Title here
Summary here
This chart is intended to list all permissions related to a Product or Product Type, as well as which permissions are available to each role.
Section | Permission | Reader | Writer | Maintainer | Owner | API Importer |
---|---|---|---|---|---|---|
Product / Product Type Access | View assigned Product or Product Type ¹ | ☑️ | ☑️ | ☑️ | ☑️ | ☑️ |
View nested Products, Engagements, Tests, Findings, Endpoints | ☑️ | ☑️ | ☑️ | ☑️ | ☑️ | |
Add new Products (within assigned Product Type) ² | ☑️ | ☑️ | ||||
Delete assigned Products or Product Types | ☑️ | |||||
Product / Product Type Membership | Add Users as Members (excluding Owner Role) | ☑️ | ☑️ | |||
Edit member Roles (excluding Owner Role) | ☑️ | ☑️ | ||||
Edit member Roles (including Owner Role) | ☑️ | |||||
Remove self from Product / Product Type membership | ☑️ | ☑️ | ☑️ | ☑️ | ||
Add an Owner Role to another User | ☑️ | |||||
Edit an associated Product/Product Type Membership within a Group³ | ☑️ | |||||
Delete an associated Product/Product Type Membership within a Group³ | ||||||
Engagements (Within a Product) | Add, Edit Engagements | ☑️ | ☑️ | ☑️ | ☑️ | |
Add, Edit Risk Acceptances | ☑️ | ☑️ | ☑️ | |||
Delete Engagements | ☑️ | ☑️ | ||||
Tests (Within a Product) | Add Tests | ☑️ | ☑️ | ☑️ | ||
Edit Tests | ☑️ | ☑️ | ☑️ | ☑️ | ||
Delete Tests | ☑️ | ☑️ | ||||
Findings (Within a Product) | Add Findings | ☑️ | ☑️ | ☑️ | ||
Edit Findings | ☑️ | ☑️ | ☑️ | |||
Import, Reimport Scan Results | ☑️ | ☑️ | ☑️ | ☑️ | ||
Delete Findings | ☑️ | ☑️ | ||||
Add, Edit, Delete Finding Groups | ☑️ | ☑️ | ☑️ | |||
Other Data (Within a Product) | Add, Edit Endpoints | ☑️ | ☑️ | ☑️ | ||
Delete Endpoints | ☑️ | ☑️ | ||||
Edit Benchmarks | ☑️ | ☑️ | ☑️ | |||
Delete Benchmarks | ☑️ | ☑️ | ||||
View Note History | ☑️ | ☑️ | ☑️ | ☑️ | ||
Add, Edit, Delete Own Notes | ☑️ | ☑️ | ☑️ | ☑️ | ☑️ | |
Edit Other Notes | ☑️ | ☑️ | ☑️ | ☑️ | ||
Delete Other Notes | ☑️ | ☑️ |
Each Configuration Permission refers to a particular function in the software, and has an associated set of actions a user can perform related to this function.
The majority of Configuration Permissions give users access to certain pages in the UI.
Configuration Permission | View ☑️ | Add ☑️ | Edit ☑️ | Delete ☑️ |
---|---|---|---|---|
Credential Manager | Access the ⚙️Configuration > Credential Manager page | Add new entries to the Credential Manager | Edit Credential Manager entries | Delete Credential Manager entries |
Development Environments | n/a | Add new Development Environments to the 🗓️Engagements > Environments list | Edit Development Environments in the 🗓️Engagements > Environments list | Delete Development Environments from the 🗓️Engagements > Environments list |
Finding Templates¹ | Access the Findings > Finding Templates page | Add a Finding Template | Edit a Finding Template | Delete a Finding Template |
Groups | Access the 👤Users > Groups page | Add a new User Group | Superuser only | Superuser only |
Jira Instances | Access the ⚙️Configuration > JIRA page | Add a new JIRA Configuration | Edit an existing JIRA Configuration | Delete a JIRA Configuration |
Language Types | ||||
Login Banner | n/a | n/a | Edit the login banner, located under ⚙️Configuration > Login Banner | n/a |
Announcements | n/a | n/a | Configure Announcements, located under ⚙️Configuration > Announcements | n/a |
Note Types | Access the ⚙️Configuration > Note Types page | Add a Note Type | Edit a Note Type | Delete a Note Type |
Product Types | n/a | Add a new Product Type (under Products > Product Type) | n/a | n/a |
Questionnaires | Access the Questionnaires > All Questionnaires page | Add a new Questionnaire | Edit an existing Questionnaire | Delete a Questionnaire |
Questions | Access the Questionnaires > Questions page | Add a new Question | Edit an existing Question | n/a |
Regulations | n/a | Add a Regulation to the ⚙️Configuration > Regulations page | Edit an existing Regulation | Delete a Regulation |
SLA Configuration | Access the ⚙️Configuration > SLA Configuration page | Add a new SLA Configuration | Edit an existing SLA Configuration | Delete an SLA Configuration |
Test Types | n/a | Add a new Test Type (under Engagements > Test Types) | Edit an existing Test Type | n/a |
Tool Configuration | Access the ⚙️Configuration > Tool Configuration page | Add a new Tool Configuration | Edit an existing Tool Configuration | Delete a Tool Configuration |
Tool Types | Access the ⚙️Configuration > Tool Types page | Add a new Tool Type | Edit an existing Tool Type | Delete a Tool Type |
Users | Access the 👤Users > Users page | Add a new User to DefectDojo | Edit an existing User | Delete a User |
Configuration Permission | Reader | Maintainer | Owner |
---|---|---|---|
View Group | ☑️ | ☑️ | ☑️ |
Remove self from Group | ☑️ | ☑️ | ☑️ |
Edit a Member’s role in a Group | ☑️ | ☑️ | |
Edit or Delete a Product or Product Type Membership from a Group¹ | ☑️ | ☑️ | |
Change a Group Member’s role to Owner | ☑️ | ||
Delete Group | ☑️ |