Access Control Matrix

Application User Roles
Function
Administrator
Project Coordinator
Library Moderator
Client / Consultant
Access Global Dashboard
​
​
​
​
has full access to this module
Yes
Yes
Yes
Yes
Access Analytics
​
​
​
​
can filter analytics
Yes
Yes
Yes
Yes
can access trend analysis/comparison
Yes
Yes
Yes
Yes
can personalize analytics
Yes
Yes
Yes
Yes
Access Portfolios
​
​
​
​
has full access to this module including CRUD operations
Yes
No
No
No
Access Projects
​
​
​
​
can access all projects by default
Yes
No
No
No
can perform all workflows on a project by default
Yes
No
No
No
can create new projects
Yes
Yes
No
No
can update projects
Yes
Yes (for projects user has access to)
No
No
can archive & unarchive projects
Yes
No
No
No
can destroy projects
Yes
No
No
No
can invite users to projects
Yes
Yes (for projects user has access to)
No
No
can manage user access to projects
Yes
Yes (for projects user has access to)
No
No
can request new projects & update own project requests
Yes
Yes
Yes
Yes
can access all pending & actioned project requests
Yes
Yes
No
No
can approve/reject/request info for all pending project requests
Yes
Yes
No
No
Retesting
​
​
​
​
has full access to this module
Yes
Yes
Yes
Yes
Schedule
​
​
​
​
can see own projects
Yes
Yes
Yes
Yes
can see all projects
Yes
No
No
No
can filter by users / roles
Yes
No
No
No
Reporting
​
​
​
​
can download individual & group reports using available ReportGen templates
Yes
Yes
Yes
Yes
can download ReportGen library templates
Yes
Yes
No
No
can download ReportGen Offline tool
Yes
Yes
No
No
can upload new ReportGen templates
Yes
Yes
No
No
can delete existing ReportGen templates
Yes
Yes
No
No
Search
​
​
​
​
has full access to this module
Yes
Yes
Yes
Yes
Assets (if enabled)
​
​
​
​
can create new assets
Yes
Yes
Yes
Yes
can see own assets
Yes
Yes
Yes
Yes
can see all assets
Yes
Yes
No
No
can update own assets
Yes
Yes
Yes
Yes
can update all assets
Yes
Yes
No
No
can delete own assets
Yes
Yes
Yes
Yes
can delete all assets
Yes
Yes
No
No
can view linked projects & groups on assets
Yes
Yes
No
No
can view vulnerabilities on assets
Yes
No
No
No
Vulnerability Library
​
​
​
​
has full access to this module, including CRUD operations
Yes
Yes
Yes
No
Test Suite Builder
​
​
​
​
has full access to this module, including CRUD operations
Yes
Yes
No
No
Groups
​
​
​
​
has full access to this module, including CRUD operations
Yes
No
No
No
Users
​
​
​
​
has full access to this module, including CRUD operations
Yes
No
No
No
Notifications
​
​
​
​
can modify own user project email settings
Yes
Yes
Yes
Yes
can subscribe to daily/weekly project email updates
Yes
Yes
Yes
Yes
can subscribe to daily/weekly admin email updates
Yes
No
No
No
Self-Service API
​
​
​
​
can generate own API key
Yes
Yes
Yes
Yes
can access SSAPI RESTful endpoints/methods
Yes (for APIs user has been given access to)
Yes (for APIs user has been given access to)
Yes (for APIs user has been given access to)
Yes (for APIs user has been given access to)
can access SSAPI Events
Yes (for APIs user has been given access to)
Yes (for APIs user has been given access to)
Yes (for APIs user has been given access to)
Yes (for APIs user has been given access to)
Attack Chains
​
​
​
​
has full access to this module
Yes
Yes
Yes
Yes
Administration
​
​
​
​
has full access to this module, including CRUD operations
Yes
No
No
No
Themes
​
​
​
​
has full access to this module
Yes
Yes
Yes
Yes
Help & Support
​
​
​
​
has full access to this module
Yes
Yes
Yes
Yes
Project Privileges
Function
Administrator
Project Coordinator
Edit
Upload
View
Project
​
​
​
​
​
can view project dashboard
Yes
Yes
Yes
Yes
Yes
can invite users to project
Yes
Yes
No
No
No
can edit project
Yes
Yes
No
No
No
can place project on-hold / off-hold
Yes
Yes
Yes
No
No
can add custom ReportGen fields/tags
Yes
Yes
Yes
No
No
can delete / archive project
Yes
Yes
No
No
No
can view project logs
Yes
Yes
No
No
No
Scope / Assets
​
​
​
​
​
can view project scope/assets
Yes
Yes
Yes
Yes
Yes
can create, update & delete scope/assets
Yes
Yes
Yes
No
No
can see all assets in Assets module (to be able to assign assets/scope to project)
Yes
Yes
Yes
No
No
Testing
​
​
​
​
​
can view test cases
Yes
Yes
Yes
Yes
Yes
can update test cases, including actioning, adding notes & uploading evidence
Yes
Yes
Yes
No
No
can assign assets/users to test cases on a project
Yes
Yes
No
No
No
can lock/unlock test cases on a project
Yes
Yes
No
No
No
can send daily start / stop testing email notifications
Yes
Yes
Yes
No
No
Retesting
​
​
​
​
​
can mark vulnerabilities as ready for retest
Yes
Yes
Yes
Yes
Yes
can request a retest
Yes
Yes
Yes
Yes
Yes
can confirm retest is completed
Yes
Yes
Yes
No
No
can view retesting history on project
Yes
Yes
Yes
Yes
Yes
Vulnerabilities
​
​
​
​
​
can view all vulnerabilities (except for vulnerabilities in pending status)
Yes
Yes
Yes
Yes
Yes
can view pending vulnerabilities
Yes
Yes
Yes
No
No
can update & delete vulnerabilities
Yes
Yes
Yes
No
No
can view remediation notes
Yes
Yes
Yes
Yes
Yes
can add remediation notes
Yes
Yes
Yes
Yes
Yes
can view, create & reply to review notes
Yes
Yes
Yes
No
No
can view revision history
Yes
Yes
Yes
No
No
can import vulnerabilities from tools & API
Yes
Yes
Yes
No
No
can export vulnerabilities to JIRA / ServiceNow / Azure DevOps / Kenna Security / Nucleus Security
Yes
Yes
Yes
Yes
Yes
Attack Chains
​
​
​
​
​
can view attack chains
Yes
Yes
Yes
Yes
Yes
can create, update, re-order, duplicate and delete attack chains
Yes
Yes
Yes
No
No
Reporting
​
​
​
​
​
can download standard reports -  PDF / DOCX / HTML / CSV
Yes
Yes
Yes
Yes
Yes
can customise standard reports
Yes
Yes
Yes
Yes
Yes
can download JSON export for report
Yes
Yes
Yes
Yes
Yes
can download evidence in ZIP archive
Yes
Yes
Yes
Yes
Yes
can download reports using available ReportGen templates
Yes
Yes
Yes
Yes
Yes
can update executive summary on report
Yes
Yes
Yes
No
No
Daily Tracking
​
​
​
​
​
can view daily progress tracker
Yes
Yes
Yes
Yes
Yes
Collaboration
​
​
​
​
​
can view project team member profiles
Yes
Yes
Yes
Yes
Yes
can collaborate in Microsoft Teams / Slack / Discord project channel
Yes
Yes
Yes
Yes
Yes
can create Microsoft Teams / Slack / Discord project channels
Yes
Yes
Yes
Yes
Yes
Workspace
​
​
​
​
​
can upload files to the project workspace
Yes
Yes
Yes
Yes
No
can create,  update & delete workspace notes & files
Yes
Yes
Yes
No
No
can upload testing logs
Yes
Yes
Yes
No
No
can create project notes
Yes
Yes
Yes
No
No

