In addition to our Normal and Admin roles, you can create roles based on your Risk Meter groups within Kenna.
Role-Based Access Control (RBAC) gives users the ability to control who has access to which groups, all the way down to the asset and vulnerability level. It's set at the user role level by granting access to particular groups.
- Read-only access grants users access to only viewing assets and vulnerabilities specified by particular Risk Meter groups. This limits viewing only those Risk Meters within the dashboard as well as the assets and vulnerabilities associated with them.
- Write access limits control to only viewing and editing assets and vulnerabilities belonging to particular groups. This limits viewing and editing only those assets and vulnerabilities that are a part of that group.
- Custom Access allows for the granular selection of individual data points with Kenna that the role should have permission to edit.
Once created, you can assign user roles to new users as you add them to the platform.
To create a new role click the gear in the upper right corner and click on User Roles:
Note: Only Admins can create new roles and users
From there you can click the New User Role button and complete the form:
You can name your role whatever you would like. The access type for the role can either be Read-Only, Write or Custom Access. Write will allow users in the role to perform functions like change the status of a vulnerability, tag an asset, modify custom field values, etc. Custom Access allows for the selective assignment of write permissions for each field/function.
Assigning Users to Roles
Once your role is created you will need to assign users to that role. You can do this during user creation or after the user already exists. In the user creation or edit form you can select the role from the drop down of all existing roles for your instance:
Now whenever that user logs in they will only see the Risk Meters assigned to their role...
...along with all of the assets and vulnerabilities associated with those Risk Meter groups.