There are three standard roles that have access to all assets and Risk Meters:
- Administrator
- Normal User (Read/Write)
- Read Only
Using Role Based Access Control (RBAC) you can limit access to assets and Risk Meters. These access groups can be either:
- Read/Write
- Read Only
Each type of user has similar permissions with the difference that those under RBAC are limited to what asset they can act upon.
Read-Only
- View/sort/filter Assets and Vulnerabilities
- Email and Export data from Kenna
- Manage personal Alerts settings
Read-Write - everything listed above plus:
- Change Status on existing Vulnerabilities (open/closed/false positive/risk accepted)
- Modify Vulnerability field data including defined Custom Fields
- Change Asset status to active/inactive
- Add or Delete Tags from Assets
- Create ServiceNow tickets (if enabled)
Administrator - everything listed above plus:
- Access to all assets
- Manage User Roles and Users
- Add, delete and modify Risk Meters
- Set asset inactivation settings
- Create and run Connectors
- Manage Custom Fields
- Manage SLA (Due Date) Policies
- Enable Dual Factor Authentication