Assign Permissions

Assign Group Permissions

Permission

Description

No Access

Users cannot access the selected feature. In most cases, the feature will not be visible to the users.

Read Only

Users can view selected areas, but cannot change information.

Full Control

Users can view and change information for the selected feature.

Permissions must be assigned cumulatively. For example, if you want a BeyondInsight administrator to manage discovery scans only, then you must assign Full Control for the following features :

  • Asset Management
  • Reports Management
  • Scan - Job Management
  • Scan Management

Assign Features Permissions

Assign Features Permissions

  1. Under Group Details, select Features.
  2. Filter the list of features displayed in the grid using the Show and Filter by dropdown lists.
  1. Select the features you wish to assign permissions to, and then click Assign Permissions.
  2. Select Assign Permissions Read Only, Assign Permissions Full Control, or Disable Permissions.

The following table provides information on the feature permissions that you can assign to your groups.

Feature

Provides Permissions To:

Analytics & Reporting

Log in to the console and access Analytics & Reporting to generate and subscribe to reports.

Asset Management

Create Smart Rules.

Edit and delete buttons on the Asset Details window.

Create Active Directory queries.

Create address groups.

Attribute Management

Add, rename, and delete attributes when managing user groups.

Audit Manager User Audits on the Configuration page in the management console.

Credential Management

Add and change credentials when running scans and deploying policies.

Directory Credential Management Grant access to the configuration area where Directory Credentials are managed. This feature must be enabled to support access to Directory Queries as well.
Directory Query Management

Grant access to the configuration area where Directory Queries are managed.

Access to Directory Credential Management must also be granted.

License Reporting View the Licensing folder in Analytics & Reporting .
Management Console Access Access the BeyondInsight management console.

Manual Range Entry

Allow the user to manually enter ranges for scans and deployments rather than being restricted to smart groups. The specified ranges must be within the selected smart group.

Option Management

Change the application options settings (for example, account lockout and account password settings).

Options - Connectors Access the configuration area where Connectors are managed.
Options - Scan Options Access the configuration area where Scan Options are managed.
Password Safe Account Management

Grants permissions to the following features on the Managed Accounts page and through the public API:

  • Bulk delete accounts
  • Add accounts to a Quick Group
  • Remove accounts from a Quick Group
  • Add, edit, and delete accounts

For more information, please see the Managed Accounts section in the BeyondInsight and Password Safe API Guide.

Password Safe Admin Session Password Safe web portal admin sessions.
Password Safe Global API Quarantine Access to the Quarantine APIs.
Password Safe Bulk Password Change Change more than one password at a time.
Password Safe Domain Management Allow a user to assign permissions as Read Only, or Full Control.
Password Safe Role Management Allow a user to manage roles, provided they have the following permissions: Password Safe Role Management and User Account Management.
Password Safe System Management Read and write managed systems through the public API.
Password Safe Ticket System Management This feature is not presently used.

Reports Management

Run scans, create reports, and create report categories.

Session Monitoring

Use the session monitoring features.

Smart Rule Management - Asset Users can create and edit Asset-based Smart Rules.
Smart Rule Management - Managed Account Users can create and edit Managed Account Smart Rules.
Smart Rule Management - Managed System Users can create and edit Managed System Smart Rules.
Team Passwords Users can access the Team Passwords feature.

Ticket System

View and use the ticket system.

Ticket System Management

Mark a ticket as inactive. The ticket no longer exists when Inactive is selected.

User Accounts Management

Add, delete, or change user groups and user accounts.

A minimum of read access to Directory Credential Management must also be granted to enable creation of AD and LDAP Groups.

User Audits

View audit details for management console users on the User Audits page.

Configuration Option

Feature and Permission

Active Directory Queries

Asset Management - Full Control

Address Groups

Asset Management - Full Control

Attributes

Asset Management - Full Control

Connectors

Asset Management and Management Console Access - Full Control

Password Safe Connections

Member of the built-in BeyondInsight Administrators group

Scan Options

Scan Management - Full Control

Services

Member of the built-in BeyondInsight Administrators group

User Audits

User Audits - Full Control

User Management

User and Group Management - Full Control

Workgroups

User Accounts Management - Full Control

Assign Smart Groups Permissions

Screenshot of assigning Smart Groups permissions to a newly created BeyondInsight group.

  1. Under Group Details, select Smart Groups.
  2. Filter the list of smart groups displayed in the grid using the Show and Filter by dropdown lists.
  1. Select the smart groups you wish to assign permissions to, and then click Assign Permissions.
  2. Select Assign Permissions Read Only, Assign Permissions Full Control, or Disable Permissions.