User Permissions Matrix in Netsparker Enterprise
Netsparker Enterprise is an online, multi-user web application security solution. You can create as many users as you need, so everyone who is involved in the development and upkeep of the scanned web applications can do what is required to ensure the long-term security of all your web applications.
The Permissions Matrix describes each Account Type and lists its permissions, enabling you to decide which privileges to assign to each user.
The User Permissions Matrix displays two roles: Account Owner and Account Member.
For further information, see User Permissions in Netsparker Enterprise.
Account Owner
This is the primary user that is automatically created for you, using the email address you stated when you either applied for a demo or purchased a license. You can allocate this account to your Team Leader and give them the responsibility of creating all other team members. There can only be one Account Owner.
Account Member
This is a team member account created by the Account Owner. You can assign different privileges to the account members.
What Each User Permission Enables Users To Do
The Permissions are split into various groups, whose headings are highlighted in blue on the User Permissions Matrix.
Permission Group |
Description |
Manage Websites |
This group enables users to add and update Websites, delete Websites, view the Dashboard and Global Dashboard and manage Website Groups. |
Manage Team |
This group enables users to reset an API Token, create a User Invitation, manage someone's Account and access Users and Usernames lists. |
Manage Scans |
This group enables users to manage Scheduled Scans, start Scans, view Scan Reports, Delete Scans and view Scan lists. |
Reporting |
This group enables users to create, view and manage Reports. |
Settings |
This group enables users to enforce 2 Factor Authentication and view Activity Logs. |
Scan Policies |
This group enables users to create and manage Scan Policies. |
Manage Issues |
This group enables users to view, create and manage issues. |
Administrator Account Permission
Users with Administrator permissions have the same privileges as the Account Owner role, which means they do not have any restrictions on what they can or cannot do. They have every permission in the following categories:
- Manage Website
- Manage Team
- Manage Scan
- Report
- Settings
- Scan Policies
- Manage Issues
Website Groups Permission
The following permissions are only used to specify what users can do within the website group(s) to which they have access.
Manage Websites Permission
Users with Manage Website permission can do the following in the website group(s) to which they have access:
- Manage Websites:
- Add/Update Websites
- Manage Website groups
- Manage Team:
- List Usernames (available for all users regardless of permission)
Start Scan Permission
Users with Start Scan permission can do the following in the website group(s) to which they have access:
- Manage Websites:
- View Dashboard
- View Global Dashboard
- Manage Team:
- List Usernames
- Manage Scans:
- Managed Scheduled Scan
- Start Scan
- View Scan Reports
- List Scans
- Reporting:
- Reporting
- Scan Policies:
- Manage Policies
- Manage Issues:
- View Issues
View Reports Permission
Users with View Scan Reports permission can do the following in the website group(s) to which they have access:
- Manage Websites:
- View Dashboard
- View Global Dashboard
- Manage Team:
- List Usernames
- Manage Scans:
- View Scan Reports
- List Scans
- Reporting:
- Reporting
- Manage Issues:
- View Issues
Manage Issues Permission
Users with Manage Issues permission can do the following in the website group(s) to which they have access:
- Manage Websites:
- View Dashboard
- View Global Dashboard
- Manage Team:
- List Usernames
- Manage Scans:
- View Scan Reports
- Lists Scans
- Reporting:
- Reporting
- Manage Issues:
- View Isues
- Update Issues
Manage Issues (Restricted) Permission
Users with Manage Issues (Restricted) permission can perform the same actions as those users with Manage Issues permission in terms of viewing and updating issues. The only difference is in how they are permitted to mark the state of an issue. Those with restricted permission are restricted from marking the state of an issue as Accepted Risk or False Positive, and can only mark it as Fixed (Unconfirmed).