newuser (nu)

Description

Create a new AppScan® Source user (a valid user name, password, and full name are required). AppScan Source users can exist in the AppScan Enterprise Server user repository and in the AppScan Source database - or, if you have cause to have users that cannot access the server, they can be created locally as AppScan Source users. You can also create a new AppScan Source user that already exists on the AppScan Enterprise Server.

Note: The newuser (nu) command does not apply if your AppScan Enterprise Server is enabled for Common Access Card (CAC) authentication.
Note: This command is not supported when AppScan Enterprise Server is used as the datastore on AppScan Source version 10.02 or later.

Syntax

newuser --userid|-u <user id>
--password|-p <password>
--fullname|-f <user first and last name>
[--group [group[:permission[;permission...]
	[--group...]]

Identifying Information

  • --userid|-u: Required. User ID. No spaces are allowed.
  • --password|-p: User password.
  • --fullname|-f: Full name of the user. If the entry includes spaces, enclose it with " symbols (for example, -f "Joe Smith").

Groups and Permissions

Optional. Groups and permissions identify the allowable AppScan Source tasks for that user. Tasks not specifically identified as part of a permission are available to all users:

--group: The groups and group permissions for this user. Specifying a group without any permissions grants the user all permissions within that group. The groups and their permissions are:

  • ASSESSMENTS: Assessment level permissions.
    • ASMNTDELETE: Delete published assessments.
    • ASMNTPUBLISH: Publish assessments.
    • ASMNTSAVE: Save assessments.
    • ASMNTVIEWPUBLISH: View published assessments.
  • ADMIN: Administrative permissions.
    • ASE: Manage AppScan Enterprise settings
    • USER: Manage user settings including adding and deleting users and changing user permissions.
  • APPS: Application and Project level permissions
    • ATTRAPPLY: Apply attributes to applications.
    • ATTRMODIFY: Create, delete, and modify attributes.
    • VIEWREGISTER: View registered applications and projects.
    • REGISTER: Register/unregister applications and projects. Implies VIEWREGISTER permission.
    • SCAN: Scan applications and projects.
  • KB: Knowledgebase management permissions.
    • CUSTOM: Manage custom rules.
    • PATTERN: Create, edit, or delete patterns.
  • FILTER: Filter management
    • SHAREDFILTERS: Manage shared filters.
  • SCANCONFIG: Scan configuration management
    • SHAREDCONFIGS: Manage shared scan configurations.

LDAP authentication

You cannot add LDAP users to the AppScan Source user repository if they are not already in the AppScan Enterprise Server user repository. To add an AppScan Source user that will be authenticated via LDAP, you must have configured the AppScan Enterprise Server user repository to use an LDAP repository. For information about this, see the AppScan Enterprise Server Planning & Installation Guide.

If you are using LDAP authentication and want to add an AppScan Source user that is not part of an LDAP user group, issue the newuser command.

Example

Create a user named Joan Darcy on the AppScan Enterprise Server. Her user name is joandarcy and her password is 123456. Joan can use AppScan Source with all permissions in the APPS and ASSESSMENTS groups, as well as custom rules permission within the KB group:

AllApplications>> newuser --userid joandarcy --password 123456 
--fullname "Joan Darcy" --group APPS --group ASSESSMENTS --group KB:CUSTOM
AllApplications>> Created user 'joandarcy'. User ID: 888