Access Control Matrix

Application User Roles

Function	Admin	Project Coordinator	Library Moderator	Client / Consultant
Global Dashboard
has full access to this module	Yes	Yes	Yes	Yes
Analytics
can filter analytics on their data	Yes	Yes	Yes	Yes
Vulnerabilities
can filter their vulnerabilities	Yes	Yes	Yes	Yes
Portfolios
has full access to this module including CRUD operations	Yes	No	No	No
has view access to Portfolio(s)	Yes	Based on configuration	Based on configuration	Based on configuration
has view access to Stream(s)	Yes	Based on configuration	Based on configuration	Based on configuration
Projects
can view projects they have access to	Yes	Yes	Yes	Yes
can access all projects by default	Yes	No	No	No
can perform all workflows on a project by default	Yes	No	No	No
can create new projects	Yes	Yes	No	No
can update projects	Yes	Yes (for projects user has access to)	No	No
can archive & unarchive projects	Yes	No	No	No
can destroy projects	Yes	No	No	No
can invite users to projects	Yes	Yes (for projects user has access to)	No	No
can manage user access to projects	Yes	Yes (for projects user has access to)	No	No
can request new projects & update own project requests	Yes	Yes	Yes	Yes
can access all pending & actioned project requests	Yes	Yes	No	No
can approve/reject/request info for all pending project requests	Yes	Yes	No	No
Scheduling
can see own projects	Yes	Yes	Yes	Yes
can see all projects	Yes	No	No	No
Assets (if enabled)
can create new assets	Yes	Yes	Yes	Yes
can see own assets	Yes	Yes	Yes	Yes
can see all assets	Yes	Yes	Yes if user has Edit access to at least 1 project	Yes if user has Edit access to at least 1 project
can update own assets	Yes	Yes	Yes	Yes
can update all assets	Yes	Yes	No	No
can delete own assets	Yes	Yes	Yes	Yes
can delete all assets	Yes	Yes	No	No
can view linked projects & groups on assets	Yes	Yes	No	No
can view vulnerabilities on assets	Yes	Yes only for vulnerabilities user has access to	Yes if user has Edit access to at least 1 project and only for vulnerabilities user has access to	Yes if user has Edit access to at least 1 project and only for vulnerabilities user has access to
Writeups
can create/read/update/delete writeups in Main Library	Yes	Based on configuration	Based on configuration	Based on configuration
can create/read/update/delete writeups in Imported Library	Yes	Based on configuration	Based on configuration	Based on configuration
can create/read/update/delete writeups in Project Library	Yes	Based on configuration	Based on configuration	Based on configuration
can create/read/update/delete writeups in Custom Libraries	Yes	Based on configuration for each library	Based on configuration for each library	Based on configuration for each library
can create/read/update/delete vulnerabilities in All Libraries	Yes	No	No	No
can create/read/update/restore vulnerabilities in Deleted Library	Yes	No	No	No
Test Suites
has full access to this module, including CRUD operations	Yes	Yes	No	No
Groups
has full access to this module, including CRUD operations	Yes	No	No	No
Users
has full access to this module, including CRUD operations	Yes	No	No	No
Self-Service API
can generate own API key	Yes	Yes	Yes	Yes
can access SSAPI RESTful endpoints/methods	Yes (for APIs user has been given access to)	Yes (for APIs user has been given access to)	Yes (for APIs user has been given access to)	Yes (for APIs user has been given access to)
can access SSAPI Events	Yes (for APIs user has been given access to)	Yes (for APIs user has been given access to)	Yes (for APIs user has been given access to)	Yes (for APIs user has been given access to)
Attack Chains
has full access to this module	Yes	Yes	Yes	Yes
Administration
has full access to this module, including CRUD operations	Yes	No	No	No

Function

Admin

Project Coordinator

Library Moderator

Client / Consultant

Global Dashboard

has full access to this module

Yes

Analytics

can filter analytics on their data

Yes

Vulnerabilities

can filter their vulnerabilities

Yes

Portfolios

has full access to this module including CRUD operations

Yes

has view access to Portfolio(s)

Yes

Based on configuration

has view access to Stream(s)

