This section describes the roles and permissions associated with CxSAST / CxOSA that are effective after performing the data migration procedure and upgrading to CxSAST/CxOSA v9.0.0 and up.
Provided CxSAST / CxOSA Roles
The following table lists the predefined roles that are provided for CxSAST / CxOSA v9.0.0 and up, along with their respective permissions:
Info |
---|
Provided roles cannot be updated or deleted. |
Provided Roles for CxSAST / CxOSA | Description | Permissions per Role |
---|---|---|
Scanner | Permissions to create and manage projects, and run scans | save-sast-scan save-osa-scan open-issue-tracking-tickets save-project create-project view-failed-sast-scan download-scan-log see-support-link |
Reviewer | Read-only permissions to view scan results and generate reports | manage-result-comment manage-data-analysis-templates generate-scan-report export-scan-results see-support-link |
Auditor | Permissions to manage vulnerability queries and use CxAudit | use-cxaudit create-preset update-and-delete-preset manage-custom-description save-sast-scan save-project |
Results Updater | Permissions to update the properties of scan results | manage-results-state-and-assignee assignee manage-result-comment manage-result-severity |
Results Verifier | Permissions to set the state of scan results to "Not Exploitable" | manage-result-exploitability set-result-state-notexploitable set-result-state-toverify set-result-state-confirmed set-result-state-urgent set-result-state-proposednotexploitable |
Data Cleaner | Permissions to delete projects and scans | delete-sast-scan delete-project |
SAST Admin | Full permissions | All SAST permissions, excluding use-cxaudit |
Access Control Manager | Manages users, authentication and system settings | *See footnote below this table. |
Admin | Checkmarx products global administrator | *See footnote below this table. |
User Manager | Manages the users in the system | *See footnote below this table. |
Security Risk Manager | Grants permissions to manage the security risk at scale, manage policies, KPIs, business applications, weights, and more. | **See footnote below this table. |
Security Risk Viewer | Grants permissions to track the security risk, and view policy violations and KPIs. | **See footnote below this table. |
*These permissions are coming from Access Control.
**These permissions are coming from M&O.
...
Permission | Category | Description |
---|---|---|
manage-authentication-providers | General/Access Control | Manage authentication providers |
manage-clients | General/Access Control | Manage clients and their settings |
manage-roles | General/Access Control | Manage custom roles |
manage-system-settings | General/Access Control | Manage general system settings |
manage-users | General/Access Control | Manage Users |
save-sast-scan | Projects & Scans |
|
delete-sast-scan | Projects & Scans |
|
save-project | Projects & Scans |
|
delete-project | Projects & Scans | Delete project |
view-failed-sast-scan | Projects & Scans | View faild scans |
save-osa-scan | Projects & Scans | Run CxOSA scan |
download-scan-log | Projects & Scans | Download scan log |
manage-result-state-and-assignee | Scan Results |
|
manage-result-comment | Scan Results | Add new result comment |
manage-result-exploitability | Scan Results | Set result state to NE (all other states will be available as well) |
manage-result-severity | Scan Results | Change result severity |
open-issue-tracking-tickets | Scan Results | Create ticket for result |
manage-data-analysis-templates | Reports | create and delete templates |
generate-scan-report | Reports | Generate scan reports |
export-scan-results | Reports | Export to CSV from the results viewer |
manage-custom-description | Vulnerability Queries | Manage custom query descriptions (create, export and import) |
create-preset | Vulnerability Queries | Create a new preset, save it, update it, delete it |
manage-queries | Vulnerability Queries | Created and manage queries customization in the CxAudit |
update-and-delete-preset | Vulnerability Queries | Edit and delete all presets (including Cx out-of-the-box presets) |
use-cxaudit | Vulnerability Queries | Login to CxAudit Note: This permission is counted against the license. |
manage-data-retention | System Configuration | Manage data retention |
manage-engine-servers | System Configuration | Manage engine servers |
manage-system-settings | System Configuration |
|
manage-external-services-settings | System Configuration | Configure external service settings |
manage-custom-fields | System Configuration | Create/update/delete custom fields |
manage-issue-tracking-systems | System Configuration | Manage issue-tracking system |
manage-pre-post-scan-actions | System Configuration | Configure pre- and post-scan actions |
download-system-logs | System Configuration | View installation details page Download application logs Note: only available from 9.0 HF1 |
view-appsec-coach-statistics | System Configuration | Ability to set the Codebashing integration |
use-odata | API | Fetch all data via OData API (no filter per current user's team) |
see-support-link | Other | View and use "Services & Support" button |
view-results | Scan Results | This permission separates the view-results ability from any other permission. This is added to any predefined role and is available from CxSAST 9.0 HF5 |
manage-global-policies-settings | Security Risk Management | Manage Global Policies Settings |
manage-policies | Security Risk Management | Manage Policies |
manage-remediation-intelligence | Security Risk Management | Manage Remediation Intelligence |
view-analytics | Security Risk Management | View Analytics |
...