The primary role for a user defines the tasks the user can perform on the assets to which the user has access. Typically, an administrator assigns roles when creating a new user or group. The following table summarizes the built-in primary roles.
Role |
Permissions |
---|---|
User |
Can perform read-only operations and many common tasks. Cannot suppress vulnerabilities, edit or delete public notes, or delete punch lists and punch list items. |
PowerUser |
Can perform read and write operations the user cannot, but cannot perform administrative operations such as adding or editing user groups and accounts. |
ConfigMgr |
Can perform all operations a PowerUser can, as well as several configuration tasks. Can view history, view maintenance function, configure workflows and custom properties, and define additional vulnerability matching rules. Cannot add databases or users. |
Administrator |
Can perform all operations. |