Skip to main content

CxSAST / CxOSA Roles and Permissions

This section describes the roles and permissions associated with CxSAST / CxOSA that are effective after performing the data migration procedure and upgrading to CxSAST/CxOSA v9.0.0 and up.

Provided CxSAST / CxOSA Roles

The following table lists the predefined roles that are provided for CxSAST / CxOSA v9.0.0 and up, along with their respective permissions:

Notice

Provided roles cannot be updated or deleted.

Provided Roles for CxSAST / CxOSA

Description

Permissions per Role

Scanner

Permissions to create and manage projects, and run scans

save-sast-scan

save-osa-scan

open-issue-tracking-tickets

save-project

create-project

view-failed-sast-scan

download-scan-log

see-support-link

Reviewer

Read-only permissions to view scan results and generate reports

manage-result-comment

manage-data-analysis-templates

generate-scan-report

export-scan-results

see-support-link

Auditor

Permissions to manage vulnerability queries and use CxAudit

use-cxaudit

create-preset

update-and-delete-preset

manage-custom-description

save-sast-scan

save-project

Results Updater

Permissions to update the properties of scan results

manage-results-state-and-assignee

manage-result-comment

manage-result-severity

Results Verifier

Permissions to set the state of scan results to "Not Exploitable"

manage-result-exploitability

Data Cleaner

Permissions to delete projects and scans

delete-sast-scan

delete-project

SAST Admin

Full permissions

All SAST permissions, excluding use-cxaudit

CxSAST / CxOSA Permissions

The following table describes the permissions associated with CxSAST / CxOSA v9.0.0 and up:

Permission

Category

Description

manage-authentication-providers

General/Access Control

Manage authentication providers

manage-clients

General/Access Control

Manage clients and their settings

manage-roles

General/Access Control

Manage custom roles

manage-system-settings

General/Access Control

Manage general system settings

manage-users

General/Access Control

Manage Users

save-sast-scan

Projects & Scans

  • Run new CxSAST scan

  • Create scan subset

  • Save results from CxAudit

delete-sast-scan

Projects & Scans

  • Delete CxSAST scan

  • Lock/unlock scan

save-project

Projects & Scans

  • Create new project

  • Update project

  • Branch project

  • Duplicate project

  • Save local project from CxAudit

delete-project

Projects & Scans

Delete project

view-failed-sast-scan

Projects & Scans

View faild scans

save-osa-scan

Projects & Scans

Run CxOSA scan

download-scan-log

Projects & Scans

Download scan log

manage-result-state-and-assignee

Scan Results

  • Change result state (excluding NE)

  • Assign user

manage-result-comment

Scan Results

Add new result comment

manage-result-exploitability

Scan Results

Set result state to NE (all other states will be available as well)

manage-result-severity

Scan Results

Change result severity

open-issue-tracking-tickets

Scan Results

Create ticket for result

manage-data-analysis-templates

Reports

create and delete templates

generate-scan-report

Reports

Generate scan reports

export-scan-results

Reports

Export to CSV from the results viewer

manage-custom-description

Vulnerability Queries

Manage custom query descriptions (create, export and import)

create-preset

Vulnerability Queries

Create a new preset, save it, update it, delete it

manage-queries

Vulnerability Queries

Created and manage queries customization in the CxAudit

update-and-delete-preset

Vulnerability Queries

Edit and delete all presets (including Cx out-of-the-box presets)

use-cxaudit

Vulnerability Queries

Login to CxAudit

Note: This permission is counted against the license.

manage-data-retention

System Configuration

Manage data retention

manage-engine-servers

System Configuration

Manage engine servers

manage-system-settings

System Configuration

  • Download application logs

  • View utilization dashboard

  • View license details

  • View installation details

  • View and edit general settings

  • View and edit CxOSA settings

  • Manage source control users

  • Export/import preset

manage-external-services-settings

System Configuration

Configure external service settings

manage-custom-fields

System Configuration

Create/update/delete custom fields

manage-issue-tracking-systems

System Configuration

Manage issue-tracking system

manage-pre-post-scan-actions

System Configuration

Configure pre- and post-scan actions

download-system-logs

System Configuration

View installation details page

Download application logs

Note: only available from 9.0 HF1

view-appsec-coach-statistics

System Configuration

Ability to set the Codebashing integration

use-odata

API

Fetch all data via OData API (no filter per current user's team)

see-support-link

Other

View and use "Services & Support" button

view-results

Scan Results

This permission separates the view-results ability from any other permission.

This is added to any predefined role and is available from CxSAST 9.0 HF5

manage-global-policies-settings

Security Risk Management

Manage Global Policies Settings

manage-policies

Security Risk Management

Manage Policies

manage-remediation-intelligence

Security Risk Management

Manage Remediation Intelligence

view-analytics

Security Risk Management

View Analytics

Permissions per User Interface Screen

The following permissions are required to open the following CxSAST / CxOSA user interface screens.

UI Screen

Required permission to open the screen

Dashboard/Project state

-

Dashboard/Failed scans

view-failed-sast-scan

Dashboard/Utilization

manage-system-settings

Dashboard/Risk

-

Dashboard/Data Analysis

Projects & Scans/Create new project

Projects & Scans/Queue

Projects & Scans/Projects

-

Projects & Scans/All scans

-

Management/Scan settings/Query viewer

-

Management/Scan settings/Preset manager

-

Management/Scan settings/Pre-post actions

manage-pre-post-scan-actions

Management/Scan settings/Source control users

manage-system-settings

Management/Application settings/General

manage-system-settings

Management/Application settings/License

manage-system-settings

Management/Application settings/OSA settings

manage-system-settings

Management/Application settings/Installation

manage-system-settings

Management/Application settings/External services

manage-external-services-settings

Management/Application settings/Engine management

manage-engine-servers

Management/Application settings/Data retention

manage-data-retention

Management/Application settings/Issue tracking

manage-issue-tracking-systems

Management/Manage custom fields

manage-custom-fields

Access Control

manage-users (AC permission)

M&O/Analytics

view-analytics (M&O permission)

M&O/Remediation Intelligence

(M&O permission)

M&O/Policy Violations

-

M&O/Policy Manager

-

My Profile

-

Services & Support

see-support-link