All users are assigned to a group. These groups determine a set of default user permissions for various areas of the platform. The permissions can be modified to meet your organization's needs.
There are six user groups built into the platform:
- User Admin: Recommended for accounts that will be creating, editing, and disabling/deleting Users.
- System Admin: Generally one or two accounts who require full read/modify/delete access to the Validation Platform components.
- Power Users: Recommended for accounts that will be modifying the Validation Platform infrastructure and configurations.
- Users: Recommended for most accounts, including auditors, compliance personnel, security analysts, and engineers.
- Reporting: Generally used for executive leadership and those who wish to view reports and high-level platform information.
-
Custom: By default, this user group is not set up with any permissions. Therefore, you can customize this group to meet individual customer needs by adding whatever settings you want for this group. For example, if you wanted users to only be able to view reports and change timeframes in Report Builder, you would assign the Report - View, the Report Builder - Update, and the Report Builder - Limited Run permissions. When a user that is assigned to this Custom user group logs in to the Validation Platform, the only menus they will see are Report Builder and User, and their only permissions in Report Builder will be to view reports and change the timeframes.
If you want users to only have limited access to Report Builder (as in the preceding example) but also to have access to other menus and functionality in the platform, you could add settings accordingly in the Custom group.
The following table includes the default permissions that are assigned to each group.
| Area | Permission | Reporters | Users | Power User | System Admin | User Admin | Custom |
|---|---|---|---|---|---|---|---|
| Analyze | View | ✔ | ✔ | ✔ | ✔ |
|
|
| Environment | View | ✔ | ✔ | ✔ | ✔ |
|
|
| Edit |
|
✔ | ✔ | ✔ |
|
| |
| Delete |
|
|
✔ | ✔ |
|
| |
| Users | View | ✔ | ✔ | ✔ | ✔ | ✔ |
|
| Create |
|
|
✔
|
✔ | ✔ |
| |
| Edit |
|
|
✔
|
✔ | ✔ |
| |
| Delete |
|
|
✔
|
✔ | ✔ |
| |
| Jobs | View | ✔ | ✔ | ✔ | ✔ |
|
|
| Run |
|
✔ | ✔ | ✔ |
|
| |
| Edit |
|
|
✔ | ✔ |
|
| |
| Delete |
|
|
|
|
|
| |
| AEDA Dashboard | View | ✔ | ✔ | ✔ | ✔ |
|
|
| AEDA Configuration | View |
|
✔ | ✔ | ✔ |
|
|
| Edit |
|
✔ | ✔ | ✔ |
|
| |
| Delete |
|
|
✔ | ✔ |
|
| |
| Report | View | ✔ | ✔ | ✔ | ✔ |
|
|
| Report Builder | Create |
|
|
✔ | ✔ |
|
|
| Update |
|
|
✔ | ✔ |
|
| |
| Limited Run |
|
|
|
|
|
| |
| Job Actions | Override |
|
|
|
✔ |
|
|
| Library | View | ✔ | ✔ | ✔ | ✔ |
|
|
| Edit |
|
✔ | ✔ | ✔ |
|
| |
| Delete |
|
|
✔ | ✔ |
|
| |
| Settings | View |
|
✔ | ✔ | ✔ |
|
|
| Edit |
|
|
✔ | ✔ |
|
| |
| Delete |
|
|
|
✔ |
|
| |
| Content Export |
|
|
✔ | ✔ |
|
| |
| License | View |
|
✔ | ✔ | ✔ |
|
|
| Edit |
|
|
|
✔ |
|
| |
| Integrations | View |
|
✔ | ✔ | ✔ |
|
|
| Edit |
|
|
✔ | ✔ |
|
| |
| Integration Events | Edit |
|
|
|
✔ |
|
|
| Pipelines | This feature is released as a Private Preview. Pre-GA products and features are available "as is" and might have limited support. For more information, please contact your TSC, your CSM, or go to Support. | ||||||
| View |
|
|
✔ | ✔ |
|
| |
| Create |
|
|
|
✔ |
|
| |
| Edit |
|
|
|
✔ |
|
| |
| Delete |
|
|
|
✔ |
|
| |
| Publish Job |
|
|
✔ | ✔ |
|
| |
| API Access |
|
|
|
|
|
| |
| Assessments | Create |
|
|
|
✔ |
|
|
| View |
|
|
✔ | ✔ |
|
| |
| Edit |
|
|
|
✔ |
|
| |
| Delete |
|
|
|
✔ |
|
| |
| Export |
|
|
|
✔ |
|
| |
| Import |
|
|
|
✔ |
|
| |
View and edit User Group permissions
- Go to Settings > User Settings.
- Click User Groups.
- Click Edit for a User Group.
- To assign rights, select the checkbox for that permission.
- To remove rights, clear the checkbox for the permission.
- Click Update User Group.
Permissions cover functionality for different areas of the product. Editable permissions are presented in each User Group view, and any available subset functions for a given permission are mentioned next to that permission name.
For example, the following product areas include granular permissions that determine the User Group's access, depending on how they're configured:
- Library
- Library - View: View Actions, Sequences, Evaluations, Files, Threat Actors (if user has the TAAM license).
- Library - Edit: Create and edit Actions, Sequences, and Evaluations. Can add files and add files to the endpoint Files Library.
- Library - Delete: Delete user-created Actions, Sequences, Evaluations, and user-added files. Can delete files from the endpoint Files Library.
- Jobs
- Jobs - View: View all items under the Jobs menu.
- Jobs - Run: Run Actions, Sequences, and Evaluations.
- Jobs - Edit: Change items under the Jobs menu.
- Jobs - Delete: Remove Job results.