Access Control Matrix
Application User Roles
Global Dashboard
has full access to this module
Yes
Yes
Yes
Yes
Analytics
can filter analytics on their data
Yes
Yes
Yes
Yes
Vulnerabilities
can filter their vulnerabilities
Yes
Yes
Yes
Yes
Portfolios
has full access to this module including CRUD operations
Yes
No
No
No
has view access to Portfolio(s)
Yes
Based on configuration
Based on configuration
Based on configuration
has view access to Stream(s)
Yes
Based on configuration
Based on configuration
Based on configuration
Projects
can view projects they have access to
Yes
Yes
Yes
Yes
can access all projects by default
Yes
No
No
No
can perform all workflows on a project by default
Yes
No
No
No
can create new projects
Yes
Yes
Based on configuration
Based on configuration
can update projects
Yes
Yes (for projects user has access to)
Based on configuration
Based on configuration
can archive & unarchive projects
Yes
No
No
No
can destroy projects
Yes
No
No
No
can invite users to projects
Yes
Yes (for projects user has access to)
Based on configuration
Based on configuration
can manage user access to projects
Yes
Yes (for projects user has access to)
Based on configuration
Based on configuration
can request new projects & update own project requests
Yes
Yes
Yes
Yes
can access all pending & actioned project requests
Yes
Yes
Based on configuration
Based on configuration
can approve/reject/request info for all pending project requests
Yes
Yes
Based on configuration
Based on configuration
Scheduling
can see own projects
Yes
Yes
Yes
Yes
can see all projects
Yes
No
No
No
Assets (if enabled)
can create new assets
Yes
Based on configuration
Based on configuration
Based on configuration
can see own assets
Yes
Based on configuration
Based on configuration
Based on configuration
can see uncatalogued assets
Yes
Based on configuration
Based on configuration
Based on configuration
can see all assets, including assets in libraries
Yes
Based on configuration
Based on configuration
Based on configuration
can update own assets
Yes
Based on configuration
Based on configuration
Based on configuration
can update all assets
Yes
Based on configuration
Based on configuration
Based on configuration
can delete own assets
Yes
Based on configuration
Based on configuration
Based on configuration
can delete all assets
Yes
Based on configuration
Based on configuration
Based on configuration
can view linked projects & groups on assets
Yes
Yes
No
No
can view vulnerabilities on assets
Yes
Yes only for vulnerabilities and assets user has access to
Yes only for vulnerabilities and assets user has access to
Yes only for vulnerabilities and assets user has access to
can view/restore Archived assets
Yes
No
No
No
Writeups
can create/read/update/delete writeups in Main Library
Yes
Based on configuration
Based on configuration
Based on configuration
can create/read/update/delete writeups in Imported Library
Yes
Based on configuration
Based on configuration
Based on configuration
can create/read/update/delete writeups in Project Library
Yes
Based on configuration
Based on configuration
Based on configuration
can create/read/update/delete writeups in Custom Libraries
Yes
Based on configuration for each library
Based on configuration for each library
Based on configuration for each library
can create/read/update/restore vulnerabilities in Archived Library
Yes
No
No
No
Test Suites
has full access to this module, including CRUD operations
Yes
Yes
No
No
Groups
has full access to this module, including CRUD operations
Yes
No
No
No
can manage Group Membership
Yes
Based on configuration per group
Based on configuration per group
Based on configuration per group
Users
has full access to this module, including CRUD operations
Yes
No
No
No
Self-Service API
can generate own API key
Yes
Yes
Yes
Yes
can access SSAPI RESTful endpoints/methods
Yes (for APIs user has been given access to)
Yes (for APIs user has been given access to)
Yes (for APIs user has been given access to)
Yes (for APIs user has been given access to)
can access SSAPI Events
Yes (for APIs user has been given access to)
Yes (for APIs user has been given access to)
Yes (for APIs user has been given access to)
Yes (for APIs user has been given access to)
Reporting Templates
has full access to this module
Yes
Yes
No
No
Attack Chains
has full access to this module
Yes
Yes
Yes
Yes
Administration
has full access to this module, including CRUD operations
Yes
No
No
No
Project Privileges
Project
can view project dashboard
Yes
Yes
Yes
Yes
Yes
can invite users to project
Yes
Yes
Based on configuration per project
Based on configuration per project
Based on configuration per project
can view project team and project group members
Yes
Yes
Yes
Based on configuration per project
Based on configuration per project
can edit project
Yes
Yes
Based on configuration per project
Based on configuration per project
Based on configuration per project
can place project on-hold / off-hold
Yes
No
Yes
No
No
can add custom tags
Yes
Yes
Yes
No
No
can delete / archive project
Yes
Yes
No
No
No
can view project logs
Yes
Yes
No
No
No
Scope / Assets
can view project scope/assets
Yes
Yes
Yes
Yes
Yes
can create, update & delete scope/assets
Yes
Yes
Yes
No
No
Testing
can view test cases and execution flows
Yes
Yes
Yes
Yes
Yes
can update test cases, including actioning, adding notes & uploading evidence, adding workspace notes and files
Yes
No
Yes
No
No
can assign assets/users to test cases on a project
Yes
Yes
No
No
No
can lock/unlock/delete test cases on a project
Yes
Yes
No
No
No
can send daily start / stop testing email notifications
Yes
No
Yes
No
No
Retesting
can mark vulnerabilities as ready for retest
Yes
Yes
Yes
Yes
Yes
can request a retest
Yes
Yes
Yes
Yes
Yes
can confirm retest is completed
Yes
No
Yes
No
No
can view retesting history on project
Yes
Yes
Yes
Yes
Yes
Vulnerabilities
can view all vulnerabilities (except for vulnerabilities in pending status)
Yes
Yes
Yes
Yes
Yes
can view pending vulnerabilities
Yes
Yes
Yes
No
No
can update & delete vulnerabilities
Yes
No
Yes
No
No
can view remediation notes
Yes
Yes
Yes
Yes
Yes
can add remediation notes
Yes
Yes
Yes
Yes
Yes
can view, create & reply to review notes
Yes
No
Yes
No
No
can view revision history
Yes
No
Yes
No
No
can import vulnerabilities from tools & API
Yes
No
Yes
No
No
can export vulnerabilities
Yes
Yes
Yes
Yes
Yes
can update SLA
Yes
Yes
No
No
No
can re-apply SLA
Yes
Yes
No
No
No
can remove SLA
Yes
Yes
No
No
No
can update remediation plan
Yes
Yes
Yes
Yes
Yes
Attack Chains
can view attack chains
Yes
Yes
Yes
Yes
Yes
can create, update, re-order, duplicate and delete attack chains
Yes
No
Yes
No
No
Reporting
can download reports
Yes
Yes
Yes
Yes
Yes
can download project JSON export
Yes
Yes
Yes
Yes
Yes
can download evidence in ZIP archive
Yes
Yes
Yes
Yes
Yes
can view executive summary
Yes
Yes
Based on configuration
Based on configuration
Based on configuration
can update executive summary
Yes
No
Based on configuration
No
No
can view, create & reply to executive summary review notes
Yes
No
Yes
No
No
Daily Tracking
can view schedule and tracking
Yes
Yes
Yes
Yes
Yes
Collaboration
can view project team member profiles
Yes
Yes
Yes
Yes
Yes
Workspace
can upload files to the project workspace
Yes
No
Yes
Yes
No
can create, update & delete workspace notes & files
Yes
No
Yes
No
No
can upload testing logs
Yes
No
Yes
No
No
can create project notes
Yes
No
Yes
Yes, however can only see own notes
No
Last updated