a published assessment from the server | Users can view assessment files that are published to AppScan Enterprise server from AppScan Source. |
Ability to share a filter via the server | Users can view, create, modify, and delete shared filters in AppScan Source. |
Ability to share a scan configuration via the server | Users can view, create, modify, and delete shared scan configurations in AppScan Source. |
Ability to create a PBSA Scan Rule on the server. | Users can view, create, modify, and delete rules and rule-sets in AppScan Source. |