Role Permissions

There are three standard roles that can be assigned to a user that have access to ALL assets and Risk Meters:

  • Administrator
  • Normal User (Read/Write)
  • Read-only


Read-Only User

  • View/sort/filter Assets and Vulnerabilities
  • Email and Export data from Kenna
  • Manage personal Alerts settings

Normal User (Read/Write) - everything listed above plus:

  • Change Status on existing Vulnerabilities (open/closed/false positive/risk accepted)
  • Modify Vulnerability field data including defined Custom Fields
  • Change Asset status to active/inactive
  • Add or Delete Tags from Assets
  • Create tickets (if enabled)

Administrator - everything listed above plus:

  • Access to all assets
  • Manage User and User Roles
  • Add, delete and modify Risk Meters
  • Set asset inactivation settings
  • Create and run Connectors
  • Manage Custom Fields
  • Manage SLA (Due Date) Policies
  • Enable Dual Factor Authentication


Using Role Based Access Control (RBAC) you can limit a user's access to assets and Risk Meters. These access groups can be either:

  • Read-only
  • Write
  • Custom Access - restrict the user's ability to perform certain actions, such as creating tickets, editing asset statuses, overriding vulnerability scores and priorities, etc.

More information on RBAC here!



Was this article helpful?
0 out of 0 found this helpful
Have more questions? Submit a request



Please sign in to leave a comment.