Themes

Next - AttackForge Enterprise & AttackForge Core

Configuration Options

Last updated 3 weeks ago

Function	Administrator	Project Coordinator	Library Moderator	Client / Consultant
Access Global Dashboard
has full access to this module	Yes	Yes	Yes	Yes
Access Analytics
can filter analytics	Yes	Yes	Yes	Yes
can access trend analysis/comparison	Yes	Yes	Yes	Yes
can personalize analytics	Yes	Yes	Yes	Yes
Access Portfolios
has full access to this module including CRUD operations	Yes	No	No	No
Access Projects
can access all projects by default	Yes	No	No	No
can perform all workflows on a project by default	Yes	No	No	No
can create new projects	Yes	Yes	No	No
can update projects	Yes	Yes (for projects user has access to)	No	No
can archive & unarchive projects	Yes	No	No	No
can destroy projects	Yes	No	No	No
can invite users to projects	Yes	Yes (for projects user has access to)	No	No
can manage user access to projects	Yes	Yes (for projects user has access to)	No	No
can request new projects & update own project requests	Yes	Yes	Yes	Yes
can access all pending & actioned project requests	Yes	Yes	No	No
can approve/reject/request info for all pending project requests	Yes	Yes	No	No
Retesting
has full access to this module	Yes	Yes	Yes	Yes
Schedule
can see own projects	Yes	Yes	Yes	Yes
can see all projects	Yes	No	No	No
can filter by users / roles	Yes	No	No	No
Reporting
can download individual & group reports using available ReportGen templates	Yes	Yes	Yes	Yes
can download ReportGen library templates	Yes	Yes	No	No
can download ReportGen Offline tool	Yes	Yes	No	No
can upload new ReportGen templates	Yes	Yes	No	No
can delete existing ReportGen templates	Yes	Yes	No	No
Search
has full access to this module	Yes	Yes	Yes	Yes
Assets (if enabled)
can create new assets	Yes	Yes	Yes	Yes
can see own assets	Yes	Yes	Yes	Yes
can see all assets	Yes	Yes	No	No
can update own assets	Yes	Yes	Yes	Yes
can update all assets	Yes	Yes	No	No
can delete own assets	Yes	Yes	Yes	Yes
can delete all assets	Yes	Yes	No	No
can view linked projects & groups on assets	Yes	Yes	No	No
can view vulnerabilities on assets	Yes	No	No	No
Vulnerability Library
has full access to this module, including CRUD operations	Yes	Yes	Yes	No
Test Suite Builder
has full access to this module, including CRUD operations	Yes	Yes	No	No
Groups
has full access to this module, including CRUD operations	Yes	No	No	No
Users
has full access to this module, including CRUD operations	Yes	No	No	No
Notifications
can modify own user project email settings	Yes	Yes	Yes	Yes
can subscribe to daily/weekly project email updates	Yes	Yes	Yes	Yes
can subscribe to daily/weekly admin email updates	Yes	No	No	No
Self-Service API
can generate own API key	Yes	Yes	Yes	Yes
can access SSAPI RESTful endpoints/methods	Yes (for APIs user has been given access to)	Yes (for APIs user has been given access to)	Yes (for APIs user has been given access to)	Yes (for APIs user has been given access to)
can access SSAPI Events	Yes (for APIs user has been given access to)	Yes (for APIs user has been given access to)	Yes (for APIs user has been given access to)	Yes (for APIs user has been given access to)
Attack Chains
has full access to this module	Yes	Yes	Yes	Yes
Administration
has full access to this module, including CRUD operations	Yes	No	No	No
Themes
has full access to this module	Yes	Yes	Yes	Yes
Help & Support
has full access to this module	Yes	Yes	Yes	Yes

