In this article
- Defining a user's role in IriusRisk
Permissions required
- ALL_USERS_UPDATE
Instructions
Assigning a role in IriusRisk requires understanding what the user role requirements are. Below is a mapping between feature sets, and permission set descriptions.
It is possible to add multiple roles for a given set of users to achieve the desired set of permissions. For example, using the FULL_ACCESS_USER role and adding the ROLE_COMPONENTS_EDITOR if you want to add additional permissions. Naturally, a new role can be created that has this combination as well.
| Section | Permission | Permission Description | ROLE_ADMIN (Protected) |
ROLE_ COMPONENTS_ EDITOR |
ROLE_ DEVELOPER |
ROLE_ FULL_ ACCESS_ USER |
ROLE_ LIBRARY_ EDITOR |
ROLE_ MANAGE_ USERS_ BU |
ROLE_ PORTFOLIO_ VIEW |
ROLE_ QUESTIONNAIRE_ ONLY |
ROLE_ READ_ ONLY |
ROLE_ REQUIREMENTS_ MANAGE |
ROLE_ RISK_ MANAGER |
ROLE_ RULES_ EDITOR |
ROLE_ TEMPLATE_ EDITOR |
ROLE_ TESTER |
ROLE_ TEST_ ONLY |
| Global |
ALL_USERS_AUDIT_ LOG_VIEW |
Enables viewing of all users audit events | x | x | x | ||||||||||||
| Global |
ALL_ USERS_ UPDATE |
Manages all users and business units in the system. | x | ||||||||||||||
| Global |
ANALYTICS_ SETTINGS_UPDATE |
Allows managing the settings of the Analytics module. | x | ||||||||||||||
| Global |
API_ ACCESS |
Enables API usage | x | x | x | x | x | x | x | x | x | x | x | ||||
| Global |
COMPONENT_ DEFINITIONS_UPDATE |
Create and edit components | x | ||||||||||||||
| Global |
COMPONENT_ DEFINITIONS_VIEW |
View components | x | x | |||||||||||||
| Global |
DROOLS_CREATION_RULE |
Enables writing custom rules in the native Drools language. This permission requires first to have enabled the permission EDIT_RULES |
x | ||||||||||||||
| Global |
EDIT_RULES |
Enables rules tab: Manages risk rules Manages workflow rules |
x | x | |||||||||||||
| Global |
LIBRARY_UPDATE |
Manage libraries: Create, edit, view and delete libraries |
x | x | |||||||||||||
| Global |
LIBRARY_VIEW |
Allows users to view library risk patterns with no editing permissions | x | x | x | ||||||||||||
| Global |
MANAGE_USERS_ BU |
Manages users inside the same business units: Invites users to the same business units |
x | x | |||||||||||||
| Global |
PRODUCT_CREATE |
Enables project creation | x | x | x | ||||||||||||
| Global |
PRODUCT_ID_ UPDATE |
Update project unique ID (users will also need the PROJECT_UPDATE permission) | x | x | |||||||||||||
| Global |
PRODUCT_IMPORT |
Enables project import Import a single project Import multiple projects Publish templates as projects (users will also need the TEMPLATE_LIBRARY_VIEW permission) |
x | x | x | ||||||||||||
| Global |
PRODUCTS_ LIST_ALL |
Views all open projects and business units. | x | ||||||||||||||
| Global |
PRODUCTS_ LIST_ALL_READ_ ONLY |
Enables a read-only view of threat models (threats and countermeasures) for projects that are not in the user's business unit. | x | ||||||||||||||
| Global | ROLES_UPDATE | Manage roles: Enables roles tab Edit, view and remove roles |
x | ||||||||||||||
| Global | SUPPORT | Check the health status of the application and manage logging levels. | x | ||||||||||||||
| Global | SYSTEM_SETTINGS_UPDATE | View and Edit access to the core system settings and global configuration: System settings View and Edit Security Classification tab View and Edit Global Assets tab View and Edit Custom Fields tab View and Edit Workflow State tab View and Edit Workflow State tab View and Edit Supported Standards tab View and Edit Trust Zones tab View and Edit License tab Global configuration View and Edit General configuration tab View and Edit Issue Tracker tab View and Edit Test tab View and Edit Email tab |
x | ||||||||||||||
| Global | SYSTEM_SETTINGS_VIEW | Same as SYSTEM_SETTINGS_UPDATE but without edit permission | x | x | |||||||||||||
| Global | TEMPLATE_LIBRARY_VIEW | Enables templates and libraries information: Enables Templates and Libraries menu item |
x | x | x | x | x | x | x | x | x | x | x | x | x | ||
| Global | TEMPLATE_UPDATE | Manage templates from all business units the user belongs to: Create, Edit, Remove Templates and Publish them as Project (users will also need the PRODUCT_IMPORT permission) |
x | x | x | ||||||||||||
| Global | TEMPLATE_UPDATE_ALL | Manage all templates: Create, Edit, Remove Templates and Publish them as Project (users will also need the PRODUCT_IMPORT permission) |
x | ||||||||||||||
| Global | USER_AUDIT_LOG_VIEW | Enables the User Audit Log view | x | x | x | x | x | ||||||||||
