Purpose
This document describes how to create user roles.
Introduction
The User Roles tab is used to administrate the user roles. Every user can be given one or several user roles, which determine what actions that user can perform. Multiple user roles can be assigned to one user, which allows for further customization of the user permissions.
Creating Roles
To create a user role:
-
Click Main Menu > Settings > Manage User.
-
In the Manage User Accounts window select User Roles tab and click + New.
-
In the Maintaining User Role window, enter a Role Name.
-
Select the various boxes to match the role being created.
-
Click Save.
Maintaining User Role
|
Option |
Description |
|
Role name |
Every user role needs to have a given name to identify the role. |
|
Read Only |
The user will not be permitted to make any changes or new creations when this option is enabled. |
|
LDAP/AD Group (HIAB only) |
The LDAP/AD Group field is available if LDAP/AD is enabled on the HIAB. This user role is mapped to the defined role in LDAP/AD when the user login. |
Target Management
|
Option |
Description |
|
Administrate Targets/Target Groups |
Allows the user to administrate targets and groups in the Manage Targets view. |
Scan Scheduling
|
Option |
Description |
|
Administrate Scheduling |
Determines if the user can define and set up new scan schedules. |
|
Force Target Group in Scheduling |
Enforces the user to only use the already defined groups in the scheduling section. No manual targets can be entered in the targets tab. |
|
Administrate Scanning Policies |
Determines if the user can create, modify and remove scanning policies within the system. |
|
Stop scans |
If the user can administrate scan scheduling they will also be allowed to stop scans if this setting is enabled. |
Reporting Tools
The Reporting Tools field gives a user permission to view the reporting tools. If not enabled, the reporting tools are not shown to the user.
|
Option |
Description |
|
Mark False Positives |
Allow the user to mark a finding as a false positive. |
|
Risk Management |
Allow the user to mark vulnerabilities as accepted risks and/or change the risk level for a finding. |
|
Verify scan |
Allow the user to perform verification scans. No scans will be deducted from the license when using this feature. |
|
Receive Scan Results SMS Notifications |
Enable the user to receive scan results as SMS. |
|
Remove Scan Result |
Allow the user to remove reports. |
|
Receive Scan Results by Email |
Enable the user to receive reports by email. |
|
Access Dashboard |
Allow the user to see the Dashboard. |
Compliance Scanning
Compliance Scanning is only visible if it is included in your license.
The Compliance Scan field gives a user, permission to view the Compliance scanning module.
If not enabled, it will not be shown to the user.
|
Option |
Description
|
|
Create/Edit Policies |
Allow the user to Create/Edit policies. |
|
Mark Exceptions |
Allow the user to mark exceptions. |
|
Answer Question |
Allow the user to answer questions. |
|
Approve Question |
Allow the user to approve questions. |
Web Application Scanning
Web Application Scanning is only visible if it is included in your license.
|
Option |
Description |
|---|---|
|
Administrate Scoping |
Allow the user to administrate Scoping. |
|
Access Reporting |
Allow the user to access reporting. |
|
Remove Scan Results |
Allow the user to remove Scan results. Access Reporting needs to be selected for this role. |
Scoping
Outscan only
|
Option |
Description |
|---|---|
|
Submit scoping request |
Allow the user to submit Appsec scoping requests. |
PCI Management
PCI Management is only visible if PCI Compliance scan is included in your license.
|
Option |
Description |
|
Administrate Scoping |
Allow the user to create, modify, or remove any scopes in this module. |
|
Administrate Scheduling |
Allow the user to start and stop PCI scans. |
|
Access Reporting |
Allow the user to view PCI reports. |
|
Dispute Findings |
If the user has Access Reporting this option allow the user to dispute findings from the report. |
Managed Reports
This section is only visible if you have an Managed Reports license.
|
Option |
Description |
|
Comment Reports |
Allow users to add comments to reports. |
Vulnerability Management
|
Option |
Description |
|
Comment Vulnerability Database |
Allow the user to create and edit comments in the vulnerability database. |
User Management
|
Option |
Description |
|
Administrate Accounts |
Allow the user to administrate accounts. |
|
Administrate User Roles |
Allow the user to administrate user roles. |
Ticket Management
|
Option |
Description |
|
Manage Tickets |
Allow the user to administrate tickets. |
|
Grant All Tickets |
Give access to all internal tickets. (If Manage Tickets is selected). |
Audit Log Management
|
Option |
Description |
|
Read Audit Logs |
The user is able to read the auditing log. |
License
|
Option |
Description |
|
View License |
Allow the user to view the License tab in Main Menu > Settings > Account. |
HIAB Management (HIAB only)
HIAB Management only visible if it is included in your license.
