Policy Compliance/Policy Audit User Roles and Permissions
Policy Compliance / Policy Audit has 5 OOTB (Out-of-the-box) roles for users:
- Manager: The manager role has all the default permissions of Policy Compliance, and can create and grant permissions to other users. They have all the privileges and access to all modules.
- Unit Manager: The unit manager has the ability to manage assets and users and has management authority only on an assigned business unit.
- Scanner: The scanner role has limited rights to its assigned assets.
- Auditor: The auditor has the view-only permission.
- Reader: The reader role has view permissions.
- Audit Fix Manager: This role has full job and script control, including delete.
- Audit Fix Viewer: This role observes, validates and reports.
- Audit Fix Manager: This role can create and edit jobs and scripts but cannot delete.
The Policy Compliance / Policy Audit module has several permissions related to specific permission categories. The following are the categories of permissions with each of the related permissions groups for this module:
| Permission Categories | Description | Default Roles | |||||||
|---|---|---|---|---|---|---|---|---|---|
| Manager | Unit Manager | Scanner | Auditor | Reader | Audit Fix Manager | Audit Fix Viewer | Audit Fix Manager | ||
| PC Permissions | PC/SCA UI access |  |
|
|
|
|
N | N | N |
| PC Access | |
|
|
|
|
N | N | N | |
| PC/SCA API Permissions | PC/SCA API Access | |
|
|
|
|
N | N | N |
| Alerting Permissions | Alerting Access | |
N | N | N | N | N | N | N |
| Create, edit, and delete your own action | |
N | N | N | N | N | N | N | |
| Edit any action | |
N | N | N | N | N | N | N | |
| Delete any action | |
N | N | N | N | N | N | N | |
| Create, edit, and delete your own rule | |
N | N | N | N | N | N | N | |
| Edit any rule | |
N | N | N | N | N | N | N | |
| Delete any rule | |
N | N | N | N | N | N | N | |
| Remediation Permissions | View Remediation | |
N | N | N | N | N | N | N |
| Policy Audit Fix | N | N | N | N | N | N | N | N | |
| PAF Permissions | PAF API Access | |
|
N | N | N | |
|
|
| PAF UI Access | |
|
N | N | N | |
|
|
|
| PAF Job | Delete Job | |
N | N | N | N | |
N | N |
| Edit Job | |
|
N | N | N | |
N | N | |
| Create Job | |
|
N | N | N | |
N | N | |
| PAF Script | Create Custom CAR Scripts | |
|
N | N | N | |
N | N |
| Edit Custom CAR Scripts | |
|
N | N | N | |
N | N | |
| Import Custom CAR Scripts | |
|
N | N | N | |
N | N | |
| Delete Custom CAR Scripts | |
N | N | N | N | |
N | N | |