Container Security User Roles and Permissions
Container Security (CS) has one out-of-the-box (OOTB) role for CS users:
CS Manager: This role has all the ETM permissions, Unified Dashboard permissions and Tagging permissions.
The Container Security module has several permission groups related to specific permission categories. The following are the categories of permissions with each of the related permissions groups for this module:
| Category | Permissions | Description | Default Role |
|---|---|---|---|
| CS Manager | |||
| General Configuration and Management | CS Permissions | CS API Access |  |
| CS UI Access | |
||
| CS General Configuration Permissions | View and edit General Configuration | |
|
| CS Data Retention Policy Permissions | View and Edit Data Retention Policy | |
|
| Assets | CS Image Permissions | List and delete images | |
| CS Container Permissions |
List Containers | |
|
| Delete containers | |
||
| CS Host Permissions | List hosts | |
|
| Registry Configuration and Scanning | CS Registry Scan Job Permissions | List, Create, Update, Delete, and Cancel Scan Jobs | |
| CS Registry Permissions | List Registry | |
|
| Create Registry | |
||
| Update Registry | |
||
| Delete Registry | |
||
| Create connector | |
||
| List connectors | |
||
| Delete connectors | |
||
| Sensor Management | CS Sensor Permissions | List and delete sensors | |
| CS Sensor Profile Permissions | Create, list, update, and delete sensor profiles. | |
|
| Events | CS Security Event Permissions | List Security Events | |
| Vulnerability Management | CS Vulnerability Page Permissions | View Vulnerability Page | |
| Edit Vulnerability Page | |
||
| CS Knowledge Base Permissions | View Knowledge Base | |
|
| Secrets Detection | CS Secret Detection Permissions | View, create, update, and delete secret detectors | |
| Reporting | CS Report Permissions | Permission for Reporting Application | |
| Exception Management | CS List Permissions | Create, view, update, and delete lists | |
| CS Exception Permissions | List, create, update, and delete exceptions. | |
|
| Policy Management | CS Centralized Policy Permissions | View, create, update, and delete centralized policies. | |
| Admission Controller | CS K8s Admission Controller Permissions | View and Edit Admission Controller | |
| QScanner | QScanner Permissions | Policy Evaluation permission | |
| QScanner Scan permission | |