Skip to main content

How are Roles defined in IriusRisk

James Rabe
  • Updated

In this article

  • Defining a user's role in IriusRisk

Permissions required

  • ALL_USERS_UPDATE

Instructions

Assigning a role in IriusRisk requires understanding what the user role requirements are. Below is a mapping between feature sets, and permission set descriptions.

 

It is possible to add multiple roles for a given set of users to achieve the desired set of permissions. For example, using the FULL_ACCESS_USER role and adding the ROLE_COMPONENTS_EDITOR if you want to add additional permissions. Naturally, a new role can be created that has this combination as well.  

 

Section Permission Permission Description ROLE_ADMIN (Protected)

ROLE_

COMPONENTS_

EDITOR

ROLE_

DEVELOPER

ROLE_

FULL_

ACCESS_

USER

ROLE_

LIBRARY_

EDITOR

ROLE_

MANAGE_

USERS_

BU

ROLE_

PORTFOLIO_

VIEW

ROLE_

QUESTIONNAIRE_

ONLY

ROLE_

READ_

ONLY

ROLE_

REQUIREMENTS_

MANAGE

ROLE_

RISK_

MANAGER

ROLE_

RULES_

EDITOR

ROLE_

TEMPLATE_

EDITOR

ROLE_

TESTER

ROLE_

TEST_

ONLY
Global

ALL_USERS_AUDIT_

LOG_VIEW

 Enables viewing of all users audit events x     x         x            
Global

ALL_

USERS_

UPDATE

 Manages all users and business units in the system. x                            
Global

ANALYTICS_

SETTINGS_UPDATE

 Allows managing the settings of the Analytics module. x                            
Global

API_

ACCESS

 Enables API usage x   x x x x x x   x   x x x  
Global

COMPONENT_

DEFINITIONS_UPDATE

 Create and edit components x                            
Global

COMPONENT_

DEFINITIONS_VIEW

 View components x               x            
Global

DROOLS_CREATION_RULE

 Enables writing custom rules in the native Drools language.
This permission requires first to have enabled the permission EDIT_RULES		 x                            
Global

EDIT_RULES

 Enables rules tab:
Manages risk rules
Manages workflow rules		 x                     x      
Global

LIBRARY_UPDATE

 Manage libraries:
Create, edit, view and delete libraries		 x       x                    
Global

LIBRARY_VIEW

 Allows users to view library risk patterns with no editing permissions x       x       x            
Global

MANAGE_USERS_

BU

 Manages users inside the same business units:
Invites users to the same business units		 x         x                  
Global

PRODUCT_CREATE

 Enables project creation x   x x                      
Global

PRODUCT_ID_

UPDATE

 Update project unique ID (users will also need the PROJECT_UPDATE permission) x     x                      
Global

PRODUCT_IMPORT

 Enables project import
Import a single project
Import multiple projects
Publish templates as projects (users will also need the TEMPLATE_LIBRARY_VIEW permission)		 x   x x                      
Global

PRODUCTS_

LIST_ALL

 Views all open projects and business units. x                            
Global

PRODUCTS_

LIST_ALL_READ_

ONLY

 Enables a read-only view of threat models (threats and countermeasures) for projects that are not in the user's business unit. x                            
Global ROLES_UPDATE Manage roles:
Enables roles tab
Edit, view and remove roles		 x                            
Global SUPPORT Check the health status of the application and manage logging levels. x                            
Global SYSTEM_SETTINGS_UPDATE View and Edit access to the core system settings and global configuration:
System settings
View and Edit Security Classification tab
View and Edit Global Assets tab
View and Edit Custom Fields tab
View and Edit Workflow State tab
View and Edit Workflow State tab
View and Edit Supported Standards tab
View and Edit Trust Zones tab
View and Edit License tab
Global configuration
View and Edit General configuration tab
View and Edit Issue Tracker tab
View and Edit Test tab
View and Edit Email tab		 x                            
Global SYSTEM_SETTINGS_VIEW Same as SYSTEM_SETTINGS_UPDATE but without edit permission x               x            
Global TEMPLATE_LIBRARY_VIEW Enables templates and libraries information:
Enables Templates and Libraries menu item		 x   x x x x x x x x x x x x  
Global TEMPLATE_UPDATE Manage templates from all business units the user belongs to:
Create, Edit, Remove Templates and Publish them as Project (users will also need the PRODUCT_IMPORT permission)		 x     x                 x    
Global TEMPLATE_UPDATE_ALL Manage all templates:
Create, Edit, Remove Templates and Publish them as Project (users will also need the PRODUCT_IMPORT permission)		 x                            
Global USER_AUDIT_LOG_VIEW Enables the User Audit Log view x   x x         x   x        
Global VIEW_USERS_SAME_BU Enables viewing the usernames of users in the same Business Unit as the logged in user. x                            
Project ARCHITECTURE_UPDATE Enables editing of diagram and artifacts x   x x       x     x        
Project ARCHITECTURE_VIEW Enables viewing Architecture Tab including the diagram, artifacts and notifications panel x   x x       x x   x        
Project

