Permissions

A user can have access to a limited set of resources or to all resources depending on the permissions assigned to them.

The different roles that can be assigned to a user are:

	Auditor	Security Administrator	System Administrator
Assets	Read	Read and ignore CVE	Manage and actions on all assets (patch, reboot…)
Discoveries	Read	Read	Manage
Connectors Manage	Read	Read	Manage
Encyclopedias	Read	Read	Manage
Reports	Read	Read	Read
Settings			Partial Control

The Administrator has full rights on Cyberwatch. Permissions that are exclusively granted to them are detailed in the table titled “Permissions reserved for the Administrator”.

Changing a user’s access permissions is described in the user rights management documentation.

---

The permissions described in the tables below apply to the assets that users have access to. Specific details may be provided in the table dedicated to special permissions as well as in the FAQ.

User permissions (excluding administrators) can be restricted to projects. For more information, please refer to this page.

The color code used in the tables below is as follows:

• Read: Permission to read without editing
• Manage: Permission to Read - Create - Edit - Delete

Assets

	Auditor	Security Administrator	System Administrator
Asset details	Read	Read	Manage
Asset vulnerabilities	Read	Ignore	Ignore
Patch list	Read	Read	Deploy
Asset reboot			Reboot
Compliance rules	Read	Ignore	Ignore
Technologies	Read	Read	Uninstall
Analyses	Read	Relaunch	Relaunch
Declarative data	Read	Read	Manage

Discoveries

	Auditor	Security Administrator	System Administrator
Discoveries	Read	Read	Manage

Connector Manage

	Auditor	Security Administrator	System Administrator
Agents	Read	Read	Manage
Agentless connections	Read	Read	Manage
Air-gapped assets	Read	Read	Manage
Docker images	Read	Read	Manage
Network targets & websites	Read	Manage	Manage
Cloud	Read	Read	Manage

Encyclopedias

	Auditor	Security Administrator	System Administrator
Vulnerabilities	Read	Read	Edit
Remediation actions	Read	Read	Deploy
Security flaws	Read	Read	Read
Compliance rules	Read	Read	Assign

Reports

	Auditor	Security Administrator	System Administrator
Alerts	Manage	Manage	Manage
Export	Manage	Manage	Manage
User activities	Read	Read	Read

Settings

	Auditor	Security Administrator	System Administrator
Projects	Read	Read	Read
Groups	Read	Read	Read
Stored credentials			Manage
Analysis/deployment/reboot policies	Read	Read	Manage
Prioritization policies	Read	Read	Manage
Automatic exclusions	Read	Read	Read
Custom repositories	Read	Read	Manage
Benchmarks	Read	Read	Read
Asset rules	Read	Read	Read

Kibana Permissions

Modals	Auditor	Security Administrator	System Administrator
Kibana	Requires explicit permission	Requires explicit permission	Requires explicit permission

Kibana per projects

This feature allows you to restrict visibility in Kibana based on the projects assigned to users. In practice, a user will only see in Kibana the assets associated with the projects they have access to. Learn how to modify user permissions on this page.

This feature is only effective if the Cyberwatch platform is running version 5.30 or higher, the Cyberwatch application version is 15.6 or higher, and if you are using the embedded Kibana instance within Cyberwatch.

Permissions reserved for the Administrator

Resources	Rights
Projects	Create
Groups	Create / Assign
Custom analysis scripts and compliance rules	Manage
ignoring policies	Manage
Benchmarks	Create / Delete
Asset rules	Manage
Security issues	Manage
Cyberwatch application	Update / Restart
User accounts and permissions	Manage
Nodes	Manage / Update / Restart
User activities	Comment