Unified VRM Role Permissions

In Unified VRM, permissions can be set for each user based on their role and their access. Roles can be set to determine how a user can action vulnerabilities and assets. Access to assets can also be set, limiting each user’s scope to only their purview.

There are 3 Roles available in Unified VRM:

  • Administrator
  • Manage/ Edit (Normal User)
  • Read only

With Role Based Access Control (RBAC), Administrator can set both the roles and permissions for each user. This allows flexibility to give each user Read Only or Manage/Edit roles and grant and revoke access to each Asset Group. 

Read-only Role

  • View/sort/filter Assets, Asset groups, Vulnerability groups and Vulnerabilities
  • Export data from Unified VRM
  • View your overall Risk Score

Manage/Edit Role

Manage/Edit users get all Read-only capabilities. With this permission, users get write permissions so that the user can manage only on their asset groups.

  • Change Status of Vulnerabilities
    • Create tickets
    • Stage Patch
    • Accept Risk
    • Mark False Positive
  • Change asset value
  • Update asset groups
  • Edit Integrations

Administrator Role

Administrator gets all Manage/Edit Capabilities. Also: 

  • Access to all Assets
  • Manage User Roles & User Permissions
  • Manage all asset groups