Permissions
A user can have access to a limited set of resources or to all resources depending on the permissions assigned to them.
The different roles that can be assigned to a user are:
| Auditor | Security Administrator | System Administrator | |
|---|---|---|---|
| Assets | Read | Read and ignore CVE | Manage and actions on all assets (patch, reboot…) |
| Discoveries | Read | Read | Manage |
| Connectors Manage | Read | Read | Manage |
| Encyclopedias | Read | Read | Manage |
| Reports | Read | Read | Read |
| Settings | Partial Control |
The Administrator has full rights on Cyberwatch. Permissions that are exclusively granted to them are detailed in the table titled “Permissions reserved for the Administrator”.
Changing a user’s access permissions is described here.
The permissions described in the tables below apply to the assets that users have access to. Specific details may be provided in the table dedicated to special permissions as well as in the FAQ.
User permissions (excluding administrators) can be restricted to projects. For more information, please refer to this page.
The color code used in the tables below is as follows:
- Read: Permission to read without editing
- Manage: Permission to Read - Create - Edit - Delete
Assets
| Auditor | Security Administrator | System Administrator | |
|---|---|---|---|
| Asset details | Read | Read | Manage |
| Asset vulnerabilities | Read | Ignore | Ignore |
| Patch list | Read | Read | Deploy |
| Asset reboot | Reboot | ||
| Compliance rules | Read | Read | Ignore |
| Technologies | Read | Read | Uninstall |
| Analyses | Read | Relaunch | Relaunch |
| Declarative data | Read | Read | Manage |
Discoveries
| Auditor | Security Administrator | System Administrator | |
|---|---|---|---|
| Discoveries | Read | Read | Manage |
Connector Manage
Encyclopedias
| Auditor | Security Administrator | System Administrator | |
|---|---|---|---|
| Vulnerabilities | Read | Read | Edit |
| Remediation actions | Read | Read | Deploy |
| Security flaws | Read | Read | Read |
| Compliance rules | Read | Read | Assign |
Reports
| Auditor | Security Administrator | System Administrator | |
|---|---|---|---|
| Alerts | Manage | Manage | Manage |
| Export | Manage | Manage | Manage |
| User activities | Read | Read | Read |
Settings
Special Permissions
| Modals | Auditor | Security Administrator | System Administrator |
|---|---|---|---|
| Kibana | Requires explicit permission | Requires explicit permission | Requires explicit permission |
Permissions reserved for the Administrator
| Resources | Rights |
|---|---|
| Projects | Create |
| Groups | Create / Assign |
| Custom analysis scripts and compliance rules | Manage |
| ignoring policies | Manage |
| Benchmarks | Create / Delete |
| Asset rules | Manage |
| Security issues | Manage |
| Cyberwatch application | Update / Restart |
| User accounts and permissions | Manage |
| Nodes | Manage / Update / Restart |
| User activities | Comment |