COUNTERMEASURE_

ADD_FROM_EXISTING

 Allows adding countermeasures from an existing library/template/project to a threat or weaknesses. x     x                      
Project COUNTERMEASURE_CREATE Allows creating countermeasures manually or from an existing library/template/project for a threat or weaknesses. x     x                      
Project COUNTERMEASURE_DELETE Enables the action to remove a countermeasure from a weakness or from a component. x   x x                      
Project

COUNTERMEASURE_

EXPIRY_DATE_VIEW

 Enables Expiry Date information:
Enables Expiry Date column		 x   x x         x   x        
Project

COUNTERMEASURE_

MITIGATION_UPDATE

 Allows modification of the mitigation percentage of a countermeasure. x     x                      
Project

COUNTERMEASURE_

SELECT_IMPLEMENTED

 Allows setting a countermeasure as implemented. x   x x           x x        
Project COUNTERMEASURE_SELECT_NA Allows setting a countermeasure as not applicable. x   x x           x x        
Project

COUNTERMEASURE_

SELECT_

RECOMMENDED

 Allows setting a countermeasure as recommended. x   x x           x x        
Project

COUNTERMEASURE_

SELECT_

REJECTED

 Allows setting a countermeasure as rejected. x   x x           x x        
Project

COUNTERMEASURE_

SELECT_

REQUIRED

 Allows setting a countermeasure as required. x   x x           x x        
Project COUNTERMEASURE_TEST_VIEW Enables view the countermeasure test information x   x x         x   x        
Project COUNTERMEASURE_UPDATE Manages the countermeasures:
Enables countermeasure detail panel, including edit and delete
Creates issues in the issue tracker		 x   x x             x        
Project COUNTERMEASURE_VIEW Enables countermeasure tab x   x x         x   x        
Project DOWNLOAD_REPORTS Enables the functionality to download reports from the Risk Summary tab. x     x                      
Project GENERAL_THREATS_MANAGE Allows managing threats that belong to the whole project, not to any specific component. x     x             x        
Project PRODUCT_AUDIT_LOG_VIEW Enables Audit log of Threats and Countermeasures. x   x x         x   x        
Project PRODUCT_COMPONENT_CREATE Makes it possible to publish a new project component from a project. x     x                      
Project PRODUCT_COMPONENT_DELETE Makes it possible to un-publish a project component. x     x                      
Project

PRODUCT_COMPONENT_

SETTINGS_UPDATE

 Update project and component settings, such as issue tracker connection parameters. x   x x             x        
Project PRODUCT_COMPONENT_UPDATE Makes it possible to edit the details and sharing settings of a project component. x     x                      
Project PRODUCT_CREATE_FROM_VERSION Allows the creation of a new project from a project version. x     x                      
Project PRODUCT_CREATE_UPDATE_OTM Allows creating and updating the data of a project from an external OTM file x     x                      
Project PRODUCT_DELETE Enables the action to remove a project. x   x x             x        
Project PRODUCT_EXPORT Exports the project to an external format. x   x x             x        
Project PRODUCT_GENERATE_NEW_VERSION Enables the action to generate new project versions. x     x                      
Project PRODUCT_LOCK Enables the actions to lock/unlock projects. x     x             x        
Project PRODUCT_OWNERSHIP_UPDATE Enables project ownership tab that allows users to assign business units and users to a project. x   x x             x        
Project PRODUCT_UPDATE Update project details, such as name and description etc. x   x x             x        
Project PRODUCT_UPDATE_XML Allows updating a the data of a project from an external XML file x   x x             x        
Project PRODUCT_VERSION_DELETE Enables the action to delete project versions. x     x                      
Project PRODUCT_VERSION_RESTORE Enables the action to restore project versions. x     x                      
Project PRODUCT_VERSION_UPDATE Enables the action to update project versions. x     x                      
Project REPORT_DELETE Enables the action to remove reports from the project reports tab. x     x                      
Project RISK_SUMMARY_VIEW Enables Risk Summary tab. x     x         x   x        
Project RISK_VIEW Enables risk information: Enables portfolio tab and risk distribution chart x     x         x   x        
Project SEARCH_BY_CUSTOM_LIBRARIES_LIST Allow searching countermeasures or threats from a set of pre-defined libraries. x                            
Project SOURCE_VIEW Enables source information: Enables Source column x   x x             x        
Project TEST_UPDATE Manage tests associated with countermeasures and weakness: Edit and import tests x     x                   x  
Project THREAT_ADD_FROM_EXISTING Enables the action to manually add an existing threat. x                            
Project THREAT_CREATE Enables the actions to manually add an existing threat or a new one. x     x             x        
Project