Function	Administrator	Project Coordinator	Edit	Upload	View
Project
can view project dashboard	Yes	Yes	Yes	Yes	Yes
can invite users to project	Yes	Yes	No	No	No
can edit project	Yes	Yes	No	No	No
can place project on-hold / off-hold	Yes	Yes	Yes	No	No
can add custom ReportGen fields/tags	Yes	Yes	Yes	No	No
can delete / archive project	Yes	Yes	No	No	No
can view project logs	Yes	Yes	No	No	No
Scope / Assets
can view project scope/assets	Yes	Yes	Yes	Yes	Yes
can create, update & delete scope/assets	Yes	Yes	Yes	No	No
can see all assets in Assets module (to be able to assign assets/scope to project)	Yes	Yes	Yes	No	No
Testing
can view test cases	Yes	Yes	Yes	Yes	Yes
can update test cases, including actioning, adding notes & uploading evidence	Yes	Yes	Yes	No	No
can assign assets/users to test cases on a project	Yes	Yes	No	No	No
can lock/unlock test cases on a project	Yes	Yes	No	No	No
can send daily start / stop testing email notifications	Yes	Yes	Yes	No	No
Retesting
can mark vulnerabilities as ready for retest	Yes	Yes	Yes	Yes	Yes
can request a retest	Yes	Yes	Yes	Yes	Yes
can confirm retest is completed	Yes	Yes	Yes	No	No
can view retesting history on project	Yes	Yes	Yes	Yes	Yes
Vulnerabilities
can view all vulnerabilities (except for vulnerabilities in pending status)	Yes	Yes	Yes	Yes	Yes
can view pending vulnerabilities	Yes	Yes	Yes	No	No
can update & delete vulnerabilities	Yes	Yes	Yes	No	No
can view remediation notes	Yes	Yes	Yes	Yes	Yes
can add remediation notes	Yes	Yes	Yes	Yes	Yes
can view, create & reply to review notes	Yes	Yes	Yes	No	No
can view revision history	Yes	Yes	Yes	No	No
can import vulnerabilities from tools & API	Yes	Yes	Yes	No	No
can export vulnerabilities to JIRA / ServiceNow / Azure DevOps / Kenna Security / Nucleus Security	Yes	Yes	Yes	Yes	Yes
Attack Chains
can view attack chains	Yes	Yes	Yes	Yes	Yes
can create, update, re-order, duplicate and delete attack chains	Yes	Yes	Yes	No	No
Reporting
can download standard reports - PDF / DOCX / HTML / CSV	Yes	Yes	Yes	Yes	Yes
can customise standard reports	Yes	Yes	Yes	Yes	Yes
can download JSON export for report	Yes	Yes	Yes	Yes	Yes
can download evidence in ZIP archive	Yes	Yes	Yes	Yes	Yes
can download reports using available ReportGen templates	Yes	Yes	Yes	Yes	Yes
can update executive summary on report	Yes	Yes	Yes	No	No
Daily Tracking
can view daily progress tracker	Yes	Yes	Yes	Yes	Yes
Collaboration
can view project team member profiles	Yes	Yes	Yes	Yes	Yes
can collaborate in Microsoft Teams / Slack / Discord project channel	Yes	Yes	Yes	Yes	Yes
can create Microsoft Teams / Slack / Discord project channels	Yes	Yes	Yes	Yes	Yes
Workspace
can upload files to the project workspace	Yes	Yes	Yes	Yes	No
can create, update & delete workspace notes & files	Yes	Yes	Yes	No	No
can upload testing logs	Yes	Yes	Yes	No	No
can create project notes	Yes	Yes	Yes	No	No