Web Application Permissions
Click to view navigation pane

Home

Web Application Permissions

Our service gives users Role-Based Access Control. Users are granted access to WAS features and functions based on Roles. These Roles are a consolidation of fine grained Permissions. Managers have full rights and can configure roles and permissions using the Administration utility.

How to find Roles

Within the Administration utility, you'll find roles and their related permissions in the Role Management section. For example the WAS Scanner role defines permissions for a Scanner user with permissions to the WAS module.

The Quick Actions menu displaying the actions avaialble for the WAS Scanner role.

Tell me about WAS Asset Permissions

Several permission groups are available for the WAS module and out of all these permission groups, two are for WAS Asset Permissions.

List of various permissions related to WAS assets.

(1) WAS Asset permissions

Web Asset - Purge, Create, Edit, Delete

View/download Selenium Script sensitive contents. Users who are able to edit Web Application records are also able to edit the Authentication Records, such as the Selenium script used for authentication. This option prevents users from downloading a script that was recorded as part of an Authentication Record.

Edit Web Application URL. Allows user to edit only Web Application URL.

Select and Lock/Unlock Scanner Appliance. Allows user to select the type of scanner appliance and lock/unlock the scanner appliance.

How are tags used to grant access to web applications?

A web application tag is a tag assigned to one or more web applications. Assigning a tag to a web application enables you to grant users access to that web application by assigning the same tag to the users scope. Want to define tags? It's easy - just go to the CyberSecurity Asset Management (CSAM) application.

It’s possible to define a global tag that is assigned to multiple objects in the subscription. For example, you can define a tag named “New York” and assign it to both a web application and an option profile. It's possible to define nested tags. For example you can define a parent tag named "ABC Web Applications" and define child tags that apply to Web Application 1, Web application 2, etc. By assigning the parent tag to a user's Scope, you would grant the user access to all the web applications to which the child tags are assigned.

Still have questions?

How do I see a user's assigned roles and permissions? Go to the Administration utility and view/edit the user of interest.

Who has permissions to view scan results? Users who have permission to view a web application also have permission to view scan results for that web application.

Do you have Express Lite? If yes, you and other users in your subscription have full permissions. You will not need to customize permissions.