Access Control Matrix

Application User Roles

Function

Administrator

Project Coordinator

Library Moderator

Client / Consultant

Access Global Dashboard

  • has full access to this module

Yes

Yes

Yes

Yes

Access Analytics

  • can filter analytics

Yes

Yes

Yes

Yes

  • can access trend analysis/comparison

Yes

Yes

Yes

Yes

  • can personalize analytics

Yes

Yes

Yes

Yes

Access Portfolios

  • has full access to this module including CRUD operations

Yes

No

No

No

Access Projects

  • can access all projects by default

Yes

No

No

No

  • can perform all workflows on a project by default

Yes

No

No

No

  • can create new projects

Yes

Yes

No

No

  • can update projects

Yes

Yes (for projects user has access to)

No

No

  • can archive & unarchive projects

Yes

No

No

No

  • can destroy projects

Yes

No

No

No

  • can invite users to projects

Yes

Yes (for projects user has access to)

No

No

  • can manage user access to projects

Yes

Yes (for projects user has access to)

No

No

  • can request new projects & update own project requests

Yes

Yes

Yes

Yes

  • can access all pending & actioned project requests

Yes

Yes

No

No

  • can approve/reject/request info for all pending project requests

Yes

Yes

No

No

Retesting

  • has full access to this module

Yes

Yes

Yes

Yes

Schedule

  • can see own projects

Yes

Yes

Yes

Yes

  • can see all projects

Yes

No

No

No

  • can filter by users / roles

Yes

No

No

No

Reporting

  • can download individual & group reports using available ReportGen templates

Yes

Yes

Yes

Yes

  • can download ReportGen library templates

Yes

Yes

No

No

  • can download ReportGen Offline tool

Yes

Yes

No

No

  • can upload new ReportGen templates

Yes

Yes

No

No

  • can delete existing ReportGen templates

Yes

Yes

No

No

Search

  • has full access to this module

Yes

Yes

Yes

Yes

Assets (if enabled)

  • can create new assets

Yes

Yes

Yes

Yes

  • can see own assets

Yes

Yes

Yes

Yes

  • can see all assets

Yes

Yes

No

No

  • can update own assets

Yes

Yes

Yes

Yes

  • can update all assets

Yes

Yes

No

No

  • can delete own assets

Yes

Yes

Yes

Yes

  • can delete all assets

Yes

Yes

No

No

  • can view linked projects & groups on assets

Yes

Yes

No

No

  • can view vulnerabilities on assets

Yes

No

No

No

Vulnerability Library

  • has full access to this module, including CRUD operations

Yes

Yes

Yes

No

Test Suite Builder

  • has full access to this module, including CRUD operations

Yes

Yes

No

No

Groups

  • has full access to this module, including CRUD operations

Yes

No

No

No

Users

  • has full access to this module, including CRUD operations

Yes

No

No

No

Notifications

  • can modify own user project email settings

Yes

Yes

Yes

Yes

  • can subscribe to daily/weekly project email updates

Yes

Yes

Yes

Yes

  • can subscribe to daily/weekly admin email updates

Yes

No

No

No

Self-Service API

  • can generate own API key

Yes

Yes

Yes

Yes

  • can access SSAPI RESTful endpoints/methods

Yes (for APIs user has been given access to)

Yes (for APIs user has been given access to)

Yes (for APIs user has been given access to)

Yes (for APIs user has been given access to)

  • can access SSAPI Events

Yes (for APIs user has been given access to)

Yes (for APIs user has been given access to)

Yes (for APIs user has been given access to)

Yes (for APIs user has been given access to)

