User Permissions

Note: The Compliance APIs are available as part of one of the following subscription combinations only:
- PC and API add-on
- PC, SCA, and API add-on
- VMDR, SCA, and API add-on

User permissions required to view Compliance policy list are below.

User role

Permissions

Manager

- View all compliance policies in subscription.

- View asset group information for all asset groups assigned to policies.

Auditor

- View all compliance policies in subscription.

- View asset group information for all asset groups assigned to policies.

Unit Manager

- View all compliance policies in subscription, when the “Manage compliance” permission is turned on in the user account settings.

- View asset group information for asset groups assigned to compliance policies, when the user has permission to view these asset groups.

Scanner

- View all compliance policies in subscription, when the “Manage compliance” permission is turned on in the user account settings.

- View asset group information for asset groups assigned to compliance policies, when the user has permission to view these asset groups.

Reader

- View all compliance policies in subscription, when the “Manage compliance” permission is turned on in the user account settings.

- View asset group information for asset groups assigned to compliance policies, when the user has permission to view these asset groups.

User Permissions — Asset Group Information

Asset group information included in the policy list output includes the following, as
defined for each asset group: asset group ID, title, and assigned IP addresses. Users are granted permission to view asset group information assigned to policies when the user has permission to view the asset groups.

For example, when a user makes a request for a compliance policy list and the user does not have permission to view asset groups that are assigned to the target policies, then the asset group information does not appear in the policy list output. The asset group IDs are not listed under the <POLICY> section, and the asset group title and assigned IP addresses are not listed under the <GLOSSARY> section.

In a case where a user makes a request for a compliance policy list and the user does not have permission to see one or more asset groups assigned to a target policy, the following information is provided in the compliance policy list output:

<POLICY> section. The attribute “has_hidden_data=1” is returned in the <POLICY> section in the <ASSET_GROUP_IDS> element. This indicates that the user does not have permission to see one or more asset groups in the policy. When this attribute is present, only the asset group IDs that the user has permission to see, if any, are listed in the <ASSET_GROUP_IDS> element.

<GLOSSARY> section. Asset group information is not displayed for asset groups assigned to compliance policies that the user does not have permission to see.

<WARNING_LIST> section. A warning message is returned for informational purposes. This indicates that at least one of the compliance policies in the output has one or more asset groups that the user does not have permission to see.

 

 


 

 

Was this topic helpful?

success Thank you! We're glad to hear that this topic was useful.
success We appreciate your feedback. We'll work to make this topic better for you in the future.