Global and Project roles

Manage application permissions using global and project roles. Global roles restrict general application features, whereas project roles restrict project-level capabilities. See the table below for more information.

Global Role

A global role is a collection of permissions that govern access to application features. This page presents a list of all global roles, and allows you to create new roles. The roles appear as rows, with individual columns representing permissions.

Default global roles

SD Elements ships with a default set of global roles:

  • Administrator: An administrator can create new applications and projects, and view all the projects in their organization. They can also manage the users in their organization and customize the site content.

  • Project Lead: A project lead has permission to create new applications and projects.

  • Sync Service: A service role used by automation to perform integration syncs. Intended for future usage.

  • User: A regular SD Elements user has permission to participate in projects.

  • No Role: This role confers no permissions.

Change the default user global role

You can select a global role to assign to new users. By default this value is the restricted User role. You may want to give users more permissive roles, such as Project Lead, or a custom role.

Users automatically provisioned through Single Sign-On (SSO), such as SAML and LDAP, are granted the default global role. New users access the system and are granted permissions automatically based on this role.
Prerequisites:

  • The user has the permission Global role→User Management→Manage users & groups.

Steps:

  1. Open the Manage→Global Roles page.

  2. Click the edit button on the top right. A dialog will appear.

    image

  3. Select a global role.

  4. Click Done.

New users are assigned to the selected global role.

Project Role

This page presents a list of all project roles, and allows you to create new roles. Permissions tracked in project roles are:

Category Permission name

Category

Permission name

Tasks

Assign tasks to users

Change task status

Verify tasks

Write notes on tasks

Integration

Sync with Issue Tracker tools

Project Management

Edit project membership

Create project specific task

Edit project details

Archive project

Lock project survey

View project

Edit project survey

CategoryPermissionname
TasksAssigntaskstousers
Changetaskstatus
Verifytasks
Writenotesontasks
IntegrationSyncwithIssueTrackertools
ProjectManagementEditprojectmembership
Createprojectspecifictask
Editprojectdetails
Archiveproject
Lockprojectsurvey
Viewproject
Editprojectsurvey

An administrator can create custom project roles based on any combination of the permissions above.

Default project roles

SD Elements ships with a default set of project roles:

  • Read-Only: This user can view the project, but cannot make any changes.

  • Normal: This user can view the project and change the project settings, change the status of Countermeasures, and add notes.

  • Manage Project: This user is the same as a normal user, with additional permissions to archive the project (close the project), change the project description, and add/remove/change users and their roles for the project.

Role fields

Global and project roles have the following fields:

  • Name: This is the role name.

  • Description: This is a short description of the role.

  • Copy from: This copies the permissions from an existing role to get started, but is only valid for new roles.

Add or edit a role

You can create or edit custom global and project roles to match your access needs.

Prerequisites:

  • The user has the permission Global role→User Management→Manage users & groups.

Steps:

  1. Depending on the type of role:

    • Open the Manage→Global Roles page.

    • Open the Manage→Project Roles page.

  2. Click the plus button on the right.

  3. Fill in the fields described above.

  4. Select all the permissions you want to include with your role.

  5. Click Create.

When a role is created it can be assigned to users or groups. Permission updates take effect immediately.

Delete a role

You can delete your custom global and project roles. However, you cannot delete the default roles because the application depends on them.

Prerequisites:

  • The user has the permission Global role→User Management→Manage users & groups.

Steps:

  1. Depending on the type of role:

    • Open the Manage→Global Roles.

    • Open the Manage→Project Roles.

  2. Use search if you need to find the role.

  3. Hover your mouse over the row on the far right and select the trash can icon. A dialog will appear.

    image

  4. Select a role to assign to any users/groups that are currently assigned to the role you are removing.

  5. Click Delete.

The role is deleted immediately. Affected users and groups are assigned to its replacement.

Summary of Global and Project Roles

Category

Permissions

Activity

Global Roles

Project Management

Add application

  • Add Application

  • Move application

  • Edit application

Add project

  • Add project

  • Can add new release

  • Edit survey

  • Move project within application

  • Archive project

Archive Application

Archive

Delete Application

Delete

Delete Project

Delete

Edit Custom Reports

  • Note: Global reports only

  • Can add report

  • Edit report

  • Delete report

Administration

Edit all projects

  • Note: Any project within any district

  • Edit project name

  • Add tags to project

  • Add member or groups to the project

Create a Business Unit (BU)

  • Create BU

  • Edit BU details (name, default risk policy, add member or group to the BU)

  • Description of the BU

Delete a business unit

Delete

View all business units

View

View all projects

View

Integration

Edit Verification Connections

  • Create/Edit/Delete verification connection details

  • Note: Deletion impacts project-level as well

Edit Issue Tracker connections

  • Create/Edit/Delete issue tracker connection details

  • Note if someone delete it impact on project as well

Edit Project Connections

Create/Edit/Delete project connection at project level only

Sync with all Issue Tracker Tools

  • Sync issue tracker at project (same access the user has in the project)

  • Note: Global level permission but activity works at the project level

Countermeasures

Change all countermeasure status

Change the task status (same access the user has in the project)

Verify all countermeasures

  • Change verification status

  • Add verification notes (manual as well)

Write notes on all countermeasures

  • Create/Edit/Delete notes on created tasks (not verification notes)

  • Cannot edit other’s notes

  • Note: Any of the project across various BU where user has access

Automations

Create and edit automations

Create/Edit/Delete

Customizations

Customize content

Customize/Create/Edit/Delete library section (weaknesses, countermeasures, regulation, survey, phase, profile, glossary, import/export)

Analytics

View Reporting Dashboards for all projects

  • Create advanced dashboard (apply filters)

  • Advance reporting (create, edit report, delete) templates

Organizations

Manage Features

Enable/Disable - Analytics, Reusable Components, Diagrammatic Threat Modeling, Survey comments

User Management

Manage Users & groups

  • Create/Delete/Edit groups (Name, description, global role in group ,add members to groups)

  • Create User

  • Edit user details (email, name , global role, add user to any groups)

  • Reset password for user account.

  • Disable user

Modify Own User Settings

  • Can edit notification section

  • Access account section

  • Generate API

  • Training

Project Roles

Project Management

Archive Project

Archive

Add project countermeasure

Add task at project level

Edit project details

  • Edit project name

  • Create tag to task

  • Edit project risk policy

Edit project membership

  • Add/Remove members to project

  • Assign project role

Edit project survey

Make changes to the survey answer selection

Lock project

Lock project from changes

Lock project survey

Lock project survey from changes

View project

View

Countermeasures

Assign countermeasures to users

Assign task to user at project level

Change countermeasure status

Change status

Verify countermeasures

  • Change/Add verification status

  • Add verification notes

Write notes on Countermeasures

Add/Edit/Delete notes for assigned projects only - Note: Deletion/Edit for created notes only

Integration

Sync with issue tracker tools

Create/Delete/Edit issue tracker connection in project

results matching ""

    No results matching ""