In addition to our Normal, Read-Only and Admin roles, you can create roles based on your Risk Meter groups or Applications within Kenna and limit what functions they are able to access as well.
Role-Based Access Control (RBAC) gives users the ability to control who has access to which groups or applications, all the way down to the asset and vulnerability level. It's set at the user role level by granting access to particular groups or applications.
Read-only access grants users access to only viewing assets and vulnerabilities specified by particular Risk Meter groups or to specific Applications. This limits viewing only those Risk Meters within the Dashboard as well as the assets and vulnerabilities associated with them for the VM tab. It also limits viewing only those Applications in the Appsec tab.
For VM, Write access limits control to only viewing and editing assets and vulnerabilities belonging to particular groups. This limits viewing and editing only those assets and vulnerabilities that are a part of that group. For Appsec, Write access limits control to only viewing and editing specific Applications for Appsec.
Custom Access allows for the granular selection of individual data points with Kenna that the role should have permission to edit. This allows you to set custom permissions based on what you want the user to be able to accomplish within Kenna.
Once created, you can assign user roles to new users as you add them to the platform. You can assign up to five roles per user. Click here to learn more about our Multiple Roles per User feature.
To create a new role click the gear in the upper right corner and click on Roles:
Note: Only Admins can create new roles and users.
Once you get into the Roles page, you can see the existing user roles that have already been configured. Clicking the pencil icon, will allow you to edit that role and clicking the Trash icon will delete the role.
From there you can click the New User Role button and complete the form:
You can name your role whatever you would like. You can then select the specific Risk Meter groups and Applications that you want the role to have access to.
The access type for the role can either be Read-Only, Write or Custom Access. Read-Only will allow users to view data, but not have any ability to edit or change anything within the Platform. Write will allow users in the role to perform functions like change the status of a vulnerability or asset, tag an asset, modify custom field values, etc. Custom Access allows for the selective assignment of write permissions for each field/function.
Assigning Users to Roles
Once your role is created you will need to assign users to that role. You can do this during user creation or after the user already exists. In the user creation or edit form you can select the role from the drop down of all existing roles for your instance:
Now whenever that user logs in they will only see the Risk Meters assigned to their role(s)...
...along with all of the assets and vulnerabilities associated with those Risk Meter groups.