Roles and Permissions

The "Roles and Permissions" page provides users with comprehensive control over role management within the system. This page can be accessed from the Settings menu if the user has the required permissions.

View roles and permissions

Users who have the necessary permission can access a detailed overview of all existing roles and their associated permissions within the system. This feature enables users to gain insights into the current role structure and permissions distribution.

Create new role

With appropriate permissions, users can create new roles seamlessly. By selecting the "New Role" button, users initiate the creation process, which prompts a form where they can specify the name of the new role and save it accordingly.

Assign permissions to a role

Users who have necessary permissions can assign permissions to a role by subsequently checking the corresponding boxes next to the desired permissions within the Permissions Table. Once selections are made, users can save their changes effortlessly.

Policy Based Scan Access

The Policy Based Scan Access feature allows administrators to restrict which scan results a role is permitted to view. When enabled, the role will only have access to scan records that match the selected policy types. This ensures that users can view only the data relevant to their responsibilities and helps enforce the principle of least privilege.

Users with the required permissions can enable this feature and choose one or more policy categories such as Credential Access, Lateral Movement, or Privilege Escalation from the dropdown menu.

This capability enhances data segmentation, improves compliance, and provides greater control over how scan results are exposed across different roles within the organization.

Delete a role

For roles that are editable, users can opt to delete them as necessary. This action is facilitated by clicking on the trash icon adjacent to the role in the Roles Table. Upon initiation, a confirmation window appears, allowing users to confirm or cancel the deletion process.

Select/Deselect all permissions

To expedite permission management, users can opt to select or deselect all permissions associated with a role simultaneously. This streamlined functionality is accessible through the "Select All" or "Deselect All" options, providing users with greater efficiency in managing permissions.

Expand/Collapse permission groups

Users have the flexibility to expand or collapse groups of permissions effortlessly. By clicking on the parent permission name, users can toggle the visibility of permission groups, enhancing the organization and accessibility of permission settings.

After a user successfully creates a role with an appropriate set of permissions, the role can be assigned to an access control entry on the LDAP configuration page to restrict user actions.

The image below depicts the user logged in with the DN in the example, observing the user interface.