Unified VRM Role Permissions

In Unified VRM, permissions can be set for each user based on their role and their access. Roles can be set to determine how a user can action vulnerabilities and assets. Access to assets can also be set, limiting each user’s scope to only their purview.

There are 3 Roles available in Unified VRM:

• Administrator
• Manage/ Edit (Normal User)
• Read only

With Role Based Access Control (RBAC), Administrator can set both the roles and permissions for each user. This allows flexibility to give each user Read Only or Manage/Edit roles and grant and revoke access to each Asset Group. 

Read-only Role

• View/sort/filter Assets, Asset groups, Vulnerability groups and Vulnerabilities
• Export data from Unified VRM
• View your overall Risk Score

Manage/Edit Role

Manage/Edit users get all Read-only capabilities. With this permission, users get write permissions so that the user can manage only on their asset groups.

• Change Status of Vulnerabilities
  • Create tickets
  • Stage Patch
  • Accept Risk
  • Mark False Positive
• Change asset value
• Update asset groups
• Edit Integrations

Administrator Role

Administrator gets all Manage/Edit Capabilities. Also: 

• Access to all Assets
• Manage User Roles & User Permissions
• Manage all asset groups