Organisation and Group Roles
Hexiosec ASM provides two levels of roles:
- Organisation Roles: what a user can do within your organisation
- Group Roles: what a user can do within a specific group
When new users join your organisation, you or someone else with the correct permissions will need to set the new user's roles for the organisation including any groups you would like them to access.
Any time you are updating organisation or group roles in Hexiosec ASM, you can see a reminder of the role definitions using the "About Roles" button.
Depending on which Hexiosec ASM plan you have, some of the capabilities mentioned below may not be available to any users, regardless of organisation/group role.
There are four organisation level user roles:
- Owner: full ownership and view & edit access to the organisation.
- Admin: full view & edit access to the organisation.
- Manager: key view & edit access for managing day to day work.
- Member: access to view & edit scans
The first user in an organisation is automatically assigned the owner role. An organisation can only have one owner. Owners can:
- Invite new users to your organisation.
- Remover users' access to your organisation.
- Create new groups, manage users' access to different groups, re-name groups.
- Change users' organisation roles.
- Changing the organisation ownership to a different user.
- View the organisation's scan allowances and the remaining balances on the usage page.
- Manage the level of scan change notifications that are enabled for your organisation's scans.
- Create, view and manage scans within permitted groups (dependent on group roles).
Admins have all the same capabilities as the organisation owner, except they can't change the organisation owner.
Managers have the capabilities needed for most day to day management required in Hexiosec ASM. Managers can:
- Create new groups, manage users' access to different groups, re-name groups.
- Create, view and manage scans within groups they have access to (dependent on group roles).
Members can create, view and manage scans within permitted groups (dependent on their group role).
Within each scan group a user has access to, they have a role that determines what they can do. The role a user has for each scan group can be different. The roles are:
- Admin: full view & edit access to the group and scans within it, plus the ability to create new scans.
- Editor: full view & edit access to the scans within the group, plus the ability to create new scans.
- Contributor: full view access to the scans within the group, plus the ability to manage actions & reports.
- Viewer: full view access to the scans within the group.
By default, the user that creates the group is given the admin role. Admins can complete the following actions for the group and the scans within it.
- Create, view, refresh, disable and delete scans.
- Add or delete seed domains & IPs from the scans.
- Move domains & IPs in and out of scope of the scan.
- Edit details of the group or delete the group.
- Create, view and delete reports.
- View and manage actions e.g updating the state or assignee.
- Ignore risks on the scans.
- Managing CDNs and shared IPs.
Editors can do everything an admin can, other than edit details of the group or delete it.
Contributors have the ability to interact with scans in the group without changing any key scope information.
- View scans.
- View and manage actions e.g updating the state or assignee.
- Create and view reports.
Viewers can view all existing scans within the scan group, but cannot edit them in any way.