Attack Chains

  • has full access to this module

Yes

Yes

Yes

Yes

Administration

  • has full access to this module, including CRUD operations

Yes

No

No

No

Themes

  • has full access to this module

Yes

Yes

Yes

Yes

Help & Support

  • has full access to this module

Yes

Yes

Yes

Yes

Project Privileges

Function

Administrator

Project Coordinator

Edit

Upload

View

Project

  • can view project dashboard

Yes

Yes

Yes

Yes

Yes

  • can invite users to project

Yes

Yes

No

No

No

  • can edit project

Yes

Yes

No

No

No

  • can place project on-hold / off-hold

Yes

Yes

Yes

No

No

  • can add custom ReportGen fields/tags

Yes

Yes

Yes

No

No

  • can delete / archive project

Yes

Yes

No

No

No

  • can view project logs

Yes

Yes

No

No

No

Scope / Assets

  • can view project scope/assets

Yes

Yes

Yes

Yes

Yes

  • can create, update & delete scope/assets

Yes

Yes

Yes

No

No

  • can see all assets in Assets module (to be able to assign assets/scope to project)

Yes

Yes

Yes

No

No

Testing

  • can view test cases

Yes

Yes

Yes

Yes

Yes

  • can update test cases, including actioning, adding notes & uploading evidence

Yes

Yes

Yes

No

No

  • can assign assets/users to test cases on a project

Yes

Yes

No

No

No

  • can lock/unlock test cases on a project

Yes

Yes

No

No

No

  • can send daily start / stop testing email notifications

Yes

Yes

Yes

No

No

Retesting

  • can mark vulnerabilities as ready for retest

Yes

Yes

Yes

Yes

Yes

  • can request a retest

Yes

Yes

Yes

Yes

Yes

  • can confirm retest is completed

Yes

Yes

Yes

No

No

  • can view retesting history on project

Yes

Yes

Yes

Yes

Yes

Vulnerabilities

  • can view all vulnerabilities (except for vulnerabilities in pending status)

Yes

Yes

Yes

Yes

Yes

  • can view pending vulnerabilities

Yes

Yes

Yes

No

No

  • can update & delete vulnerabilities

Yes

Yes

Yes

No

No

  • can view remediation notes

Yes

Yes

Yes

Yes

Yes

  • can add remediation notes

Yes

Yes

Yes

Yes

Yes

  • can view, create & reply to review notes

Yes

Yes

Yes

No

No

  • can view revision history

Yes

Yes

Yes

No

No

  • can import vulnerabilities from tools & API

Yes

Yes

Yes

No

No

  • can export vulnerabilities to JIRA / ServiceNow / Azure DevOps / Kenna Security / Nucleus Security

Yes

Yes

Yes

Yes

Yes

Attack Chains

  • can view attack chains

Yes

Yes

Yes

Yes

Yes

  • can create, update, re-order, duplicate and delete attack chains

Yes

Yes

Yes

No

No

Reporting

  • can download standard reports - PDF / DOCX / HTML / CSV

Yes

Yes

Yes

Yes

Yes

  • can customise standard reports

Yes

Yes

Yes

Yes

Yes

  • can download JSON export for report

Yes

Yes

Yes

Yes

Yes

  • can download evidence in ZIP archive

Yes

Yes

Yes

Yes

Yes

  • can download reports using available ReportGen templates

Yes

Yes

Yes

Yes

Yes

  • can update executive summary on report

Yes

Yes

Yes

No

No

Daily Tracking

  • can view daily progress tracker

Yes

Yes

Yes

Yes

Yes

Collaboration

  • can view project team member profiles

Yes

Yes

Yes

Yes

Yes

  • can collaborate in Microsoft Teams / Slack / Discord project channel

Yes

Yes

Yes

Yes

Yes

  • can create Microsoft Teams / Slack / Discord project channels

Yes

Yes

Yes

Yes

Yes

Workspace

  • can upload files to the project workspace

Yes

Yes

Yes

Yes

No

  • can create, update & delete workspace notes & files

Yes

Yes

Yes

No

No

  • can upload testing logs

Yes

Yes

Yes

No

No

  • can create project notes

Yes

Yes

Yes

No

No