| Global | VIEW_USERS_SAME_BU | Enables viewing the usernames of users in the same Business Unit as the logged in user. | x | ||||||||||||||
| Project | ARCHITECTURE_UPDATE | Enables editing of diagram and artifacts | x | x | x | x | x | ||||||||||
| Project | ARCHITECTURE_VIEW | Enables viewing Architecture Tab including the diagram, artifacts and notifications panel | x | x | x | x | x | x | |||||||||
| Project |
COUNTERMEASURE_ ADD_FROM_EXISTING |
Allows adding countermeasures from an existing library/template/project to a threat or weaknesses. | x | x | |||||||||||||
| Project | COUNTERMEASURE_CREATE | Allows creating countermeasures manually or from an existing library/template/project for a threat or weaknesses. | x | x | |||||||||||||
| Project | COUNTERMEASURE_DELETE | Enables the action to remove a countermeasure from a weakness or from a component. | x | x | x | ||||||||||||
| Project |
COUNTERMEASURE_ EXPIRY_DATE_VIEW |
Enables Expiry Date information: Enables Expiry Date column |
x | x | x | x | x | ||||||||||
| Project |
COUNTERMEASURE_ MITIGATION_UPDATE |
Allows modification of the mitigation percentage of a countermeasure. | x | x | |||||||||||||
| Project |
COUNTERMEASURE_ SELECT_IMPLEMENTED |
Allows setting a countermeasure as implemented. | x | x | x | x | x | ||||||||||
| Project | COUNTERMEASURE_SELECT_NA | Allows setting a countermeasure as not applicable. | x | x | x | x | x | ||||||||||
| Project |
COUNTERMEASURE_ SELECT_ RECOMMENDED |
Allows setting a countermeasure as recommended. | x | x | x | x | x | ||||||||||
| Project |
COUNTERMEASURE_ SELECT_ REJECTED |
Allows setting a countermeasure as rejected. | x | x | x | x | x | ||||||||||
| Project |
COUNTERMEASURE_ SELECT_ REQUIRED |
Allows setting a countermeasure as required. | x | x | x | x | x | ||||||||||
| Project | COUNTERMEASURE_TEST_VIEW | Enables view the countermeasure test information | x | x | x | x | x | ||||||||||
| Project | COUNTERMEASURE_UPDATE | Manages the countermeasures: Enables countermeasure detail panel, including edit and delete Creates issues in the issue tracker |
x | x | x | x | |||||||||||
| Project | COUNTERMEASURE_VIEW | Enables countermeasure tab | x | x | x | x | x | ||||||||||
| Project | DOWNLOAD_REPORTS | Enables the functionality to download reports from the Risk Summary tab. | x | x | |||||||||||||
| Project | GENERAL_THREATS_MANAGE | Allows managing threats that belong to the whole project, not to any specific component. | x | x | x | ||||||||||||
| Project | PRODUCT_AUDIT_LOG_VIEW | Enables Audit log of Threats and Countermeasures. | x | x | x | x | x | ||||||||||
| Project | PRODUCT_COMPONENT_CREATE | Makes it possible to publish a new project component from a project. | x | x | |||||||||||||
| Project | PRODUCT_COMPONENT_DELETE | Makes it possible to un-publish a project component. | x | x | |||||||||||||
| Project |
PRODUCT_COMPONENT_ SETTINGS_UPDATE |
Update project and component settings, such as issue tracker connection parameters. | x | x | x | x | |||||||||||
| Project | PRODUCT_COMPONENT_UPDATE | Makes it possible to edit the details and sharing settings of a project component. | x | x | |||||||||||||
| Project | PRODUCT_CREATE_FROM_VERSION | Allows the creation of a new project from a project version. | x | x | |||||||||||||
| Project | PRODUCT_CREATE_UPDATE_OTM | Allows creating and updating the data of a project from an external OTM file | x | x | |||||||||||||
| Project | PRODUCT_DELETE | Enables the action to remove a project. | x | x | x | x | |||||||||||
| Project | PRODUCT_EXPORT | Exports the project to an external format. | x | x | x | x | |||||||||||
| Project | PRODUCT_GENERATE_NEW_VERSION | Enables the action to generate new project versions. | x | x | |||||||||||||
| Project | PRODUCT_LOCK | Enables the actions to lock/unlock projects. | x | x | x | ||||||||||||
| Project | PRODUCT_OWNERSHIP_UPDATE | Enables project ownership tab that allows users to assign business units and users to a project. | x | x | x | x | |||||||||||
| Project | PRODUCT_UPDATE | Update project details, such as name and description etc. | x | x | x | x | |||||||||||
| Project | PRODUCT_UPDATE_XML | Allows updating a the data of a project from an external XML file | x | x | x | x | |||||||||||
| Project | PRODUCT_VERSION_DELETE | Enables the action to delete project versions. | x | x | |||||||||||||
| Project | PRODUCT_VERSION_RESTORE | Enables the action to restore project versions. | x | x | |||||||||||||
| Project | PRODUCT_VERSION_UPDATE | Enables the action to update project versions. | x | x | |||||||||||||
| Project | REPORT_DELETE | Enables the action to remove reports from the project reports tab. | x | x | |||||||||||||
