Roles and Scopes Settings

Allow full permissions and scope

Select this option only if you want the user to have all permissions and access to all objects in the subscription.

New role

Click to create a new role for the user account. The new role can also be applied to other user accounts.

Assigned roles

Add and remove assigned roles. To take actions on a role, hover over the role and choose an action from the menu. When you edit a role you can change the role name, description and the assigned permissions. Any changes you make will apply to all users assigned that role.


- Be careful when removing the UI access permission from a role. A user will not be able to log into the UI if they don't have at least one role with the UI access permission assigned.

- When you delete a role, it is deleted from all users who have it assigned.

Search unassigned roles

Search unassigned roles by name. The Unassigned roles list changes dynamically as you type.

Allow user view access to all objects

Select this option only if you want the user's scope to include all objects in the subscription, including web applications, scans, configurations, reports and tags.

Choose tags to define the user's scope

Select tags to determine which objects the user will have access to. The user's permissions will apply to all objects that are assigned the selected tags. Select a tag from the menu or use the search field. To remove a tag, click the X  to the right of its name.

Exclude Agent assets from IP Range Tags

Select this option to exclude the Cloud Agent assets that are added to a user scope only due to the IP range tags in the Asset View module. The Manager user can enable and disable this option for all the sub-users.