Access Control Matrix

Application User Roles

FunctionAdminProject CoordinatorLibrary ModeratorClient / Consultant

Global Dashboard

  • has full access to this module

Yes

Yes

Yes

Yes

Analytics

  • can filter analytics on their data

Yes

Yes

Yes

Yes

Vulnerabilities

  • can filter their vulnerabilities

Yes

Yes

Yes

Yes

Portfolios

  • has full access to this module including CRUD operations

Yes

No

No

No

  • has view access to Portfolio(s)

Yes

Based on configuration

Based on configuration

Based on configuration

  • has view access to Stream(s)

Yes

Based on configuration

Based on configuration

Based on configuration

Projects

  • can view projects they have access to

Yes

Yes

Yes

Yes

  • can access all projects by default

Yes

No

No

No

  • can perform all workflows on a project by default

Yes

No

No

No

  • can create new projects

Yes

Yes

No

No

  • can update projects

Yes

Yes (for projects user has access to)

No

No

  • can archive & unarchive projects

Yes

No

No

No

  • can destroy projects

Yes

No

No

No

  • can invite users to projects

Yes

Yes (for projects user has access to)

No

No

  • can manage user access to projects

Yes

Yes (for projects user has access to)

No

No

  • can request new projects & update own project requests

Yes

Yes

Yes

Yes

  • can access all pending & actioned project requests

Yes

Yes

No

No

  • can approve/reject/request info for all pending project requests

Yes

Yes

No

No

Scheduling

  • can see own projects

Yes

Yes

Yes

Yes

  • can see all projects

Yes

No

No

No

Assets (if enabled)

  • can create new assets

Yes

Yes

Yes

Yes

  • can see own assets

Yes

Yes

Yes

Yes

  • can see all assets

Yes

Yes

Yes if user has Edit access to at least 1 project

Yes if user has Edit access to at least 1 project

  • can update own assets

Yes

Yes

Yes

Yes

  • can update all assets

Yes

Yes

No

No

  • can delete own assets

Yes

Yes

Yes

Yes

  • can delete all assets

Yes

Yes

No

No

  • can view linked projects & groups on assets

Yes

Yes

No

No

  • can view vulnerabilities on assets

Yes

Yes only for vulnerabilities user has access to

Yes if user has Edit access to at least 1 project and only for vulnerabilities user has access to

Yes if user has Edit access to at least 1 project and only for vulnerabilities user has access to

Writeups

  • can create/read/update/delete writeups in Main Library

Yes

Based on configuration

Based on configuration

Based on configuration

  • can create/read/update/delete writeups in Imported Library

Yes

Based on configuration

Based on configuration

Based on configuration

  • can create/read/update/delete writeups in Project Library

Yes

Based on configuration

Based on configuration

Based on configuration

  • can create/read/update/delete writeups in Custom Libraries

Yes

Based on configuration for each library

Based on configuration for each library

Based on configuration for each library

  • can create/read/update/delete vulnerabilities in All Libraries

Yes

No

No

No

  • can create/read/update/restore vulnerabilities in Deleted Library

Yes

No

No

No

Test Suites

  • has full access to this module, including CRUD operations

Yes

Yes

No

No

Groups

  • has full access to this module, including CRUD operations

Yes

No

No

No

Users

  • has full access to this module, including CRUD operations

Yes

No

No

No

Self-Service API

  • can generate own API key

Yes

Yes

Yes

Yes

  • can access SSAPI RESTful endpoints/methods

Yes (for APIs user has been given access to)

Yes (for APIs user has been given access to)

Yes (for APIs user has been given access to)

Yes (for APIs user has been given access to)

  • can access SSAPI Events

Yes (for APIs user has been given access to)

Yes (for APIs user has been given access to)

Yes (for APIs user has been given access to)

Yes (for APIs user has been given access to)

