Managing roles in Invicti Enterprise
Invicti Enterprise empowers you to create roles tailored to your specific requirements. You also retain the flexibility to edit any previously established roles as needed.
Invicti Enterprise helps you to safeguard your web application against malicious attacks by providing you with secure options when creating various roles for a team and members. You can add developers, analysts, and other people as members, assigning them different permissions so that they can coordinate and perform their roles safely.
Greater flexibility and granularity
You can assign members to existing roles, website groups, and teams. Or, you can create a unique role so that a member with a specific task to perform in your team has the correct access. For example, you can decide on a user that can start a web application security scan but cannot view the scan’s reports. Or, that user can view IP restrictions but cannot add or edit these restrictions.
Built-in roles
You have the option to assign both custom roles and built-in roles to your users. While custom roles offer greater flexibility and granularity, built-in roles can provide a convenient starting point for organizing your teams.
The following table lists and explains the available built-in roles.
| Roles | Description |
| Account Owner | Select to give users all the permissions in an Invicti Enterprise account. An Account Owner has all permissions to manage scans, reporting, settings, policies, and issues. |
| Account Administrator | Select to give users permission to manage all other team members and their permissions. An Account Administrator also has permission to manage scans, reporting, settings, policies, and issues. |
| Manage Websites | Select to give users permission to add/update the website, manage website groups, and list usernames. |
| Start Scans | Select to give users the same permission as Manage Issues. In addition, they have permission to start scans, manage scheduled scans, and manage scan policies. |
| View Reports | Select to give users the same permission as Manage Issues, except they cannot update issues. |
| Manage Issues | Select to give users permission to view dashboards and scan reports, list usernames and scans, create reports, and view and update issues. |
| Manage Issues (Restricted) | Select to give users permission to view scan reports and manage issues (as with Manage Issues), except they cannot update the status of addressed issues as Accepted Risk or False Positive. |
This article explains how to add a new role, edit a role, and delete a role. For further information, see Managing Members in Invicti Enterprise and Managing Teams in Invicti Enterprise.
For detailed information about the list of all permissions, see Role Permission Fields.
How to add a new role
- Log in to Invicti Enterprise.
- From the main menu, select Team > New Role.
- In the Name field, enter a name for the role.
- In the Permissions field, select permissions to add to the role.
- Select Save.
How to edit a role
- From the main menu, select Team > Manage Roles.
- Next to the relevant role, select the Edit icon (
). - In the Edit Role window, make the required changes to the role’s details, such as Name and Permissions.
- Select Save.
You cannot edit or delete built-in roles added by Invicti.
How to delete a role
- From the main menu, select Team > Manage Roles.
- Next to the relevant role, click the Delete icon. A confirmation dialog is displayed.
- In the confirmation dialog, select Delete.
Role permission fields
The list of permissions may vary according to the Invicti solution, such as On-Premises, you use.
This table lists and explains all permission fields in the New Role window.
|
Role |
Description |
|
View General Settings |
The user can view general settings. |
|
Edit General Settings |
The user can edit general settings. |
|
Delete Agent Group |
The user can delete an agent group. |
|
Add/Edit Agent Group |
The user can add and edit an agent group. |
|
View Agent Group List |
The user can see an agent group list. |
|
View Agent List |
The user can see an agent list. |
|
Manage Agent Commands |
The user can see and use agent commands. |
|
Add/Edit Agent |
The user can add and edit an agent. (This permission is required to select an agent mode on the Website page in addition to the View and Edit Website permissions.) |
|
Delete Agent |
The user can delete an agent. |
|
View Audit Logs |
The user can see audit logs. |
|
View Custom Script List |
The user can see a custom script list. |
|
Add/Edit Custom Script |
The user can add and edit a custom script. |
|
Delete Custom Script |
The user can delete a custom script. |
|
Execute Custom Script |
The user can execute custom scripts. |
|
View Discovery Settings |
The user can view the discovery settings. |
|
Edit Discovery Settings |
