User Permissions Matrix in Netsparker Enterprise

Netsparker Enterprise is an online, multi-user web application security solution. You can create as many users as you need so everyone who is involved in the development and upkeep of the scanned web applications can do what is required to ensure the long-term security of all your web applications.

The Permissions Matrix describes each Account Type and lists its permissions, enabling you to decide which ones to assign to each user.

The User Permissions Matrix displays two roles: Account Owner and Account Member.

For further information, see User Permissions in Netsparker Enterprise.

Account Owner

This is the primary user that is automatically created for you, using the email address you stated when you either applied for a demo or purchased a license. You can allocate this account to your Team Leader and give them the responsibility of creating all other team members. There can only be one Account Owner.

Account Member

This indicates a team member created by the Account Owner. You can assign different privileges to the account members.

What Each User Permission Enables Users To Do

The Permissions are split into various groups whose headings are highlighted in blue:

Permission Group	Description
Manage Websites	This group enables users to add and update Websites, delete Websites, view the Dashboard and Global Dashboard and manage Website Groups.
Manage Team	This group enables users to reset an API Token, create a User Invitation, manage someone's Account and access Users and Usernames lists.
Manage Scans	This group enables users to manage Scheduled Scans, start Scans, view Scan Reports, Delete Scans and view Scan lists.
Reporting	This group enables users to create, view and manage Reports.
Settings	This group enables users to enforce 2 Factor Authentication and view Activity Logs.
Scan Policies	This group enables users to create and manage Scan Policies.
Manage Issues	This group enables users to view, create and manage issues.

Administrator Account Permission

Users with the Administrator permissions have the same privileges as the Account Owner role, which means they do not have any restrictions on what they can or cannot do. They have every permission in the following categories:

• Manage Website
• Manage Team
• Manage Scan
• Report
• Settings
• Scan Policies
• Manage Issues

Website Groups Permission

The following permissions are only used to specify what users can do in the website group(s) they have access to.

Manage Websites Permission

Users with Manage Website permission can do the following in the website group(s) to which they have access:

• Manage Websites:
  • Add/Update Websites
  • Manage Website groups
• Manage Team:
  • List Usernames (available for all users regardless of permission)

Start Scan Permission

Users with Start Scan permission can do the following in the website group(s) to which they have access:

• Manage Websites:
  • View Dashboard
  • View Global Dashboard
• Manage Team:
  • List Usernames
  • Manage Scans:
  • Managed Scheduled Scan
  • Start Scan
  • View Scan Reports
  • List Scans
• Reporting:
  • Reporting
• Scan Policies:
  • Manage Policies
• Manage Issues:
  • View Issues

View Reports Permission

Users with View Scan Reports permission can do the following in the website group(s) to which they have access:

• Manage Websites:
  • View Dashboard
  • View Global Dashboard
• Manage Team:
  • List Usernames
• Manage Scans:
  • View Scan Reports
  • List Scans
• Reporting:
  • Reporting
• Manage Issues:
  • View Issues

Manage Issues Permission

Users with Manage Issues permission can do the following in the website group(s) to which they have access:

• Manage Websites:
  • View Dashboard
  • View Global Dashboard
• Manage Team:
  • List Usernames
• Manage Scans:
  • View Scan Reports
  • Lists Scans
• Reporting:
  • Reporting
• Manage Issues:
  • View Isues
  • Update Issues