Organisation and Group Roles

8 min

hexiosec asm provides two levels of roles organisation roles define what a person can do within your organisation group roles define what a person can do within a specific scan group in your organisation when new people are added to your organisation, you or someone else with the correct permissions, will need to set their organisation role and the role they need within each scan group they need access to any time you are updating organisation or group roles in hexiosec asm , you can see a reminder of the role definitions by following the link provided on the page depending on which hexiosec asm plan you have, some of the capabilities mentioned below may not be available to anyone in your organisation, regardless of organisation/group role organisation roles there are four organisation level roles available owner full ownership and view & edit access to the organisation admin full view & edit access to the organisation manager key view & edit access for managing day to day work member access to view & edit scans owner the first person added to an organisation is automatically assigned the owner role an organisation can only have one owner owners can invite people to your organisation remover access to your organisation create new scan groups, manage access to different groups, re name groups change the organisation roles for the members of your organisation changing the organisation ownership to another member of your organisation view the organisation's scan allowances and the remaining balances on the usage page manage the level of scan change notifications that are enabled for your organisation's scans create, view and manage scans within permitted groups (dependent on scan group roles) admin admins have all the same capabilities as the organisation owner, except they can't change the organisation owner manager managers have the capabilities needed for most day to day management required in hexiosec asm managers can create new scan groups, manage access to different groups for members of the organisation, and re name groups create, view and manage scans within groups they have access to (dependent on group roles) member members can create, view and manage scans within permitted groups (dependent on their group role) group roles within each scan group a person has access to, they have a role that determines what they can do the role can be different for each scan group they are a member of the roles are admin full view & edit access to the group and scans within it, plus the ability to create new scans editor full view & edit access to the scans within the group, plus the ability to create new scans contributor full view access to the scans within the group, plus the ability to manage actions & reports viewer full view access to the scans within the group admin by default, the person that creates a scan group is given the admin role for that group admins can complete the following actions for the group and the scans within it add or delete seed domains & ips from the scans mark domains & ips as secondary assets edit details of the group or delete the group create, view and delete reports view and manage actions e g updating the state or assignee ignore risks on the scans managing cdns and shared ips editor editors can do everything an admin can, other than edit details of the group or delete it contributor contributors have the ability to interact with scans in the group without changing any key scope information view scans view and manage actions e g updating the state or assignee create and view reports viewer viewers can view all existing scans within the scan group, but cannot edit them in any way