Product User Management

This part of the user guide is dedicated to user management for a certain “Product” as the chapter title suggests.

So, it means that when the user clicks on the “Product” tab on the left screen side, a list of products appears. Then, the user can choose the right product from the list (where the user right should be adjusted) and click on it. The user's list for certain “Product” will be displayed, and now it is just about to find the right one and change the credentials using the “Edit” button (located in the same line as the user whose rights should be adjusted). Choose the best one from the drop-down menu:

  • Maintainer - the highest privileges possible to assign for the product member. This role is able to manage users for certain “Product

  • Writer - these roles cover editing the Product itself, without the possibility to manage the users itself

  • Reader - it is like auditor role, where users with this privilege are able to check the “Product” but unable to do any changes

  • None - it represents the same action like user deactivation for certain “Product

After Clicking on the “Edit” button, a user can manage permission for product members. He can choose from roles “Maintainer”, “Writer”, “Reader” or “none”. If a user chooses the “none” option, the product member will be unassigned from a specific product, in other cases member will get permissions based on the role which will be chosen. By clicking on the button “OK” a user safe new changes for product members.

Role explanation

Roles Reader, Writer or Maintainer maps role inside of SVMP with given permissions:

Reader

Writer

Maintainer

API_Importer

View Product

(tick)

(tick)

(tick)

(error)

Remove yourself from Product

(tick)

(tick)

(tick)

(error)

Manage Product members

(error)

(error)

(tick)

(error)

Edit Product

(error)

(error)

(tick)

(error)

View Engagement

(tick)

(tick)

(tick)

(tick)

Add Engagement

(error)

(tick)

(tick)

(error)

Edit Engagement

(error)

(tick)

(tick)

(error)

Risk Acceptance

(error)

(tick)

(tick)

(error)

Delete Engagement

(error)

(error)

(tick)

(error)

View Test

(tick)

(tick)

(tick)

(tick)

Add Test

(error)

(tick)

(tick)

(error)

Edit Test

(error)

(tick)

(tick)

(error)

Delete Test

(error)

(error)

(tick)

(error)

View Finding

(tick)

(tick)

(tick)

(tick)

Add Finding

(error)

(tick)

(tick)

(error)

Edit Finding

(error)

(tick)

(tick)

(error)

Delete Finding

(error)

(error)

(tick)

(error)

(Re-)Import Scan Result

(error)

(tick)

(tick)

(tick)

View Finding Group

(tick)

(tick)

(tick)

(tick)

Add Finding Group

(error)

(tick)

(tick)

(error)

Edit Finding Group

(error)

(tick)

(tick)

(error)

Delete Finding Group

(error)

(tick)

(tick)

(error)

View Endpoint

(tick)

(tick)

(tick)

(tick)

Add Endpoint

(error)

(tick)

(tick)

(error)

Edit Endpoint

(error)

(tick)

(tick)

(error)

View Components

(tick)

(tick)

(tick)

(tick)

View Note History

(tick)

(tick)

(tick)

(error)

Add Note

(error)

(tick)

(tick)

(error)

Edit Note

(error)

(tick)

(tick)

(error)

Delete Note

(error)

(tick)

(tick)

(error)

Every user is allowed to delete his own notes

If some of the permissions are not explicitly listed, it means Reader nor Writer has not right for a particular action.