Skip to content

Per feature access control details

ASM (Assets)

  • Assets are bound to 0 (global assets) or many (project assets) projects.
  • To create, edit, or delete an asset, the user must have the "Edit Resources" permission on the project(s) the asset is bound to.
  • To edit the projects an asset is bound to, the user must have a global "Admin" permission as this operation alters the access control of the asset.

Tags

  • Tags are global and can be attached to assets.
  • To attach a tag to a resource, the user must have the "Edit Resources" permission on the project the resource is bound to.
  • To edit a tag, the user must have a global "Edit Tags" permission.

Warning

Attaching a tag to a resource does not have any consequence on the access control of the resource anymore.

DAST (Profiles, Scans, Custom Rules)

  • Profiles are bound to the projects the assets they are linked to are bound to.
  • To create, edit, or delete a profile, the user must have the "Edit Resources" permission on the project(s) the profile is bound to.
  • To edit the projects a profile is bound to, the user must have a global "Admin" permission as this operation alters the access control of the profile.

Reporting

  • Reporting is global and can be viewed by any user.
  • The data we gather to generate the report depends on the projects the user has access to.
  • To manage reporting settings, the user must have a global "Manage Reporting" permission.

Workflows

  • Workflows are global and can be viewed by any user.
  • To create, edit, or delete a workflow, the user must have a global "Edit Workflows" permission on the project(s) the workflow is bound to.
  • To edit the projects a workflow is bound to, the user must have a global "Admin" permission as this operation alters the access control of the workflow.

Warning

Attaching a workflow to a project will impact the resources against which the workflow will be executed. Workflows in a project will only apply to resources located in the project.

Integrations

  • Integrations are bound to 0 (global integrations) or many (project integrations) projects.
  • To create, edit, or delete an integration, the user must have the "Edit Integrations" permission on the project(s) the integration is bound to.
  • To edit the projects an integration is bound to, the user must have a global "Admin" permission as this operation alters the access control of the integration.

Warning

Attaching an integration to a project will impact the resources that will be discovered by the integration. Resources discovered by an integration in a project will automatically be bound to the project. Integrations in a project can only be used by workflows in the same project.