newuser (nu)

Description

Create a new AppScan® Source user (a valid user name, password, and full name are required). AppScan® Source users can exist in the AppScan® Enterprise Server user repository and in the AppScan® Source database - or, if you have cause to have users that cannot access the server, they can be created locally as AppScan® Source users. You can also create a new AppScan® Source user that already exists on the AppScan® Enterprise Server.

Note: The newuser (nu) command does not apply if your AppScan® Enterprise Server is enabled for Common Access Card (CAC) authentication.
Note: This command is not supported when AppScan® Enterprise Server is used as the datastore on AppScan® Source version 10.02 or later.

Syntax

newuser --userid|-u <user id>
--password|-p <password>
--fullname|-f <user first and last name>
[--group [group[:permission[;permission...]
	[--group...]]

Identifying Information

  • --userid|-u: Required. User ID. No spaces are allowed.
  • --password|-p: User password.
  • --fullname|-f: Full name of the user. If the entry includes spaces, enclose it with " symbols (for example, -f "Joe Smith").

Groups and Permissions

Optional. Groups and permissions identify the allowable AppScan® Source tasks for that user. Tasks not specifically identified as part of a permission are available to all users:

--group: The groups and group permissions for this user. Specifying a group without any permissions grants the user all permissions within that group. The groups and their permissions are:

  • ASSESSMENTS: Assessment level permissions.
    • ASMNTDELETE: Delete published assessments.
    • ASMNTPUBLISH: Publish assessments.
    • ASMNTSAVE: Save assessments.
    • ASMNTVIEWPUBLISH: View published assessments.
  • ADMIN: Administrative permissions.
    • ASE: Manage AppScan® Enterprise settings
    • USER: Manage user settings including adding and deleting users and changing user permissions.
  • APPS: Application and Project level permissions
    • ATTRAPPLY: Apply attributes to applications.
    • ATTRMODIFY: Create, delete, and modify attributes.
    • VIEWREGISTER: View registered applications and projects.
    • REGISTER: Register/unregister applications and projects. Implies VIEWREGISTER permission.
    • SCAN: Scan applications and projects.
  • KB: Knowledgebase management permissions.
    • CUSTOM: Manage custom rules.
    • PATTERN: Create, edit, or delete patterns.
  • FILTER: Filter management
    • SHAREDFILTERS: Manage shared filters.
  • SCANCONFIG: Scan configuration management
    • SHAREDCONFIGS: Manage shared scan configurations.

LDAP authentication

You cannot add LDAP users to the AppScan® Source user repository if they are not already in the AppScan® Enterprise Server user repository. To add an AppScan® Source user that will be authenticated via LDAP, you must have configured the AppScan® Enterprise Server user repository to use an LDAP repository. For information about this, see the AppScan® Enterprise Server Planning & Installation Guide.

If you are using LDAP authentication and want to add an AppScan® Source user that is not part of an LDAP user group, issue the newuser command.

Example

Create a user named Joan Darcy on the AppScan® Enterprise Server. Her user name is joandarcy and her password is 123456. Joan can use AppScan® Source with all permissions in the APPS and ASSESSMENTS groups, as well as custom rules permission within the KB group:

AllApplications>> newuser --userid joandarcy --password 123456 
--fullname "Joan Darcy" --group APPS --group ASSESSMENTS --group KB:CUSTOM
AllApplications>> Created user 'joandarcy'. User ID: 888