Copyright

© 2021 Outpost24® All rights reserved. This document may only be redistributed unedited and unaltered. This document may be cited and referenced only if clearly crediting Outpost24® and this document as the source. Any other reproduction and redistribution in print or electronically is strictly prohibited without explicit permission.

Trademark

Outpost24® and OUTSCAN™ are trademarks of Outpost24® in Sweden and other countries.


Purpose

This document describes how to create user roles.

Introduction

The User Roles tab is used to administrate the user roles. Every user can be given one or several user roles which determines what actions that user can perform. Multiple user roles can be assigned to one user, which allows for further customization of the user permissions.

Creating Roles

To create a user role:

  1. Click Main Menu > Settings > Manage User.
  2. In the Manage User Accounts window select User Roles tab and click + New.
  3. In the Maintaining User Role window, enter a Role Name.

    MgnUserRole01

  4. Select the various boxes to match the role being created.
  5. Click Save.

Maintaining User Role 

Option

Description

Role name

Every user role needs to have a given name to identify the role.

Read Only

User will not be permitted to do any changes or new creations when this option is enabled.

LDAP/AD Group (HIAB only)The LDAP/AD Group field is available if LDAP/AD is enabled on the HIAB. This user role is mapped to the defined role in LDAP/AD when the user login.

Target Management

MgnUserRole02

Option

Description

Administrate Targets/Target Groups

Allows the user to administrate targets and groups in the Manage Targets view.

Scan Scheduling

MgnUserRole03

Option

Description

Administrate Scheduling

Determines if the user can define and set up new scan schedules.

Force Target Group in Scheduling

Enforces the user only to use the already defined groups in the scheduling section. No manual targets can be entered in the targets tab.

Administrate Scanning Policies

Determines if the user can create, modify and remove scanning policies within the system.

Stop scans

If the user can administrate scan scheduling he/she will also be allowed to stop scans if this setting is enabled.

Reporting Tools

MgnUserRole04

Reporting Tools field gives a user, permission to view the reporting tools. If not enabled, reporting tools is not shown to the user.

Option

Description

Mark False Positives

Allow the user to mark a finding as a false positive.

Risk Management

Allow the user to mark vulnerabilities as accepted risks and/or change the risk level for a finding.

Verify scan

Allow the user to perform verification scans. No scans will be deducted from the license when using this feature.

Receive Scan Results SMS NotificationsEnable the user to receive scan results as SMS.

Remove Scan Result

Allow the user to remove reports.

Receive Scan Results by Email

Enable the user to receive reports by email.

Access Dashboard

Allow the user to see the Dashboard.

 

Compliance Scanning

Note

Compliance Scanning is only visible if it is included in your license.

MgnUserRole05

Compliance Scan field gives a user, permission to view the Compliance scanning module. 
If not enabled, it will not be shown to the user.

Option

Description

Create/Edit Policies

Allow the user to Create/Edit policies.

Mark Exceptions

Allow the user to mark exceptions.

Answer Question

Allow the user to answer questions.

Approve Question

Allow the user to approve questions.

Web Application Scanning

Note

Web Application Scanning is only visible if it is included in your license.

MgnUserRole06

OptionDescription
Administrate ScopingAllow user to administrate Scoping.
Access ReportingAllow user to access reporting.
Remove Scan ResultsAllow user to remove Scan results. Access Reporting needs to be selected for this role.

Appsec Scale

Note

This section is only visible if you have an Appsec license.

Option

Description

Appsec Scale

Grants access to the Appsec module for the sub user.

SWAT

Note

This section is only visible if you have an SWAT license.

MgnUserRole08

Option

Description

Add Comment

Allows the user role to comment findings.

Request Verification

Allows the user role to submit verification requests.

Discussion

Allows the user role to discuss findings with the Outpost24 support.

Risk Management

Allows the user role to change risk levels and mark findings as accepted risks .

Scoping

Note

Outscan only

MgnUserRole09

OptionDescription
Submit scoping requestAllows the user role to submit Appsec scoping requests.

PCI Management

Note

PCI Management is only visible if PCI Compliance scan is included in your license.

MgnUserRole10.png

Option

Description

Administrate Scoping

Allow the user to create, modify, or remove any scopes in this module.

Administrate Scheduling

Allow the user to start and stop PCI scans.

Access Reporting

Allow the user to view PCI reports.

Dispute Findings

If the user has Access Reporting this option allow the user to dispute findings from the report.

Managed Reports

Note

This section is only visible if you have an Managed Reports license.

MgnUserRole11

Option

Description

Comment Reports

Allow users to add comments to reports.

Vulnerability Management

MgnUserRole12

Option

Description

Comment Vulnerability Database

Allow the user to create and edit comments in the vulnerability database.

User Management

MgnUserRole13

Option

Description

Administrate Accounts

Allow the user to administrate accounts.

Administrate User Roles

Allow the user to administrate user roles.

Ticket Management

MgnUserRole14

Option

Description

Manage Tickets

Allow the user to administrate tickets.

Grant All Tickets

Give access to all internal tickets. (If Manage Tickets is selected).

 Audit Log Management

MgnUserRole15

Option

Description

Read Audit Logs

The user is able to read the auditing log.

License

MgnUserRole16

Option

Description

View License

Allow the user to view the License tab in Main Menu > Settings > Account.


HIAB Management (HIAB only)

Note

HIAB Management only visible if it is included in your license.

MgnUserRole17

Option

Description

Administrate HIAB Server

Allow the user to restart the HIAB and setup HIAB settings like backup and networking.


Reference