Reporting Templates

  • has full access to this module

Yes

Yes

No

No

Attack Chains

  • has full access to this module

Yes

Yes

Yes

Yes

Administration

  • has full access to this module, including CRUD operations

Yes

No

No

No

Project Privileges

FunctionAdminProject CoordinatorEditUploadView

Project

  • can view project dashboard

Yes

Yes

Yes

Yes

Yes

  • can invite users to project

Yes

Yes

No

No

No

  • can view project team and project group members

Yes

Yes

Yes

No

No

  • can edit project

Yes

Yes

Yes, only following: start date, end date, set & modify additional email recipients for daily start/stop testing + new vulnerability discovered emails, update custom fields

No

No

  • can place project on-hold / off-hold

Yes

No

Yes

No

No

  • can add custom tags

Yes

Yes

Yes

No

No

  • can delete / archive project

Yes

Yes

No

No

No

  • can view project logs

Yes

Yes

No

No

No

Scope / Assets

  • can view project scope/assets

Yes

Yes

Yes

Yes

Yes

  • can create, update & delete scope/assets

Yes

Yes

Yes

No

No

  • can see all assets in Assets module (to be able to assign assets/scope to project)

Yes

Yes

Yes

No

No

Testing

  • can view test cases and execution flows

Yes

Yes

Yes

Yes

Yes

  • can update test cases, including actioning, adding notes & uploading evidence, adding workspace notes and files

Yes

No

Yes

No

No

  • can assign assets/users to test cases on a project

Yes

No

No

No

No

  • can lock/unlock/delete test cases on a project

Yes

Yes

No

No

No

  • can send daily start / stop testing email notifications

Yes

No

Yes

No

No

Retesting

  • can mark vulnerabilities as ready for retest

Yes

Yes

Yes

Yes

Yes

  • can request a retest

Yes

Yes

Yes

Yes

Yes

  • can confirm retest is completed

Yes

No

Yes

No

No

  • can view retesting history on project

Yes

Yes

Yes

Yes

Yes

Vulnerabilities

  • can view all vulnerabilities (except for vulnerabilities in pending status)

Yes

Yes

Yes

Yes

Yes

  • can view pending vulnerabilities

Yes

Yes

Yes

No

No

  • can update & delete vulnerabilities

Yes

No

Yes

No

No

  • can view remediation notes

Yes

Yes

Yes

Yes

Yes

  • can add remediation notes

Yes

Yes

Yes

Yes

Yes

  • can view, create & reply to review notes

Yes

No

Yes

No

No

  • can view revision history

Yes

No

Yes

No

No

  • can import vulnerabilities from tools & API

Yes

No

Yes

No

No

  • can export vulnerabilities to JIRA / ServiceNow / Azure DevOps / Kenna Security / Nucleus Security

Yes

Yes

Yes

Yes

Yes

  • can update SLA

Yes

Yes

No

No

No

  • can re-apply SLA

Yes

Yes

No

No

No

  • can remove SLA

Yes

Yes

No

No

No

  • can update remediation plan

Yes

Yes

Yes

Yes

Yes

Attack Chains

  • can view attack chains

Yes

Yes

Yes

Yes

Yes

  • can create, update, re-order, duplicate and delete attack chains

Yes

No

Yes

No

No

Reporting

  • can download standard reports - PDF / DOCX / HTML / CSV

Yes

Yes

Yes

Yes

Yes

  • can customise standard reports

Yes

Yes

Yes

Yes

Yes

  • can download JSON export for report

Yes

Yes

Yes

Yes

Yes

  • can download evidence in ZIP archive

Yes

Yes

Yes

Yes

Yes

  • can download custom reports

Yes

Yes

Yes

Yes

Yes

  • can view executive summary

Yes

Yes

Yes

Yes

Yes

  • can update executive summary

Yes

No

Yes

No

No

  • can view, create & reply to executive summary review notes

Yes

No

Yes

No

No

Daily Tracking

  • can view schedule and tracking

Yes

Yes

Yes

Yes

Yes

Collaboration

  • can view project team member profiles

Yes

Yes

Yes

Yes

Yes

Workspace

  • can upload files to the project workspace

Yes

No

Yes

Yes

No

  • can create, update & delete workspace notes & files

Yes

No

Yes

No

No

  • can upload testing logs

Yes

No

Yes

No

No

  • can create project notes

Yes

No

Yes

Yes, however can only see own notes

No

Last updated

Check YouTube for more tutorials: https://youtube.com/@attackforge