There are three standard roles that can be assigned to a user that have access to ALL assets and Risk Meters:
- Administrator
- Normal User (Read/Write)
- Read-only
Read-Only User
- View/sort/filter Assets and Vulnerabilities
- Email and Export data from Kenna
- Manage personal Alerts settings
Normal User (Read/Write) - everything listed above plus:
- Change Status on existing Vulnerabilities (open/closed/false positive/risk accepted)
- Modify Vulnerability field data including defined Custom Fields
- Change Asset status to active/inactive
- Add or Delete Tags from Assets
- Create tickets (if enabled)
Administrator - everything listed above plus:
- Access to all assets
- Manage User and User Roles
- Add, delete and modify Risk Meters
- Set asset inactivation settings
- Create and run Connectors
- Manage Custom Fields
- Manage SLA (Due Date) Policies
- Enable Dual Factor Authentication
Using Role Based Access Control (RBAC) you can limit a user's access to assets and Risk Meters. These access groups can be either:
- Read-only
- Write
- Custom Access - restrict the user's ability to perform certain actions, such as creating tickets, editing asset statuses, overriding vulnerability scores and priorities, etc.
More information on RBAC here!
Comments
Please sign in to leave a comment.