Access Control Matrix

Global Dashboard

• has full access to this module

Analytics

• can filter analytics on their data

Vulnerabilities

• can filter their vulnerabilities

Portfolios

• has full access to this module including CRUD operations

• has view access to Portfolio(s)

• has view access to Stream(s)

Projects

• can view projects they have access to

• can access all projects by default

• can perform all workflows on a project by default

• can create new projects

• can update projects

• can archive & unarchive projects

• can destroy projects

• can invite users to projects

• can manage user access to projects

• can request new projects & update own project requests

• can access all pending & actioned project requests

• can approve/reject/request info for all pending project requests

Scheduling

• can see own projects

• can see all projects

Assets (if enabled)

• can create new assets

• can see own assets

• can see uncatalogued assets

• can see all assets, including assets in libraries

• can update own assets

• can update all assets

• can delete own assets

• can delete all assets

• can view linked projects & groups on assets

• can view vulnerabilities on assets

• can view/restore Archived assets

Writeups

• can create/read/update/delete writeups in Main Library

• can create/read/update/delete writeups in Imported Library

• can create/read/update/delete writeups in Project Library

• can create/read/update/delete writeups in Custom Libraries

• can create/read/update/restore vulnerabilities in Archived Library

Test Suites

• has full access to this module, including CRUD operations

Groups

• has full access to this module, including CRUD operations

• can manage Group Membership

Users

• has full access to this module, including CRUD operations

Self-Service API

• can generate own API key

• can access SSAPI RESTful endpoints/methods

• can access SSAPI Events

Reporting Templates

• has full access to this module

Attack Chains

• has full access to this module

Administration

• has full access to this module, including CRUD operations

Project

• can view project dashboard

• can invite users to project

• can view project team and project group members

• can edit project

• can place project on-hold / off-hold

• can add custom tags

• can delete / archive project

• can view project logs

Scope / Assets

• can view project scope/assets

• can create, update & delete scope/assets

Testing

• can view test cases and execution flows

• can update test cases, including actioning, adding notes & uploading evidence, adding workspace notes and files

• can assign assets/users to test cases on a project

• can lock/unlock/delete test cases on a project

• can send daily start / stop testing email notifications

Retesting

• can mark vulnerabilities as ready for retest

• can request a retest

• can confirm retest is completed

• can view retesting history on project

Vulnerabilities

• can view all vulnerabilities (except for vulnerabilities in pending status)

• can view pending vulnerabilities

• can update & delete vulnerabilities

• can view remediation notes

• can add remediation notes

• can view, create & reply to review notes

• can view revision history

• can import vulnerabilities from tools & API

• can export vulnerabilities

• can update SLA

• can re-apply SLA

• can remove SLA

• can update remediation plan

Attack Chains

• can view attack chains

• can create, update, re-order, duplicate and delete attack chains

Reporting

• can download reports

• can download project JSON export

• can download evidence in ZIP archive

• can view executive summary

• can update executive summary

• can view, create & reply to executive summary review notes

Daily Tracking

• can view schedule and tracking

Collaboration

• can view project team member profiles

Workspace

• can upload files to the project workspace

• can create, update & delete workspace notes & files

• can upload testing logs

• can create project notes