Product Type User Management
This part of the user guide is dedicated to user management within a certain product type as the chapter title suggests.
So, it means that when the user clicks on the “Product Type” tab on the left screen side, a list of product types appears. Then, he/she choose the right product type from the list (where the user right should be adjusted) and click on it. The user's list for certain “Product Type” will appear, and now it is just about to find the right one and change the credentials using the “Edit” button (located in the same line as the user whose rights should be adjusted). Choose the best one from the drop-down menu:
Not assigned (it is the same as the deactivated user for certain product type)
Writer (this right will be automatically assigned for the “Product Type” creator)
Reader
Let us inform you, that right assign on the “Product Type” level will be inherited to the “Product” under this “Product Type” group.
User that created particular Product Type automatically has role Writter assigned to itself.
After Clicking on the “Edit” button, a user can manage permission for product type members. He can choose from roles “Writer”, “Reader” or “none”. If a user chooses the “none” option, a product type member will be unassigned from a specific product, in other cases member will get permissions based on a role that will be chosen. By clicking on the button “OK” a user saves new changes for product members.
Product Type Machine Accounts
Machine Accounts can be assigned to “Product Types”. Machines Accounts by default do not have access to any of the “Products”.
Before you can assign a machine account to any “Product Type” this machine account must be “Active” state. How to activate “Machine account” check this chapter here.
To enable Machine Account for a particular “Product Type”, the regular user should go to “Product Type” choose the right product type from the list and click on it. The users list together with “Machine accounts” will appear. Find the right “Machine account” from the list and click on the “Edit” button. There will be two possible options inside the drop-down menu:
API_Importer
None (it means that “Machine account” will set access to the default values for certain “Product type” → no access for this “Machine Account” for this certain “Product Type”)
Let us inform you, that right assign on the “Product Type” level will be inherited to the “Product” under this “Product Type” group.
Additional info is that in the DT Cloud Services Portal under Products you will not be able to see inherited permissions, where user is able to check them is in the SVMP inside the “All product types” tab or inside the “All Products” tab.
Keep in mind Machine Account can use SVMP only via API interface, to automate importing of the results.
Role explanation
Roles Reader or Writer maps role inside of SVMP with given permissions:
Reader | Writer | API_Importer | |
|---|---|---|---|
View Product Type |
|
|
|
Remove yourself as a member |
|
|
|
View Product |
|
|
|
Remove yourself from Product |
|
|
|
View Engagement |
|
|
|
Add Engagement |
|
|
|
Edit Engagement |
|
|
|
Risk Acceptance |
|
|
|
View Test |
|
|
|
Add Test |
|
|
|
Edit Test |
|
|
|
View Finding |
|
|
|
Add Finding |
|
|
|
Edit Finding |
|
|
|
(Re-)Import Scan Result |
|
|
|
View Finding Group |
|
|
|
Add Finding Group |
|
|
|
Edit Finding Group |
|
|
|
Delete Finding Group |
|
|
|
View Endpoint |
|
|
|
Add Endpoint |
|
|
|
Edit Endpoint |
|
|
|
View Components |
|
|
|
View Note History |
|
|
|
Add Note |
|
|
|
Edit Note |
|
|
|
Delete Note |
|
|
|
Every user is allowed to delete his own notes
If some of the permissions are not explicitly listed, it means Reader nor Writer has not right for a particular action.