Organisation and Group Roles
Hexiosec ASM provides two levels of roles:
- Organisation Roles: define what a person can do within your organisation
- Group Roles: define what a person can do within a specific scan group in your organisation.
When new people are addeed to your organisation, you or someone else with the correct permissions, will need to set their organisation role and the role they need within each scan group they need access to.
Any time you are updating organisation or group roles in Hexiosec ASM, you can see a reminder of the role definitions by following the link provided on the page.
Depending on which Hexiosec ASM plan you have, some of the capabilities mentioned below may not be available to anyone in your organisation, regardless of organisation/group role.
There are four organisation level roles available:
- Owner: full ownership and view & edit access to the organisation.
- Admin: full view & edit access to the organisation.
- Manager: key view & edit access for managing day to day work.
- Member: access to view & edit scans
The first person added to an organisation is automatically assigned the owner role. An organisation can only have one owner. Owners can:
- Invite people to your organisation.
- Remover access to your organisation.
- Create new scan groups, manage access to different groups, re-name groups.
- Change the organisation roles for the members of your organisation.
- Changing the organisation ownership to another member of your organisation.
- View the organisation's scan allowances and the remaining balances on the usage page.
- Manage the level of scan change notifications that are enabled for your organisation's scans.
- Create, view and manage scans within permitted groups (dependent on scan group roles).
Admins have all the same capabilities as the organisation owner, except they can't change the organisation owner.
Managers have the capabilities needed for most day to day management required in Hexiosec ASM. Managers can:
- Create new scan groups, manage access to different groups for members of the organisation, and re-name groups.
- Create, view and manage scans within groups they have access to (dependent on group roles).
Members can create, view and manage scans within permitted groups (dependent on their group role).
Within each scan group a person has access to, they have a role that determines what they can do. The role can be different for each scan group they are a member of. The roles are:
- Admin: full view & edit access to the group and scans within it, plus the ability to create new scans.
- Editor: full view & edit access to the scans within the group, plus the ability to create new scans.
- Contributor: full view access to the scans within the group, plus the ability to manage actions & reports.
- Viewer: full view access to the scans within the group.
By default, the person that creates a scan group is given the admin role for that group. Admins can complete the following actions for the group and the scans within it.
- Create, view, refresh, disable and delete scans.
- Add or delete seed domains & IPs from the scans.
- Move domains & IPs in and out of scope of the scan.
- Edit details of the group or delete the group.
- Create, view and delete reports.
- View and manage actions e.g updating the state or assignee.
- Ignore risks on the scans.
- Managing CDNs and shared IPs.
Editors can do everything an admin can, other than edit details of the group or delete it.
Contributors have the ability to interact with scans in the group without changing any key scope information.
- View scans.
- View and manage actions e.g updating the state or assignee.
- Create and view reports.
Viewers can view all existing scans within the scan group, but cannot edit them in any way.