The user can edit the discovery settings. |
|
View Discovery List |
The user can view a discovered websites list. |
|
Edit Discovery List |
The user can edit a discovered websites list. |
|
Add/Edit Integration |
The user can add and edit an integration. |
|
Delete Integration |
The user can delete an integration. |
|
View Integration List |
The user can view the integration list. |
|
Add/Edit Integration User Mapping |
The user can add and edit user mapping for integration. |
|
Delete Integration User Mapping |
The user can delete user integration mapping. |
|
View Integration User Mapping |
The user can view user integration mapping. |
|
View Scan Report |
The user can view scan report. |
|
View IP Restrictions |
The user can view IP restrictions. |
|
Modify IP Restrictions |
The user can add/edit and enable/disable IP restrictions. |
|
View Account License |
The user can view an account license. |
|
Manage Licenses |
The user can manage account licenses. |
|
Manage Notifications |
The user can manage notifications. |
|
Manage Reporting |
The user can manage reporting. |
|
Add/Edit Report Policy |
The user can add and edit a report policy. |
|
Delete Report Policy |
The user can delete a report policy. |
|
View Report Policy |
The user can view a report policy. |
|
Add/Edit Scan Policy |
The user can add and edit a scan policy. |
|
Delete Scan Policy |
The user can delete a scan policy. |
|
View Scan Policy |
The user can view a scan policy. |
|
View Website Dashboard |
The user can view the website dashboard. |
|
Add Website |
The user can add a website. |
|
Edit Website |
The user can edit a website. |
|
Import Website |
The user can import a website. |
|
View Website List |
The user can view a website list. |
|
View Global Dashboard |
The user can view the global dashboard. |
|
Delete Website |
The user can delete a website. |
|
Delete Website Group |
The user can delete a website group. |
|
Add Website Group |
User can add website group |
|
Edit Website Group |
The user can edit a website group. |
|
View Website Group List |
The user can view a website group list. |
|
Manage Technologies |
The user can manage technologies. |
|
Manage SSO |
The user can manage Single Sign-On. |
|
Manage Settings |
The user can manage application settings. |
|
Add/Edit Scheduled Scan |
The user can add and edit a scheduled scan. |
|
Delete Scheduled Scan |
The user can delete a scheduled scan. |
|
View Scheduled Scan List |
The user can view a scheduled scan list. |
|
Add/Edit Scan |
The user can add and edit a scan. |
|
Edit Scan State |
The user can edit a scan state. |
|
Delete Scan |
The user can delete a scan. |
|
View Scan List |
The user can view a scan list. |
|
View Issue List And Detail |
The user can view an issue list and detail. |
|
Mark Issue As Fixed |
The user can mark an issue as fixed. |
|
Mark Issue As False Positive |
The user can mark an issue as a false positive. |
|
Mark Issue As Accepted Risk |
The user can mark an issue as an accepted risk. |
|
Enforce 2FA |
The user can configure Two-factor Authentication. |
|
View Team List |
The user can view a team list. |
|
Add Team |
The user can add a team. |
|
Edit Team |
The user can edit a team. |
|
Delete Team |
The user can delete a team. |
|
View Member List |
The user can view a member list. |
|
Edit Member |
The user can edit a member. |
|
Delete Member |
The user can delete a member. |
|
View Role List |
The user can view a role list. |
|
Add Role |
The user can add a role. |
|
Edit Role |
The user can edit a role. |
|
Delete Role |
The user can delete a role. |
|
Can Bypass SSO Login |
The user can bypass Single Sign-On Login (can log in with email and password). |
|
Reset Agent Token |
The user can reset the agent token. |
|
View Member Invitation List |
The user can view a member invitation list. |
|
Add Member Invitation |
The user can add a member invitation. |
|
Delete Member Invitation |
The user can delete a member invitation. |
|
View Authentication Profile List |
The user can view an authentication profile list. |
|
Add Authentication Profile |
The user can add an authentication profile. |
|
Edit Authentication Profile |
The user can edit an authentication profile. |
|
Delete Authentication Profile |
The user can delete a member invitation. |
|
Mark Issue As Fixed(Can’t Retest) |
The user can mark an issue as Fixed(Can’t retest). |
|
Manage Notifications(Account) |
The user can manage all account notifications. |
|
Can Modify Account Profile and Policies |
The user can modify the scan profile, report policy, and scan policy. |
|
Edit my Team’s Role |
The user can edit the roles of their team members. Note: Selecting this permission means that the user will only be able to view teams in which they are a member. Don’t select this option if you want the role to manage teams other than the team the user will be added to. |