Access Control Overview (v2.0 and up)
Notice
This version 2.0 of Checkmarx Access Control is compatible for:
CxSAST versions 9.0.0 and later
CxOSA versions 9.0.0 and later
CxIAST versions 3.3.1 and later
Checkmarx Access Control is a user management solution for user administration. Using Access Control, user administration managers are provided with a universal view of user access rights and a centralized management console to define unified access control management for all Checkmarx users.
Access Control also provides the AuditTrail database table – an audit log that can be used for tracking user actions.
In upcoming releases Access Control will be integrated into the CxPlatform, to deliver a fully featured user interface for access control and user management across the entire Checkmarx product offering.
For Whom this Guide is Intended
This guide is intended primarily for those users assigned specific roles – each role having its own set of permissions, as described below.
The My Profile section is intended for all system users who may need to update personal details, or login credentials (only Application users can change their own login credentials).
Roles and Permissions
The permissions allowed for each of the roles listed below is dynamic, reflecting the location of a user’s team within the hierarchal structure. The team’s hierarchal location affects the type / range of users and teams that can be viewed and managed by the user-members of that team.
![]() |
See Teams Tab > Hierarchal Structuring of Teams for more information.
This guide is intended for users with the following roles:
Admin (1st, top level) – This role inherits complete permissions for all the ‘permission-applicable’ users, teams, roles, as well as respective server settings and relevant projects. The highest possible Admin in the Access Control system are those who are members of the CxServer team – which enables virtually all aspects of user management for all existing teams.
Access Control Manager (2nd level) – This role allows for defining and changing system settings (such as adding LDAP/SAML servers and domains, SMTP servers, etc.) in addition to the same permissions granted to the User Manager level (see below)
User Manager (3rd level) – This role enables creating/editing/deleting users and teams, as well as assigning teams and roles to users – with a limitation of viewing and managing only those members in the user’s team(s), as well as those members in their teams who are at levels directly lower than theirs.
All users – After signing in via the My Profile button on the Access Control Dashboard, any user can then utilize the My Profile feature for defining personal user details and changing the login password. For new users who do not yet have permissions (roles) assigned, defining their personal user details in My Profile is required - see Access Control - My Profile Tab (v2.0 and up) .