Overview
This document helps you understand the different user roles and their associated permissions within Invicti, ensuring clarity on who can access and control specific settings. Additionally, it clarifies that only users with designated roles such as Primary Account, Root Account, Account Owner, or Account Administrator have access to the General Settings in both the On-Premises and On-Demand versions of Invicti. If a user does not hold any of these designated roles, they will be unable to access the General Settings.
The table below outlines the various user roles and their corresponding permissions.
Invicti Enterprise On-Demand user roles and permissions
Account Type | Settings | General Settings |
Customer Account (with Account Owner Role) (Primary User) | Under Settings, the user can see the following sub-menus: - General
- Single Sign-On
- IP Restrictions
| Permissions - Support can see my account (checkbox)
- Support can edit my account (checkbox)
- Disable issue notifications that are sent by the system (checkbox)
- Do not mark Information issues as accepted risks (checkbox)
- Disable assigning issues to the committer (checkbox)
- IP restricted sessions (checkbox)
- Send notification about long running scans (checkbox)
- Allow scanning without a duration limit (checkbox)
- Do not expose sensitive information in the API responses (checkbox)
- Force agents to use Invicti web application VDB file URL (checkbox)
- Configure retention period for raw scan files (checkbox)
- Configure retention period for scan data (checkbox)
- Internal Agent Terminate Timeout (Hours) (text input)
- Configure user timeout for time period (checkbox)
Scan Control
- Suspend all future scans (checkbox)
- Resume paused scans (button)
- Pause active scans (button)
Information about scans
- Scans in progress: 0
- Scans pausing: 0
- Scans paused: 0
- Unsuccessful: 0
Privacy & Security
- Prevent any sensitive information showing within the product (checkbox)
Warning Texts
- Customize Header Text (text input)
- Login Warning Banner (select box)
IAST Bridge
- Default Bridge URL (text input)
Default Policies
- Default Scan Policy (select box)
- Default Report Policy (select box)
|
Customer Account (with Account Administrator Role) | Under Settings, the user can see the following sub-menus: - General
- Single Sign-On
- IP Restrictions
| The same fields are displayed for this user as for the Primary User above. |
Customer Account (with Account Owner Role) | Under Settings, the user can see the following sub-menus: - General
- Single Sign-On
- IP Restrictions
| The same fields are displayed for this user as for the Primary User above. |
Support Account (customers do not have access to Support Accounts) | Under Settings, the user can see the following sub-menus: - Single Sign-On
- IP Restrictions
| Support Account users cannot see the General Settings. |
Root Account (customers do not have access to Root Accounts) | Under Settings, the user can see the following sub-menus: - General
- Security
- Encryption
- Database
- Email
- SMS
- Service Credentials
- Cloud Provider
- Authentication Verifier
- Single Sign-On
- IP Restrictions
| Fields - Application URL (required) (text input)
- Update Server URL(required) (text input)
- DNS Timeout Value in Milliseconds (required) (text input)
- Enable Discovery Service (checkbox)
- Discovery Radar Service URL (required) (text input)
- Discovery Deepinfo Service URL (text input)
- Discovery Service Authentication Key Name (text input)
- Discovery Service Authentication Key (text input)
- Second Level Domains (text input)
- Scan Data Path (required) (text input)
- Screenshots Path (required) (text input)
- Max Uploaded File Size in MB (required) (text input)
- Sales Contact Email (required) (text input)
- Support Contact Email (required) (text input)
- Agent Not Available Timeout (Minutes) (text input)
- Blue Green Deployment (checkbox)
- Enable Segment Tracking (checkbox)
- Segment Key (text input)
- Enable Hawk URL Configuration (checkbox)
|
Invicti Enterprise On-Premises user roles and permissions
Account Type | Settings | General Settings |
Customer Account (Primary Account) | Under Settings, the user can see the following sub-menus: - General
- Security
- Encryption
- Database
- Email
- SMS
- Service Credentials
- Cloud Provider
- Authentication Verifier
- Single Sign-On
- IP Restrictions
| Fields - Application URL (required) (text input)
- Update Server URL (required) (text input)
- DNS Timeout Value in Milliseconds (required) (text input)
- Enable Discovery Service (checkbox)
- Discovery Radar Service URL (required) (text input)
- Scan Data Path (required) (text input)
- Screenshots Path (required) (text input)
- Max Uploaded File Size in MB (required) (text input)
- Sales Contact Email (required) (text input)
- Support Contact Email (required) (text input)
