Yes, however you will need to make relevant changes to your system and permissions to enable this option, please follow the below steps to enable this.
How to configure:
By default, the option to delete threats is disabled so you will not see the option to Delete risks and countermeasures for any threat.
To enable this option, click on Settings from the admin bar, then under General > Features uncheck the option to Disable delete Threat.
Once this has been enabled you will need to assign the relevant permissions to the roles that require this functionality, to do this go to the Users & Roles menu, select the role you wish to grant permissions to and under the Product permissions tab enable the following...
THREAT_UPDATE (This is permission is mandatory for this functionality)
Then either or both of the below depending on your desired configuration.
THREAT_DELETE_IF_MITIGATION_IS_PLANNED
- This will allow for threat deletion if the source in M (Manual), E (Edited) or T (Template)
THREAT_DELETE_IF_SOURCE_IS_RULES
- This will allow you to delete a threat if the source is R (Rules) or DF (Dataflow rules)
Once the settings have been saved, accounts with the correct permissions should now be given the option to manually remove threats from a Threat model.
Comments
0 comments
Article is closed for comments.