Skip to main content

Access Control Overview

Checkmarx Access Control is a user management platform that offers administrators a centralized hub to oversee user access. It includes an AuditTrail - an audit log - for tracking user actions and will soon integrate into the Checkmarx Platform for complete user management. This guide is for role-specific users, who can use their My Profile section to access and adjust their personal settings and view or change their login credentials. Access to the platform is determined by the roles and permissions the administrator assigns to each user.

Roles and Permissions

The permissions allowed for each of the roles listed below are dynamic, reflecting the location of a user’s team within the hierarchal structure. The team’s hierarchal location affects the type/range of users and teams that can be viewed and managed by the user members of that team.


See Teams Tab >Access Control - Teams Tab (v2.0 and up) Hierarchal Structuring of TeamsAccess Control - Teams Tab (v2.0 and up) for more information.

This guide is intended for users with the following roles:

  • Admin (1st, top level) – This role inherits complete permissions for all the ‘permission-applicable’ users, teams, roles, as well as respective server settings and relevant projects. The highest possible Admin in the Access Control system are those who are members of the CxServer team – which enables virtually all aspects of user management for all existing teams.

  • Access Control Manager (2nd level) – This role allows for defining and changing system settings (such as adding LDAP/SAML servers and domains, SMTP servers, etc.) in addition to the same permissions granted to the User Manager level (see below)

  • User Manager (3rd level) – This role enables creating/editing/deleting users and teams, as well as assigning teams and roles to users – with a limitation of viewing and managing only those members in the user’s team(s), as well as those members in their teams who are at levels directly lower than theirs.

  • All users – After signing in via the My Profile button on the Access Control Dashboard, any user can then utilize the My Profile feature for defining personal user details and changing the login password. For new users who do not yet have permissions (roles) assigned, defining their personal user details in My Profile is required - see Access Control - My Profile Tab (v2.0 and up)My Profile Tab .