Web application permissions

Our service gives users Role-Based Access Control. Users are granted access to WAS features and functions based on Roles. These Roles are a consolidation of fine grained Permissions. Managers have full rights and can configure roles and permissions using the Administration utility.

How to find Roles

Within the Administration utility, you'll find roles and their related permissions in the Role Management section. For example the WAS Scanner role defines permissions for a Scanner user with permissions to the WAS module.

Choose a role and configure permissions for the role.

Tell me about WAS Asset Permissions

Several permissions groups are available for the WAS module and two permission groups for WAS Asset Permissions.

List of various permissions related to WAS assets.

(1) WAS Asset permissions

Web Asset - Purge, Create, Edit, Delete Learn more

View/download Selenium Script sensitive contents. Users who are able to edit Web Application records are also able to edit the Authentication Records, such as the Selenium script used for authentication. This option prevents users from downloading a script that was recorded as part of an Authentication Record.

Edit Web Application URL. Allows user to edit only Web Application URL.

Select and Lock/Unlock Scanner Appliance. Allows user to select the type of scanner appliance and lock/unlock the scanner appliance.

(2) WAS Catalog Permissions

Edit Web Application Catalog. Determines whether users are allowed to flag a Catalog entry as New, Rogue, Approved, or Ignore.

Edit Web Application Catalog Entry. Users may also add comments to Catalog entries.

Add to Subscription Web Application Catalog Entry. Determines whether users are permitted to create a Web Application Asset from a Catalog entry.

Access Web Application Catalog. Determines whether the Catalog is accessible to the user.

How are tags used to grant access to web applications?

A web application tag is a tag assigned to one or more web applications. Assigning a tag to a web application enables you to grant users access to that web application by assigning the same tag to the users scope. Want to define tags? It's easy - just go to the CyberSecurity Asset Management (CSAM) application.

It’s possible to define a global tag that is assigned to multiple objects in the subscription. For example, you can define a tag named “New York” and assign it to both a web application and an option profile. It's possible to define nested tags. For example you can define a parent tag named "ABC Web Applications" and define child tags that apply to Web Application 1, Web application 2, etc. By assigning the parent tag to a user's Scope, you would grant the user access to all the web applications to which the child tags are assigned.

Still have questions?

How do I see a user's assigned roles and permissions? Go to the Administration utility and view/edit the user of interest.

Who has permissions to view scan results? Users who have permission to view a web application also have permission to view scan results for that web application.

Do you have Express Lite? If yes, you and other users in your subscription have full permissions. You will not need to customize permissions.