Skip to main content

Access Control Configuration Guide

The following Access Control features can be configured by adding or editing the appropriate key value configuration located in the ConfigurationsItems table in the DB or by adding the key and the value to the appsettings.json file, located in the Access Control folder. For example, you could add the following to the appsettings.json file: "IS_DEFAULT_CX_AUDIT_MODE": "True". After adding or editing the configuration in the ConfigurationsItems table or the appsetting.json file, Access Control must restarted, either by executing iisreset or by restarting the Access Control application from the Application Pools.

Notice

These features are available only from CxSAST 9.2 HF11 and above.

Admin Role

You can now configure the Admin role to exclude the CxAudit permission.

By default, the Admin includes the CxAudit permission. If you want to remove the CxAudit permission from the Admin role, add the IS_DEFAULT_CX_AUDIT_MODE configuration key to the ConfigurationsItems table in the DB and set it to false, using the following SQL command:

INSERT INTO [CxDB].[accesscontrol].[ConfigurationItems] VALUES ('IS_DEFAULT_CX_AUDIT_MODE', 'False')

With this setting the Admin is still able to assign the CxAudit permission to other users.

If you want to give the CxAudit permission back to the Admin role, set the key to true.

User Manager Role

The User Manager role, or any user with a role that includes the Manage Users permission, is able to grant other users any of the roles that exist in the system, except the ones that include the Manage Users permission. A user with Manage Users permission cannot grant himself new roles.

By default, with the key configured as: IS_ASSIGN_ALL_ROLES_BY_MANAGE_USERS_ENABLED : false, the feature is disabled.

To enable the feature, edit the configuration key located in the ConfigurationsItems table in the DB as follows: IS_ASSIGN_ALL_ROLES_BY_MANAGE_USERS_ENABLED : true, use the following SQL command:

UPDATE [CxDB].[accesscontrol].[ConfigurationItems] SET VALUE='True' WHERE [key]= 'IS_ASSIGN_ALL_ROLES_BY_MANAGE_USERS_ENABLED'

Notice

This feature is available only from CxSAST 9.2 HF12, 9.0 HF19 and above.

EULA for Hosted Customers

This feature allows hosted customers to accept the Checkmarx EULA. Before the first login to the system, the user must enter his credentials and accept the EULA. Only if the credentials are authenticated will the user be logged in and the EULA considered accepted.

By default, with the key configured as: IS_EULA_ENABLED : false, the feature is disabled.

To enable the feature, edit the configuration key located in the ConfigurationsItems table in the DB as follows: IS_EULA_ENABLED : true,

use the following SQL command:

UPDATE [CxDB].[accesscontrol].[ConfigurationItems] SET VALUE='True' WHERE [key]= 'IS_EULA_ENABLED'

A new table named ‘EULA’ contains the user id, user email and the date the EULA was accepted.