Yes

Based on configuration

Projects

can view projects they have access to

Yes

can access all projects by default

Yes

can perform all workflows on a project by default

Yes

can create new projects

Yes

can update projects

Yes

Yes (for projects user has access to)

can archive & unarchive projects

Yes

can destroy projects

Yes

can invite users to projects

Yes

Yes (for projects user has access to)

can manage user access to projects

Yes

Yes (for projects user has access to)

can request new projects & update own project requests

Yes

can access all pending & actioned project requests

Yes

can approve/reject/request info for all pending project requests

Yes

Scheduling

can see own projects

Yes

can see all projects

Yes

Assets (if enabled)

can create new assets

Yes

can see own assets

Yes

can see all assets

Yes

Yes if user has Edit access to at least 1 project

can update own assets

Yes

can update all assets

Yes

can delete own assets

Yes

can delete all assets

Yes

can view linked projects & groups on assets

Yes

can view vulnerabilities on assets

Yes

Yes only for vulnerabilities user has access to

Yes if user has Edit access to at least 1 project and only for vulnerabilities user has access to

Writeups

can create/read/update/delete writeups in Main Library

Yes

Based on configuration

can create/read/update/delete writeups in Imported Library

Yes

Based on configuration

can create/read/update/delete writeups in Project Library

Yes

Based on configuration

can create/read/update/delete writeups in Custom Libraries

Yes

Based on configuration for each library

can create/read/update/delete vulnerabilities in All Libraries

Yes

can create/read/update/restore vulnerabilities in Deleted Library

Yes

Test Suites

has full access to this module, including CRUD operations

Yes

Groups

has full access to this module, including CRUD operations

Yes

Users

has full access to this module, including CRUD operations

Yes

Self-Service API

can generate own API key

Yes

can access SSAPI RESTful endpoints/methods

Yes (for APIs user has been given access to)

can access SSAPI Events

Yes (for APIs user has been given access to)

Attack Chains

has full access to this module

Yes

Administration

has full access to this module, including CRUD operations

Yes

Project Privileges

Function	Admin	Project Coordinator	Edit	Upload	View
Project
can view project dashboard	Yes	Yes	Yes	Yes	Yes
can invite users to project	Yes	Yes	No	No	No
can view project team and project group members	Yes	Yes	Yes	No	No
can edit project	Yes	Yes	Yes, only following: start date, end date, set & modify additional email recipients for daily start/stop testing + new vulnerability discovered emails, update custom fields	No	No
can place project on-hold / off-hold	Yes	No	Yes	No	No
can add custom tags	Yes	Yes	Yes	No	No
can delete / archive project	Yes	Yes	No	No	No
can view project logs	Yes	Yes	No	No	No
Scope / Assets
can view project scope/assets	Yes	Yes	Yes	Yes	Yes
can create, update & delete scope/assets	Yes	Yes	Yes	No	No
can see all assets in Assets module (to be able to assign assets/scope to project)	Yes	Yes	Yes	No	No
Testing
can view test cases and execution flows	Yes	Yes	Yes	Yes	Yes
can update test cases, including actioning, adding notes & uploading evidence, adding workspace notes and files	Yes	No	Yes	No	No
can assign assets/users to test cases on a project	Yes	No	No	No	No
can lock/unlock/delete test cases on a project	Yes	Yes	No	No	No
can send daily start / stop testing email notifications	Yes	No	Yes	No	No
Retesting
can mark vulnerabilities as ready for retest	Yes	Yes	Yes	Yes	Yes
can request a retest	Yes	Yes	Yes	Yes	Yes
can confirm retest is completed	Yes	No	Yes	No	No
can view retesting history on project	Yes	Yes	Yes	Yes	Yes
Vulnerabilities
can view all vulnerabilities (except for vulnerabilities in pending status)	Yes	Yes	Yes	Yes	Yes
can view pending vulnerabilities	Yes	Yes	Yes	No	No
can update & delete vulnerabilities	Yes	No	Yes	No	No
can view remediation notes	Yes	Yes	Yes	Yes	Yes
can add remediation notes	Yes	Yes	Yes	Yes	Yes
can view, create & reply to review notes	Yes	No	Yes	No	No
can view revision history	Yes	No	Yes	No	No
can import vulnerabilities from tools & API	Yes	No	Yes	No	No
can export vulnerabilities to JIRA / ServiceNow / Azure DevOps / Kenna Security / Nucleus Security	Yes	Yes	Yes	Yes	Yes
can update SLA	Yes	Yes	No	No	No
can re-apply SLA	Yes	Yes	No	No	No
can remove SLA	Yes	Yes	No	No	No
can update remediation plan	Yes	Yes	Yes	Yes	Yes
Attack Chains
can view attack chains	Yes	Yes	Yes	Yes	Yes
can create, update, re-order, duplicate and delete attack chains	Yes	No	Yes	No	No
Reporting
can download standard reports - PDF / DOCX / HTML / CSV	Yes	Yes	Yes	Yes	Yes
can customise standard reports	Yes	Yes	Yes	Yes	Yes
can download JSON export for report	Yes	Yes	Yes	Yes	Yes
can download evidence in ZIP archive	Yes	Yes	Yes	Yes	Yes
can download custom reports	Yes	Yes	Yes	Yes	Yes
can view executive summary	Yes	Yes	Yes	Yes	Yes
can update executive summary	Yes	No	Yes	No	No
can view, create & reply to executive summary review notes	Yes	No	Yes	No	No
Daily Tracking
can view schedule and tracking	Yes	Yes	Yes	Yes	Yes
Collaboration
can view project team member profiles	Yes	Yes	Yes	Yes	Yes
Workspace
can upload files to the project workspace	Yes	No	Yes	Yes	No
can create, update & delete workspace notes & files	Yes	No	Yes	No	No
can upload testing logs	Yes	No	Yes	No	No
can create project notes	Yes	No	Yes	Yes, however can only see own notes	No