THREAT_DELETE_IF_

MITIGATION_IS_PLANNED

 Delete threats with planned mitigation: Enables the option to delete threats This permission requires first to have enabled the permission THREAT_UPDATE x     x             x        
Project

THREAT_DELETE_IF_

SOURCE_IS_RULES

 Delete threats that originate from the rules engine: Enables the option to delete threats This permission requires first to have enabled the permission THREAT_UPDATE x     x             x        
Project THREAT_LOCK Enables the actions to lock/unlock threats x     x             x        
Project THREAT_UPDATE Manage threats:
Enables the threat detail panel
Enables the option to change the owner of the threat
Enables the options to apply or unapply threats
Enables the options to accept or expose threats
Enables the options to copy or move threats
Enables the option to delete threats
Enables add a weakness to the threat
Enables the weakness detail panel
Enables the weakness management		 x     x             x        
Project

THREAT_UPDATE_IF_

MITIGATION_IS_PLANNED

 Manage threats with planned mitigation:
Enables the threat detail panel
Enables the option to change the owner of the threat
Enables the options to accept or expose threats
Enables the options to apply or unapply threats
Enables the options to copy or move threats
Enables add a weakness to the threat
Enables the weakness detail panel
Enables the weakness management
This permission requires first to have enabled the permission THREAT_UPDATE		 x     x             x        
Project

THREAT_UPDATE_

IF_SOURCE_IS_RULES

 Manage threats that originate from the rules engine:
Enables the threat detail panel
Enables the option to change the owner of the threat
Enables the options to accept or expose threats
Enables the options to apply or unapply threats
Enables the options to copy or move threats
Enables add a weakness to the threat
Enables the weakness detail panel
Enables the weakness management
This permission requires first to have enabled the permission THREAT_UPDATE		 x     x             x        
Project THREAT_VIEW Enables threat information:
Enables threat tab
Enables portfolio tab and risk list		 x   x x         x   x     x  
Project USE_CASE_CREATE Enables use case creation for projects and templates x   x x       x     x        
Project USE_CASE_DELETE Enables use case deletion for projects and templates x   x x       x     x        
Project USE_CASE_UPDATE Enables use case update for projects and templates x   x x       x     x        
Project VULNERABILITY_TRACKER_CREATE Enables the creation of vulnerabilities in the Vulnerability Tracker. x     x                      
Project WEAKNESS_ADD_FROM_EXISTING Enables the action to manually add an existing weakness.
This permission requires first to have enabled the permission THREAT_UPDATE		 x     x                      
Project WEAKNESS_CREATE Enables the actions to manually add an existing weakness or a new one.
This permission requires first to have enabled the permission THREAT_UPDATE		 x     x                      
Project WEAKNESS_DELETE Enables the action to manually remove a weakness.
This permission requires first to have enabled the permission THREAT_UPDATE		 x                            
Project WEAKNESS_UPDATE Enables the action to edit a weakness.
This permission requires first to have enabled the permission THREAT_UPDATE		 x     x                      
Project WORKFLOW_ALL_CHANGE Enables transition between ALL workflow states. x   x x                      
Project WORKFLOW_CHANGE Enables transition between next and previous workflow states. x   x x                      

 

Related articles

Comments

0 comments

Article is closed for comments.

Powered by Zendesk