AttackForge
AttackForge.comAttackForge EnterpriseSelf-Service APIFAQ
Search…
AttackForge Support
Release Notes
AttackForge.com
Getting Started
Modules
Upgrade to Pro
Security
Privacy
AttackForge Enterprise & AttackForge Core
Getting Started
Modules
Access Control Matrix
Configuration Options
Raising Support Tickets
Built For Enterprise
Security
FAQs
Careers @ AttackForge
Contact
Powered By GitBook
Access Control Matrix

Application User Roles

Function
Administrator
Project Coordinator
Library Moderator
Client / Consultant
Access Global Dashboard
​
​
​
​
  • has full access to this module
Yes
Yes
Yes
Yes
Access Analytics
​
​
​
​
  • can filter analytics
Yes
Yes
Yes
Yes
  • can access trend analysis/comparison
Yes
Yes
Yes
Yes
  • can personalize analytics
Yes
Yes
Yes
Yes
Access Portfolios
​
​
​
​
  • has full access to this module including CRUD operations
Yes
No
No
No
Access Projects
​
​
​
​
  • can access all projects by default
Yes
No
No
No
  • can perform all workflows on a project by default
Yes
No
No
No
  • can create new projects
Yes
Yes
No
No
  • can update projects
Yes
Yes (for projects user has access to)
No
No
  • can archive & unarchive projects
Yes
No
No
No
  • can destroy projects
Yes
No
No
No
  • can invite users to projects
Yes
Yes (for projects user has access to)
No
No
  • can manage user access to projects
Yes
Yes (for projects user has access to)
No
No
  • can request new projects & update own project requests
Yes
Yes
Yes
Yes
  • can access all pending & actioned project requests
Yes
Yes
No
No
  • can approve/reject/request info for all pending project requests
Yes
Yes
No
No
Retesting
​
​
​
​
  • has full access to this module
Yes
Yes
Yes
Yes
Schedule
​
​
​
​
  • can see own projects
Yes
Yes
Yes
Yes
  • can see all projects
Yes
No
No
No
  • can filter by users / roles
Yes
No
No
No
Reporting
​
​
​
​
  • can download individual & group reports using available ReportGen templates
Yes
Yes
Yes
Yes
  • can download ReportGen library templates
Yes
Yes
No
No
  • can download ReportGen Offline tool
Yes
Yes
No
No
  • can upload new ReportGen templates
Yes
Yes
No
No
  • can delete existing ReportGen templates
Yes
Yes
No
No
Search
​
​
​
​
  • has full access to this module
Yes
Yes
Yes
Yes
Assets (if enabled)
​
​
​
​
  • can create new assets
Yes
Yes
Yes
Yes
  • can see own assets
Yes
Yes
Yes
Yes
  • can see all assets
Yes
Yes
No
No
  • can update own assets
Yes
Yes
Yes
Yes
  • can update all assets
Yes
Yes
No
No
  • can delete own assets
Yes
Yes
Yes
Yes
  • can delete all assets
Yes
Yes
No
No
  • can view linked projects & groups on assets
Yes
Yes
No
No
  • can view vulnerabilities on assets
Yes
No
No
No
Vulnerability Library
​
​
​
​
  • can create/read/update/delete vulnerabilities in Main Library
Yes
Yes
Yes
No
  • can create/read/update/delete vulnerabilities in Imported Library
Yes
Yes
Yes
Yes
  • can create/read/update/delete vulnerabilities in Project Library
Yes
Yes, for projects user has access to
Yes, for projects user has access to
No
  • can create/read/update/delete vulnerabilities in Entire Library
Yes
No
No
No
  • can create/read/update/restore vulnerabilities in Deleted Library
Yes
No
No
No
Test Suite Builder
​
​
​
​
  • has full access to this module, including CRUD operations
Yes
Yes
No
No
Groups
​
​
​
​
  • has full access to this module, including CRUD operations
Yes
No
No
No
Users
​
​
​
​
  • has full access to this module, including CRUD operations
Yes
No
No
No
Notifications
​
​
​
​
  • can modify own user project email settings
Yes
Yes
Yes
Yes
  • can subscribe to daily/weekly project email updates
Yes
Yes
Yes
Yes
  • can subscribe to daily/weekly admin email updates
Yes
No
No
No
Self-Service API
​
​
​
​
  • can generate own API key
Yes
Yes
Yes
Yes
  • can access SSAPI RESTful endpoints/methods
Yes (for APIs user has been given access to)
Yes (for APIs user has been given access to)
Yes (for APIs user has been given access to)
Yes (for APIs user has been given access to)
  • can access SSAPI Events
Yes (for APIs user has been given access to)
Yes (for APIs user has been given access to)
Yes (for APIs user has been given access to)
Yes (for APIs user has been given access to)
Attack Chains
​
​
​
​
  • has full access to this module
Yes
Yes
Yes
Yes
Administration
​
​
​
​
  • has full access to this module, including CRUD operations
Yes
No
No
No
Themes
​
​
​
​
  • has full access to this module
Yes
Yes
Yes
Yes
Help & Support
​
​
​
​
  • has full access to this module
Yes
Yes
Yes
Yes

