SUPPORT

Contact Support

OPEN A TICKET

User Permissions Matrix in Netsparker Enterprise

Netsparker Enterprise is an online, multi-user web application security solution. You can create as many users as you need, so everyone who is involved in the development and upkeep of the scanned web applications can do what is required to ensure the long-term security of all your web applications.

The Permissions Matrix describes each Account Type and lists its permissions, enabling you to decide which privileges to assign to each user.

user permissions matrix

The User Permissions Matrix displays two roles: Account Owner and Account Member.

For further information, see Configuring User Permissions in Netsparker Enterprise.

Account Owner

This is the primary user that is automatically created for you, using the email address you stated when you either applied for a demo or purchased a license. You can allocate this account to your Team Leader and give them the responsibility of creating all other team members. There can only be one Account Owner.

Account Member

This is a team member account created by the Account Owner. You can assign different privileges to the account members.

What Each User Permission Enables Users To Do

The Permissions are split into various groups, whose headings are highlighted in blue on the User Permissions Matrix.

Permission Group

Description

Manage Websites

This group enables users to add and update Websites, delete Websites, view the Dashboard and Global Dashboard and manage Website Groups.

Manage Team

This group enables users to reset an API Token, disable API Access for a team member, create a User Invitation, manage someone's Account and access Users and Usernames lists.

Manage Scans

This group enables users to manage Scheduled Scans, start Scans, view Scan Reports, Delete Scans and view Scan lists.

Reporting

This group enables users to create, view and manage Reports.

Settings

This group enables users to enforce 2nd Factor Authentication (2FA), view Activity Logs and manage IP restrictions.

Scan Policies

This group enables users to create and manage Scan Policies.

Manage Issues

This group enables users to view, create and manage issues.

Manage Issues (Restricted)

This group enables users to view, create and manage issues. However, these users are restricted from marking the state of an issue as Accepted Risk or False Positive, and can only mark it as Fixed (Unconfirmed).

Administrator Account Permission

Users with Account Administrator permissions have the same privileges as the Account Owner role, which means they do not have any restrictions on what they can or cannot do. They have every permission in the following categories:

  • Manage Website
  • Manage Team
  • Manage Scan
  • Report
  • Settings
  • Scan Policies
  • Manage Issues

Website Groups Permission

The following permissions are only used to specify what users can do within the website group(s) to which they have access.

Manage Websites Permission

Users with Manage Website permission can do the following in the website group(s) to which they have access:

  • Manage Websites:
    • Add/Update Websites
    • Manage Website groups
  • Manage Team:
    • List Usernames (available for all users regardless of permission)

Start Scan Permission

Users with Start Scan permission can do the following in the website group(s) to which they have access:

  • Manage Websites:
    • View Dashboard
    • View Global Dashboard
  • Manage Team:
    • List Usernames
  • Manage Scans:
    • Managed Scheduled Scan
    • Start Scan
    • View Scan Reports
    • List Scans
  • Reporting:
    • Reporting
  • Scan Policies:
    • Manage Policies
  • Manage Issues:
    • View Issues

View Reports Permission

Users with View Scan Reports permission can do the following in the website group(s) to which they have access:

  • Manage Websites:
    • View Dashboard
    • View Global Dashboard
  • Manage Team:
    • List Usernames
  • Manage Scans:
    • View Scan Reports
    • List Scans
  • Reporting:
    • Reporting
  • Manage Issues:
    • View Issues

Manage Issues Permission

Users with Manage Issues permission can do the following in the website group(s) to which they have access:

  • Manage Websites:
    • View Dashboard
    • View Global Dashboard
  • Manage Team:
    • List Usernames
  • Manage Scans:
    • View Scan Reports
    • Lists Scans
  • Reporting:
    • Reporting
  • Manage Issues:
    • View Isues
    • Update Issues

Manage Issues (Restricted) Permission

Users with Manage Issues (Restricted) permission can perform the same actions as those users with Manage Issues permission in terms of viewing and updating issues. The only difference is in how they are permitted to mark the state of an issue. Those with restricted permission are restricted from marking the state of an issue as Accepted Risk or False Positive, and can only mark it as Fixed (Unconfirmed).

Tweet
Share
Share

TOP ARTICLES

CATEGORIES

Netsparker

Highly accurate, fast & easy-to-use Web Application Security Scanner

Get a demo

Netsparker Ltd
220 Industrial Blvd Ste 102
Austin, TX 78745

© Netsparker 2021, by Invicti

RESOURCES

USE CASES

WEB SECURITY

COMPANY

© Netsparker 2021, by Invicti

Subscription Services Agreement Data Protection Policy Information Security Policy Privacy Policy Sitemap