|
Option |
Description |
|
Administrate HIAB Server |
Allow the user to restart the HIAB and setup HIAB settings like backup and networking. |
Related Articles
- Windows 10/Windows 2019 Server
- HIAB Updates
- General Information about SMB/WinRM Scanning
- Change Risk Levels
- Removing an Agent from Windows
- ServiceNow - Legacy
- Windows 8.1
- Netsec Filters
- Discovering the Agent in OUTSCAN
- Technical Specification
- Account Settings
- How to Test SMB Authentication
- Windows 2016 Server
- Identity Provider Settings
- HIAB Server Settings
- Installing a Linux Agent
- Okta Identity Provider Configuration
- Scanning-Less Scanning
- Check Connectivity to Agent Server
- Scan Scheduling Errors
- Overview
- Event Notification Module
- HIAB Maintenance Settings
- HIAB Deployment Guide
- Database Connector (HIAB only)
- Azure AD Identity Provider Configuration
- Add Comments
- Target Groups
- Checking if Agent is Running
- Core Installation
- Windows 2008 R2 Server
- Agent Installation Introduction
- Automatic Asset Joining With Netsec
- Manage Users
- Firewall Setup for Agents
- Scanning Range
- SNMP (HIAB only)
- ADFS Identity Provider Configuration
- Splunk
- Agent Call Home
- Advanced Report Filters
- Accept Risks
- SMB Authentication from OUTSCAN/HIAB
- Virtual HIAB Appliance
- Using the Agent Info Command
- Amazon
- User Roles
- Removing an Agent from Linux
- Retrieving the Agent UUID
- Atlassian Jira
- Understanding Scanner and Scheduler
- Finding the Agent Version
- Create and Edit Event Notifications
- Installing a macOS Agent
- Syslog (HIAB only)
- Setting Up an Agent Using System Proxy
- ServiceNow - App
- Thycotic
- DNS Lookup in UI and in Console
- HIAB Console
- Auditing Guide
- Adding Agent Attributes
- HIAB Distribution Settings
- Run Verification Scans
- Agent Latest Version
- Finding New Agents In OUTSCAN
- Setting up a HIAB as an Appsec Scale Scanner
- Hardening the HIAB
- Performing a PCI DSS Scan
- Two Factor Authentication
- Attributes
- Firewall Rules
- HIAB Enrollment
- Supported Platforms for Authenticated SSH Scanning
- Authenticated Scanning Using WinRM
- OneLogin Identity Provider Configuration
- Windows 7
- HIAB Remote Support
- Compliance Scanning
- Manage Targets
- Assign Tasks
- Authenticated Scanning Using SSH
- Tickets Quick Start Guide
- Retrieving Results From the Agent in OUTSCAN
- Appliance Logs
- Converting Normal with Webapp Scans (Netsec) to Portal Workflows
- Updating the Agent
- Troubleshooting SMB Authentication
- Agent Licensing
- Mark as False Positives
- Installing a Windows Agent
- Using Farsight in Netsec
- Testing Target System for Open TCP Ports
- HIAB Restore
- Scan Stages
- Request Clarifications
- HIAB Setup Guide
- Updating Agent Attributes
- CyberArk
- LDAP/AD
- Checking if the Agent has Produced Results
- ArcSight (HIAB only)
- HIAB E-mail Whitelisting
- Adjust Identity Provider SAML Metadata File
- Scanning Critical Industrial Devices/Machines
- Reporting Tools
- Scan Scheduling
- Scanning Performance and Impact Tuning
- PCI Compliance Scanning
- Configuring and Accessing the HIAB console using SSH
- User Groups
- Create Users
- HIAB Remote SSH Guide
- Download Agents
- Create Targets
- Windows 2012 R2 Server
- HIAB Backup
- Report Scheduling
- Access Tokens
- O24AUTH
- Complementary Authenticated Scan on Default Credentials
- Authenticated Scanning Using SMB
- Dynamic Target Group