A superuser is the highest level of permission a customer can have in the Edgescan platform. This will allow them to do nearly anything related to their assets and data.
Version Number: v1.0.1
Published Date: 1 May 2024
____________________________________________________________________________
A superusers permission cannot be edited by another superuser. You must make a request to the Edgescan support team if you wish a change to be made to an existing super user.
Superusers can send password reset emails for other superusers
By default a superuser has the following permissions:
Manage permissions assume you have Create, Read, Update permissions. Delete on resources may not be available as a default for auditing purposes.
User Permission
| Resource | Resource Name | Resource Description |
| user | view | View Users in current users organization |
| user | edit |
Create User alerts Update User alerts Delete User alerts Update User Lock User Unlock User Reset Password Reset Email Set OTP secrey |
| user | create | Create User |
| user | delete | Delete User |
Further information is available here.
Asset Permission
| Resource | Resource Name | Resource Description |
| asset | view |
View assets Retest asset Scan Freeze windows View API Descriptors Download API Descriptors Download API Descriptor Status Create API Descriptors Create API Descriptors from URL Validate Users permitted to access API Descriptor files View Assessments View location specifiers Check existence of location specifiers on scope Organization View Schedules on Asset View annotations Create annotations Update annotations Delete annotations View tags |
| asset | create |
Create an Asset View available licences for current users organization Create Licence if User also has Edit Licence permission Destroy Licence if User also has Edit Licence permission |
| asset | edit |
Update an asset Initiate scanning Assign Licences Unassign Licences Create a container upload Update API Descriptors Delete API Descriptors Create a container image Delete a container image Create Location specifiers Update Location Specifiers (you can only edit location_specifiers if the asset is staged & you have the edit location_specifier permission) Delete location specifiers (you can only delete location_specifiers if the asset is staged & you have the delete location_specifier permission) Create tags Delete tags |
| asset | delete | Delete asset is only available when the asset is in a staged state. |
| asset | edit_credentials | Create, update and delete asset credentials |
| asset | manage_assessments |
Start an assessment Pause an assessment Resume an assessment |
| asset | risk_accept_vulnerabilities |
Accept risk of an asset Bulk mark risk acceptance |
| asset | manage_licence_auto_renewal | Manage auto renewal of licences on an asset |
| asset | cancel_scans | Cancel scans on an asset |
| asset | edit_risk_ratings |
Update vulnerabilities rating on an asset Batch update vulnerability scores |
Assessment
| Resource | Resource Name | Resource Description |
| assessment | view |
View Assessments Scan Data View annotations Create annotations Update annotations Delete annotations |
Organization
| Resource | Resource Name | Resource Description |
| organization | view | View Organisations |
| organization | edit_options | Global settings feature |
| organization | licence_oversight | View licence utilization summary on organization |
| organization | edit_slas |
Create SLAs Edit SLAs Delete SLAs Bulk replace SLAs |
| organization | tag_oversight | Adds check oversight permissions |
| organization | manage_licence_auto_renewal | Manage auto renewal of licences on an organization. |
Permission
| Resource | Resource Name | Resource Description |
| permission | view |
View permissions on target user Resolve permissions on target user |
| permission | edit |
Grant permissions on target user Deny permissions on target user |
| permission | create | Create permissions on target user |
| permission | delete | Delete permission on target user |
EASM Investigations
| Resource | Resource Name | Resource Description |
| easm_investigation | view |
View EASM Investigations |
| easm_investigation | create |
Create EASM Investigations on an Organization Create EASM Investigation schedules Create EASM Scan on Investigation |
| easm_investigation | edit |
Edit EASM Investigations Edit EASM Investigation schedules |
| easm_investigation | delete |
Delete EASM investigations |
Location Specifiers
| Resource | Resource Name | Resource Description |
| location_specifier | view |
View location specifiers on an asset |
| location_specifier | create |
Edit location specifiers on an asset (you can only edit location_specifiers if the asset is staged) |
Orders and Licences
| Resource | Resource Name | Resource Description |
| pact_order | view | View Order Items |
| pact_licence | view |
View Licences |
| pact_licence | edit |
Assign Licences Unassign Licences |
Keep in mind, a superuser can only assign permissions they have themselves.