Function

Admin

Project Coordinator

Edit

Upload

View

Project

can view project dashboard

Yes

can invite users to project

Yes

can view project team and project group members

Yes

can edit project

Yes

Yes, only following: start date, end date, set & modify additional email recipients for daily start/stop testing + new vulnerability discovered emails, update custom fields

can place project on-hold / off-hold

Yes

can add custom tags

Yes

can delete / archive project

Yes

can view project logs

Yes

Scope / Assets

can view project scope/assets

Yes

can create, update & delete scope/assets

Yes

can see all assets in Assets module (to be able to assign assets/scope to project)

Yes

Testing

can view test cases and execution flows

Yes

can update test cases, including actioning, adding notes & uploading evidence, adding workspace notes and files

Yes

can assign assets/users to test cases on a project

Yes

can lock/unlock/delete test cases on a project

Yes

can send daily start / stop testing email notifications

Yes

Retesting

can mark vulnerabilities as ready for retest

Yes

can request a retest

Yes

can confirm retest is completed

Yes

can view retesting history on project

Yes

Vulnerabilities

can view all vulnerabilities (except for vulnerabilities in pending status)

Yes

can view pending vulnerabilities

Yes

can update & delete vulnerabilities

Yes

can view remediation notes

Yes

can add remediation notes

Yes

can view, create & reply to review notes

Yes

can view revision history

Yes

can import vulnerabilities from tools & API

Yes

can export vulnerabilities to JIRA / ServiceNow / Azure DevOps / Kenna Security / Nucleus Security

Yes

can update SLA

Yes

can re-apply SLA

Yes

can remove SLA

Yes

can update remediation plan

Yes

Attack Chains

can view attack chains

Yes

can create, update, re-order, duplicate and delete attack chains

Yes

Reporting

can download standard reports - PDF / DOCX / HTML / CSV

Yes

can customise standard reports

Yes

can download JSON export for report

Yes

can download evidence in ZIP archive

Yes

can download custom reports

Yes

can view executive summary

Yes

can update executive summary

Yes

can view, create & reply to executive summary review notes

Yes

Daily Tracking

can view schedule and tracking

Yes

Collaboration

can view project team member profiles

Yes

Workspace

can upload files to the project workspace

Yes

can create, update & delete workspace notes & files

Yes

can upload testing logs

Yes

can create project notes

Yes

Yes, however can only see own notes

PreviousVulnerability Remediation Note Updated NextRaising Support Tickets

Last updated 5 months ago