User Permission Matrix
Action | Admin | Manager | Team Lead | Developer | Pentester |
---|---|---|---|---|---|
View Organizational Dashboard | ✓ | ✓+ | ✓* | ✓* | |
View Projects | ✓ | ✓* | ✓* | ✓** | |
Add Projects | ✓ | ✓ | |||
Edit Projects | ✓ | ✓* | |||
Delete Projects | ✓ | ✓* | |||
Scan Projects | ✓ | ✓* | |||
View Files in Projects | ✓ | ✓* | |||
Import Files to Projects | ✓ | ✓* | |||
View Images in Projects | ✓ | ✓* | ✓* | ||
Add Products | ✓ | ||||
Edit Products | ✓ | ||||
Delete Products | ✓ | ||||
View Products | ✓ | ✓+ | |||
Add/Remove Business Units to Products | ✓ | ✓ | ✓ | ||
Add Endpoints | ✓ | ✓* | |||
View Endpoints | ✓ | ✓* | ✓* | ||
View Vulnerabilities | ✓ | ✓+ | ✓* | ✓* | ✓** |
View Duplicate Vulnerabilities | ✓ | ✓+ | ✓* | ||
Add Screenshots to Vulnerabilities | ✓ | ✓* | ✓** | ||
Assign Endpoints to Vulnerabilities | ✓ | ✓* | |||
Manually Import Vulnerabilities | ✓ | ✓* | ✓** | ||
Close Manually Imported Vulnerabilities | ✓ | ✓* | |||
Assign Issues | ✓ | ✓* | |||
Mark as False Positive | ✓ | ✓* | |||
Mark as Won't Fix | ✓ | ✓* | |||
Change Severity | ✓ | ||||
Leave Comments | ✓ | ||||
View Comments | ✓ | ✓+ | ✓* | ✓* | |
Request False Positive | ✓ | ✓* | |||
View SBOM | ✓ | ✓+ | ✓* | ✓* | |
Add SBOM | ✓ | ✓* | |||
Delete SBOM | ✓ | ||||
View Users | ✓ | ✓* | |||
Add Users | ✓ | ✓*** | |||
Edit Users | ✓ | ✓*** | |||
Delete Users | ✓ | ||||
View Teams | ✓ | ✓* | |||
Add Teams | ✓ | ✓ | |||
Edit Teams | ✓ | ✓* | |||
Delete Teams | ✓ | ||||
Create / Download Reports | ✓ | ||||
Enter Remediation Advice | ✓ | ||||
Add Labels | ✓ | ||||
Edit Labels | ✓ | ||||
Delete Labels | ✓ | ||||
View ASVS | ✓ | ✓* | ✓* | ||
View Logs | ✓ | ||||
View Committer Benchmark | ✓ | ✓+ | ✓* | ||
View Settings | ✓ | ||||
Add Integrations | ✓ | ||||
Edit Integrations | ✓ | ||||
Delete Integrations | ✓ |
✓*: Only shows data related to the team lead or developer's projects.
✓** : Users with pentester roles can view and take actions only on vulnerabilities they added or imported to Kondukto in projects where they have been assigned as a pentester.
✓***: Team leads can only add developers.✓+: Only shows data related to "Business Unit(s)" that "Manager" users have access to.
Updated 24 days ago