Permission Management and CCS Roles management breakdown
Article ID: 261939
Updated On:
Products
Control Compliance Suite Standards Server
Control Compliance Suite
Control Compliance Suite Standards Module
Issue/Introduction
You would like to know what tasks each part of a CCS role to select to get specific rights for your users in CCS.
Example: You want to customize a CCS role to provide asset view and asset import access to our "Custom Role" group, but shouldn't allow the asset removal/delete permissions which is restricted.
Environment
Release: CCS 12.5.2 - 12.6.1
Resolution
Our predefined documentation on Roles does not go into details about each Task that can be assigned to a Role.
See below for a list of possible Tasks and their description.
| Task Name | Task Description |
| View Assets | The user can view the details of the assets and the asset groups. |
| View Roles | The user can view the details of the roles. |
| Request Exceptions | The user can request exceptions. |
| View Tiered Dashboard | The user can have read access for the selected tiered dashboard. |
| Manage Tiered Dashboard | The user can perform tasks such as create tiered dashboard, copy tiered dashboard, paste tiered dashboard, import tiered dashboard, export tiered dashboard, create nodes and sections, delete nodes and sections, update nodes and sections and view a tiered dashboard. |
| View Configuration Settings | The user can view the infrastructure configuration settings. |
| Customize Report Templates | The user can perform tasks such as copy, paste, move, delete, export, and add a new report template, customize an existing report template, or update the layout of an existing report template. |
| Generate Reports | The user can execute the templates for generating reports. |
| View Reports | The user can view the details of the reports. |
| View Reports Templates | The user can view the details of the reports templates. |
| Manage Configuration Settings | The user can modify the infrastructure configuration settings. |
| Manage Users | The user can import, update, and delete users in the system. |
| View Permissions | The user can view the permissions that are assigned to an object. |
| Manage Jobs | The user can view, create, update, or delete user-created jobs. |
| Manage Tags | The user can create, update, or delete tags. |
| View Asset Reconciliation Rules | The user can view the details of the asset reconciliation rules. |
| Approve Exceptions | The user can approve exceptions. |
| View Queries | Entitles the user to view query information. |
| Execute Queries | Entitles the user to run queries. |
| Manage Queries | Entitles the user to create, update, and delete user-created queries. |
| Delete Agents | The user can delete agents. |
| Manage Agents | The user can view, create and update agents. |
| View Shared Credentials | The user can view and use saved credentials. |
| Manage Shared Credentials | The user can add, edit or delete saved credentials. |
| View Credentials | The user can view the credentials which are common or configured for assets and folders. |
| Manage Credentials | The user can configure common as well as asset or folder specific credentials. |
| View Policies Management View | The user can have access to the Policies view from the CCS console. |
| Publish Dynamic Dashboards | The user can publish dynamic dashboards and panels. |
| Create Dynamic Dashboards | The user can create dynamic dashboards and panels. |
| View All Jobs | The user can view the details of the jobs. |
| Manage Policy Clarifications | The user can respond to policy clarifications. |
| View Policy Comments | The user can view and read the policy comments. |
| Manage Controls Studio | The user can access the Controls Studio. |
| View Policy Content | The user can view the policy content details. |
| Publish Policies | The user can publish the policies. |
| Manage Policies | The user can create, modify, or delete the policies. |
| View Policies | The user can view the details of the policies. |
| View Evaluation Results | The user can view the evaluation result details of the CCS Standards system and the SCAP Content system. |
| Evaluate Standards | The user can evaluate assets against CCS Standards and also evaluate assets against the SCAP benchmarks or OVAL definitions. |
| Collect Data | The user can collect data from assets. |
| Manage Standards | The user can create, update, and delete the standards, sections, and checks of the CCS Standards. For the SCAP Content system, the user can import and delete the OVAL definition files and the SCAP benchmarks, profiles, and rules. |
| View Standards | For CCS Standards, the user can view the details of the standards, sections, and checks. For SCAP Content, the user can view the benchmarks, profiles, rules for the SCAP Benchmarks and also the standalone OVAL definition files. |
| Import Assets | The user can import assets. |
| Manage Asset Reconciliation Rules | The user can create, update, and delete asset reconciliation rules. |
| Manage Assets and Asset Groups | The user can update and delete assets. The user can also create, update, and delete asset groups. |
| Manage Roles | The user can create, update, or delete roles. |
| Accept or Decline Policies | The user can accept or decline the policies. |
| Manage Policy Comments | The user can create and modify policy comments. |
| Approve Policies | The user can approve the policies. |
| Review Policies | The user can review the policies. |
| Create Risk Models | The user can create risk models. |
| View all dashboards, reports and job results | The user can view all dashboards, reports and job results. |
| Manage Dynamic Dashboards | The user can manage dynamic dashboards and panels. |
| Execute Remediation Action | The user can execute remediation action. |
| Manage Evidence Definitions | User can add,modify or delete evidence providers |
| Assign Permissions | The user can assign permissions to an object. |
| Add or Remove Users and Groups | The user can assign roles to users and groups. The user can also remove the assigned roles. |
| View Users | The user can view the users of the system. |
| Manage Schema | The user can read, create, and extend the schema for asset types and entity. The user can also read, create, and edit the target type. |
Feedback
Yes
No
Powered by