Project Privileges

Function
Administrator
Project Coordinator
Edit
Upload
View
Project
​
​
​
​
​
  • can view project dashboard
Yes
Yes
Yes
Yes
Yes
  • can invite users to project
Yes
Yes
No
No
No
  • can edit project
Yes
Yes
Yes, only following: start date, end date, set & modify additional email recipients for daily start/stop testing + new vulnerability discovered emails
No
No
  • can place project on-hold / off-hold
Yes
Yes
Yes
No
No
  • can add custom ReportGen fields/tags
Yes
Yes
Yes
No
No
  • can delete / archive project
Yes
Yes
No
No
No
  • can view project logs
Yes
Yes
No
No
No
Scope / Assets
​
​
​
​
​
  • can view project scope/assets
Yes
Yes
Yes
Yes
Yes
  • can create, update & delete scope/assets
Yes
Yes
Yes
No
No
  • can see all assets in Assets module (to be able to assign assets/scope to project)
Yes
Yes
Yes
No
No
Testing
​
​
​
​
​
  • can view test cases
Yes
Yes
Yes
Yes
Yes
  • can update test cases, including actioning, adding notes & uploading evidence
Yes
Yes
Yes
No
No
  • can assign assets/users to test cases on a project
Yes
Yes
No
No
No
  • can lock/unlock test cases on a project
Yes
Yes
No
No
No
  • can send daily start / stop testing email notifications
Yes
Yes
Yes
No
No
Retesting
​
​
​
​
​
  • can mark vulnerabilities as ready for retest
Yes
Yes
Yes
Yes
Yes
  • can request a retest
Yes
Yes
Yes
Yes
Yes
  • can confirm retest is completed
Yes
Yes
Yes
No
No
  • can view retesting history on project
Yes
Yes
Yes
Yes
Yes
Vulnerabilities
​
​
​
​
​
  • can view all vulnerabilities (except for vulnerabilities in pending status)
Yes
Yes
Yes
Yes
Yes
  • can view pending vulnerabilities
Yes
Yes
Yes
No
No
  • can update & delete vulnerabilities
Yes
Yes
Yes
No
No
  • can view remediation notes
Yes
Yes
Yes
Yes
Yes
  • can add remediation notes
Yes
Yes
Yes
Yes
Yes
  • can view, create & reply to review notes
Yes
Yes
Yes
No
No
  • can view revision history
Yes
Yes
Yes
No
No
  • can import vulnerabilities from tools & API
Yes
Yes
Yes
No
No
  • can export vulnerabilities to JIRA / ServiceNow / Azure DevOps / Kenna Security / Nucleus Security
Yes
Yes
Yes
Yes
Yes
Attack Chains
​
​
​
​
​
  • can view attack chains
Yes
Yes
Yes
Yes
Yes
  • can create, update, re-order, duplicate and delete attack chains
Yes
Yes
Yes
No
No
Reporting
​
​
​
​
​
  • can download standard reports - PDF / DOCX / HTML / CSV
Yes
Yes
Yes
Yes
Yes
  • can customise standard reports
Yes
Yes
Yes
Yes
Yes
  • can download JSON export for report
Yes
Yes
Yes
Yes
Yes
  • can download evidence in ZIP archive
Yes
Yes
Yes
Yes
Yes
  • can download reports using available ReportGen templates
Yes
Yes
Yes
Yes
Yes
  • can update executive summary on report
Yes
Yes
Yes
No
No
Daily Tracking
​
​
​
​
​
  • can view daily progress tracker
Yes
Yes
Yes
Yes
Yes
Collaboration
​
​
​
​
​
  • can view project team member profiles
Yes
Yes
Yes
Yes
Yes
  • can collaborate in Microsoft Teams / Slack / Discord project channel
Yes
Yes
Yes
Yes
Yes
  • can create Microsoft Teams / Slack / Discord project channels
Yes
Yes
Yes
Yes
Yes
Workspace
​
​
​
​
​
  • can upload files to the project workspace
Yes
Yes
Yes
Yes
No
  • can create, update & delete workspace notes & files
Yes
Yes
Yes
No
No
  • can upload testing logs
Yes
Yes
Yes
No
No
  • can create project notes
Yes
Yes
Yes
Yes, however can only see own notes
No
Previous
Themes
Next - AttackForge Enterprise & AttackForge Core
Configuration Options
Last modified 1mo ago
Copy link
Contents
Application User Roles
Project Privileges