Installation guide

1. The Organization Head can add/edit/delete roles, while the Manager cannot.

2. The Organization Head can add users that are the subordinate of any Manager or User with the “Manage Users”

permission. The Manager can only add users as a subordinate of themselves.

3. The Organization Head has visibility of scan schedules and report definitions for the entire Organization, while

Managers can only see those of their subordinates.

Additional users may be created and assigned either one of three possible roles or a custom one. These roles are

“Manager”, “End User”, and “No Role”.

The “Manager” role is intended for security team managers who have the need to manage end-user objects along with

vulnerability, resource and scans. The Manager user is very similar in capability to the Organization Head user except that

they cannot manage roles and cannot manage objects not in their hierarchy (all Organizational users are in the

Organization Head’s hierarchy).

An end-user is an authorized system administrator, network engineer, or auditor with the ability to review their security

data, create and view reports, enter in remediation actions to close tickets, and launch scans (if given proper credentials).

“No Role” is the default “catch-all” role for users or objects for which no role has been assigned or explicit roles have been

removed. This role has virtually no permissions to perform actions within SecurityCenter.

User Access Control

Within the defined user roles, granular permissions are applied that enable users to perform various tasks. Custom roles

can also be created with any combination of desired permissions based on enterprise needs.

Role permissions are broken down based on user visibility. In all cases except policy roles, an “Organizational”

designation indicates that the user with that role can create objects with either “User” or “Organizational” visibility. In the

case of scan policy creation, users with the “Create Policies” permission can only create policies with “User” visibility.

Users with “Create Organizational Policies” and “Create Policies” permissions can create policies with either “User” or

“Organizational” visibility. Users with only the “Create Organizational Policies” permission cannot create any scan policies.

The table below defines the various permissions available within the SecurityCenter architecture:

Table 37 – Available Permissions

Permission

Description

Organization

Head

Administrator

Manager

End User

Accept Risks

Accept the risk of vulnerabilities

Create Alerts

Create custom alerts

Create Audit Files

Upload custom audit files

Create Application Roles

Create roles with application visibility. This is not a

configurable role.

Create Organization

Roles

Create roles with Organizational visibility. This is not a

configurable role.