Permissions

Policy Management includes a new permission, Manage Policies. This permission allows its user to create, modify, or delete any policy, rule, or condition. Likewise, the new Security Risk Manager role has been added and only contains the Manage Policies permission. Assign this role to a user to allow them to manage policies.

All users with at least one permission from the SAST Permission group, no matter what that permission is, may access the Policy Management Portal and view existing policies and incidents without being able to modify, delete, or create new ones.

You may not associate or dissociate a project from a policy if you cannot access that project in SAST. If you modify a given policy, you may not unlink any project that you do not have permission to see in CxSAST from that policy. Similarly, you may not see or link a new project for which you do not have permission.

However, if you delete a policy, all projects (even those you don't have access to) will no longer be linked to that policy.

Like the Project permissions, users may not see Incidents without access to the relevant projects.