| Project | RISK_SUMMARY_VIEW | Enables Risk Summary tab. | x | x | x | x | |||||||||||
| Project | RISK_VIEW | Enables risk information: Enables portfolio tab and risk distribution chart | x | x | x | x | |||||||||||
| Project | SEARCH_BY_CUSTOM_LIBRARIES_LIST | Allow searching countermeasures or threats from a set of pre-defined libraries. | x | ||||||||||||||
| Project | SOURCE_VIEW | Enables source information: Enables Source column | x | x | x | x | |||||||||||
| Project | TEST_UPDATE | Manage tests associated with countermeasures and weakness: Edit and import tests | x | x | x | ||||||||||||
| Project | THREAT_ADD_FROM_EXISTING | Enables the action to manually add an existing threat. | x | ||||||||||||||
| Project | THREAT_CREATE | Enables the actions to manually add an existing threat or a new one. | x | x | x | ||||||||||||
| Project |
THREAT_DELETE_IF_ MITIGATION_IS_PLANNED |
Delete threats with planned mitigation: Enables the option to delete threats This permission requires first to have enabled the permission THREAT_UPDATE | x | x | x | ||||||||||||
| Project |
THREAT_DELETE_IF_ SOURCE_IS_RULES |
Delete threats that originate from the rules engine: Enables the option to delete threats This permission requires first to have enabled the permission THREAT_UPDATE | x | x | x | ||||||||||||
| Project | THREAT_LOCK | Enables the actions to lock/unlock threats | x | x | x | ||||||||||||
| Project | THREAT_UPDATE | Manage threats: Enables the threat detail panel Enables the option to change the owner of the threat Enables the options to apply or unapply threats Enables the options to accept or expose threats Enables the options to copy or move threats Enables the option to delete threats Enables add a weakness to the threat Enables the weakness detail panel Enables the weakness management |
x | x | x | ||||||||||||
| Project |
THREAT_UPDATE_IF_ MITIGATION_IS_PLANNED |
Manage threats with planned mitigation: Enables the threat detail panel Enables the option to change the owner of the threat Enables the options to accept or expose threats Enables the options to apply or unapply threats Enables the options to copy or move threats Enables add a weakness to the threat Enables the weakness detail panel Enables the weakness management This permission requires first to have enabled the permission THREAT_UPDATE |
x | x | x | ||||||||||||
| Project |
THREAT_UPDATE_ IF_SOURCE_IS_RULES |
Manage threats that originate from the rules engine: Enables the threat detail panel Enables the option to change the owner of the threat Enables the options to accept or expose threats Enables the options to apply or unapply threats Enables the options to copy or move threats Enables add a weakness to the threat Enables the weakness detail panel Enables the weakness management This permission requires first to have enabled the permission THREAT_UPDATE |
x | x | x | ||||||||||||
| Project | THREAT_VIEW | Enables threat information: Enables threat tab Enables portfolio tab and risk list |
x | x | x | x | x | x | |||||||||
| Project | USE_CASE_CREATE | Enables use case creation for projects and templates | x | x | x | x | x | ||||||||||
| Project | USE_CASE_DELETE | Enables use case deletion for projects and templates | x | x | x | x | x | ||||||||||
| Project | USE_CASE_UPDATE | Enables use case update for projects and templates | x | x | x | x | x | ||||||||||
| Project | VULNERABILITY_TRACKER_CREATE | Enables the creation of vulnerabilities in the Vulnerability Tracker. | x | x | |||||||||||||
| Project | WEAKNESS_ADD_FROM_EXISTING | Enables the action to manually add an existing weakness. This permission requires first to have enabled the permission THREAT_UPDATE |
x | x | |||||||||||||
| Project | WEAKNESS_CREATE | Enables the actions to manually add an existing weakness or a new one. This permission requires first to have enabled the permission THREAT_UPDATE |
x | x | |||||||||||||
| Project | WEAKNESS_DELETE | Enables the action to manually remove a weakness. This permission requires first to have enabled the permission THREAT_UPDATE |
x | ||||||||||||||
| Project | WEAKNESS_UPDATE | Enables the action to edit a weakness. This permission requires first to have enabled the permission THREAT_UPDATE |
x | x | |||||||||||||
| Project | WORKFLOW_ALL_CHANGE | Enables transition between ALL workflow states. | x | x | x | ||||||||||||
| Project | WORKFLOW_CHANGE | Enables transition between next and previous workflow states. | x | x | x |
Comments
0 comments
Article is closed for comments.