Unified VRM Role Permissions

by
August 8, 2019

In Unified VRM, permissions can be set for each user based on their role and their access. Roles can be set to determine how a user can action vulnerabilities and assets. Access to assets can also be set, limiting each user’s scope to only their purview.

There are 3 Roles available in Unified VRM:

  • Administrator
  • Manage/ Edit (Normal User)
  • Read only

With Role Based Access Control (RBAC), Administrator can set both the roles and permissions for each user. This allows flexibility to give each user Read Only or Manage/Edit roles and grant and revoke access to each Asset Group. 

Read-only Role

  • View/sort/filter Assets, Asset groups, Vulnerability groups and Vulnerabilities
  • Export data from Unified VRM
  • View your overall Risk Score

Manage/Edit Role

Manage/Edit users get all Read-only capabilities. With this permission, users get write permissions so that the user can manage only on their asset groups.

  • Change Status of Vulnerabilities
    • Create tickets
    • Stage Patch
    • Accept Risk
    • Mark False Positive
  • Change asset value
  • Update asset groups
  • Edit Integrations

Administrator Role

Administrator gets all Manage/Edit Capabilities. Also: 

  • Access to all Assets
  • Manage User Roles & User Permissions
  • Manage all asset groups