- Agent Not Available Timeout (Minutes) (text input)
- Agent selection enabled (checkbox)
- Enable Segment Tracking (checkbox)
- Segment Key (text input)
- Enable Hawk URL Configuration (checkbox)
- Disable issue notifications that are sent by the system (checkbox)
- Do not mark Information issues as accepted risks (checkbox)
- Disable assigning issues to the committer (checkbox)
- IP restricted sessions (checkbox)
- Send notification about long running scans (checkbox)
- Allow scanning without a duration limit (checkbox)
- Do not expose sensitive information in the API responses (checkbox)
- Force agents to use Invicti web application VDB file URL (checkbox)
- Do not stop scan when maximum logout is exceeded (checkbox)
- Account can execute custom security checks (checkbox)
- Configure retention period for raw scan files (checkbox)
- Configure retention period for scan data (checkbox)
- Internal Agent Terminate Timeout (Hours) (text input)
- Configure user timeout for time period (checkbox)
Privacy & Security
- Prevent any sensitive information showing within the product (checkbox)
Warning Texts
- Customize Header Text (text input)
- Login Warning Banner (select box)
IAST Bridge
- Default Bridge URL (text input)
Default Policies
- Default Scan Policy (select box)
- Default Report Policy (select box)
|
Customer Account (with Account Administrator Role) | Under Settings, the user can see the following sub-menus: - General
- Single Sign-On
- IP Restrictions
| Fields - Disable issue notifications that are sent by the system (checkbox)
- Do not mark Information issues as accepted risks (checkbox)
- Disable assigning issues to the committer (checkbox)
- IP restricted sessions (checkbox)
- Send notification about long running scans (checkbox)
- Allow scanning without a duration limit (checkbox)
- Do not expose sensitive information in the API responses (checkbox)
- Force agents to use Invicti web application VDB file URL (checkbox)
- Do not stop scan when maximum logout is exceeded (checkbox)
- Account can execute custom security checks (checkbox)
- Configure retention period for raw scan files (checkbox)
- Configure retention period for scan data (checkbox)
- Internal Agent Terminate Timeout (Hours) (text input)
- Configure user timeout for time period (checkbox)
Privacy & Security
- Prevent any sensitive information showing within the product (checkbox)
Warning Texts
- Customize Header Text (text input)
- Login Warning Banner (select box)
IAST Bridge
- Default Bridge URL (text input)
Default Policies
- Default Scan Policy (select box)
- Default Report Policy (select box)
|
Customer Account (with Account Owner Role) | Under Settings the user can see the following sub-menus: - General
- Security
- Encryption
- Database
- Email
- SMS
- Service Credentials
- Cloud Provider
- Authentication Verifier
- Single Sign-On
- IP Restrictions
| Fields - Application URL (required) (text input)
- Update Server URL (required) (text input)
- DNS Timeout Value in Milliseconds (required) (text input)
- Enable Discovery Service (checkbox)
- Discovery Radar Service URL (required) (text input)
- Scan Data Path (required) (text input)
- Screenshots Path (required) (text input)
- Max Uploaded File Size in MB (required) (text input)
- Sales Contact Email (required) (text input)
- Support Contact Email (required) (text input)
- Agent Not Available Timeout (Minutes) (text input)
- Agent selection enabled (checkbox)
- Enable Segment Tracking (checkbox)
- Segment Key (text input)
- Enable Hawk URL Configuration (checkbox)
- Disable issue notifications that are sent by the system (checkbox)
- Do not mark Information issues as accepted risks (checkbox)
- Disable assigning issues to the committer (checkbox)
- IP restricted sessions (checkbox)
- Send notification about long-running scans (checkbox)
- Allow scanning without a duration limit (checkbox)
- Do not expose sensitive information in the API responses (checkbox)
- Force agents to use Invicti web application VDB file URL (checkbox)
- Do not stop scan when maximum logout is exceeded (checkbox)
- Account can execute custom security checks (checkbox)
- Configure retention period for raw scan files (checkbox)
- Configure retention period for scan data (checkbox)
- Internal Agent Terminate Timeout (Hours) (text input)
- Configure user timeout for time period (checkbox)
Privacy & Security
- Prevent any sensitive information showing within the product (checkbox)
Warning Texts
- Customize Header Text (text input)
- Login Warning Banner (select box)
IAST Bridge
- Default Bridge URL (text input)
Default Policies
- Default Scan Policy (select box)
- Default Report Policy (select box)
|
Support Account Customers cannot create Support accounts. | N/A | N/A |
Root Account Customers cannot create Root accounts. The Primary User account works as the Root Account for Invicti Enterprise On-Premises. | N/A | N/A |
