AppViz users, permissions, and roles

Relevant AppViz administrators

This section describes how to manage AppViz users, roles, and permissions.

Note:

AFA device permissions are used in On-Prem.

Roles and permissions

AppViz supports the ability to customize application permissions for individual users or roles. You can manage permissions from the perspective of the user/role, or from the perspective of the application. The table below describes the default permissions for each user type.

Role

Permissions

Unprivileged user (FireFlow requestor)

  • Create application
  • View and refresh vulnerability
  • Edit network object
  • Edit service object

Privileged user

  • All unprivileged permissions
  • View and refresh risks data

Administrator

All permissions

Note: Users automatically have permissions for any applications they create.

Manage user roles

Do any of the following:

Create new unprivileged users

This procedure describes how to create a new unprivileged user for a AppViz application. Users are created in FireFlow, and are visible in both FireFlow and AppViz.

Do the following:

  1. Navigate to the Administration area.

    • In the toolbar, click your username. From the drop-down menu, click Administration.

      The Administration area appears in the workspace.

  2. In the Settings and Permissions area, next to Manage application permissions, click Manage.

    The Application Permissions page appears, displaying a list of applications on the left.

  3. On the right, click Add Users.
  4. At the bottom of the dialog that appears, click Create Users in FireFlow.

    Continue with creating your user as a requestor in FireFlow. For details, see Manage FireFlow users and roles.

Manage permissions for users

You can manage permissions for users in two ways:

  • You can grant permissions to individual users. This gives users permission to view or edit an application that they do not have permission for by default.
  • You can assign users a role; consequently, the users with the role receive all the permissions of the role.

Manage permissions for applications

You can give single users, or all users with a specific role, permission to view or edit an application that they do not have permission for by default. The procedure below describes how to manage user permissions for a specific application.

To manage permissions for an application:

  1. Navigate to the Administration area.

    • In the toolbar, click your username. From the drop-down menu, click Administration.

      The Administration area appears in the workspace.

  2. In the Settings and Permissions area, next to Manage application permissions, click Manage.

    The Application Permissions page appears, displaying a list of applications on the left.

  3. Do one of the following:
    • Select an application from the list.
    • Perform a simple search for an application by doing the following:
      1. Type any part of the application name in the search box, and click .

        The matching applications appear below the search box.

      2. Select an application from the list.

        The Authorized Roles and Users area for the selected application appears on the right.

        Note: A role or user will appear disabled in the list for one of the following reasons: the user inherited permission to the application from a role, or the user or role has User has edit all applications permission.

  4. To give single users permission to view or edit the application, do the following:
    1. Click +Add Users.

      The Add Users window appears.

    2. Do one of the following:

      • Select users from the list.
      • Perform a simple search for a user by entering any part of the user's name or username in the search box, and click . The matching users appear below the search box.
      • To deselect users, click Clear.
    3. Click OK.

      Once added, the user(s) appear in a list below the application. By default they are only given permission to view the application.

    4. To give the user permission to edit an application, click the Can View drop-down list for the application and select Can Edit.

  5. To give all users with a specific role permission to view or edit the application, do the following:

    1. Click +Add Roles.

      The Add Roles window appears.

    2. Do one of the following:
      • Select roles from the list.
      • Perform a simple search for a role by typing any part of the role's name in the search box, and clicking . The matching roles appear below the search box. Select roles from the list.
      • To deselect roles, click Clear.
    3. Click OK.

      The role(s) appear in a list below the application. By default they are only given permission to view the application.

    4. To give the role permission to edit an application, click the Can View drop-down list for the application and select Can Edit.
  6. To remove the permissions of a user or role for the application, click .
  7. To remove all user and role permissions for the application, click Remove all.
  8. Click Save Changes.