The Role-Based Access Control (RBAC) in the Vulcan Cyber ExposureOS platform is a security model that provides access permissions to users based on their assigned roles within an organization.
In RBAC, access is granted based on roles rather than individual user accounts. Each role is defined with a set of permissions that determine what actions or operations a user with that role can perform.
Role Types
The Vulcan Cyber ExposureOS platform has the following three role types:
Role | Description | Availability | Can be modified? |
Admin | Admins have the full privilege to use all of the functionality in the Vulcan Cyber ExposureOS product and have full access to the data within the system. | By default. | No. |
Standard | Standard users have the full privilege to use all of the functionality in the Vulcan Cyber ExposureOS product. However, unlike Admins, they cannot consume or modify configuration settings. | By default. | Yes. |
Remediation Collaborator | It allows access to the Remediation WorkForm via tickets generated by the Vulcan Cyber ExposureOS, allows you to view specific ticket vulnerabilities, and allows you to create exception requests. | By default. | Yes. |
Custom ("Add Role") | Custom roles can have configurable permission set based on the following: | Can be created. | Yes. |
Creating a Role
To create a Role:
Go to Settings > Roles.
Click to Add a role or edit an existing Standard/Custom Role.
Insert an indicative role name and define the role access permissions.
Enable/disable Role Access Permissions.
Role Access Modules and Permissions
The following is a list of access and action modules you can define per role.
Access to Business Groups
As Admin, enable access to all or a selection of business groups. This determines which Business Groups you want to allow access to for the users assigned to the role.
Access to Modules and Action Permissions
Settings Access Modules
Enabling access to the Settings module allows the user to:
Access specific settings and configurations
As Admin, check the settings you want to enable access to for the users assigned to the role:
"Setting" Access Permission | Description |
Administration | - Define risk priority weights to customize the prioritization of risks. - Specify whether to include or exclude archived assets in the relevant table or data view. |
Authentication | Configure single sign-on and provisioning capabilities for authentication purposes. |
Audit Events | View audit events, providing a comprehensive record of activities and changes made by all users. |
Exceptions | |
SLA | Configure Service Level Agreement (SLA) policies for users with access to all Business Groups. |
Ticket preferences | Customize remediation ticket template. |
Asset deduping | Configure asset deduping preferences. |
Home Dashboard Access Module
Enabling access to this module allows the user to:
View the dashboard based on the role’s access to business groups.
As Admin, enable/disable access to the dashboard for the users assigned to this role.
Vulnerabilities Access Modules
Enabling access to this module allows the user to:
View vulnerabilities based on the role’s access to business groups.
Perform a list of actions on vulnerabilities.
As Admin, check the actions you want to enable access to for the users assigned to this role:
"Vulnerabilities" Access Permission | Description |
Open a ticket | Open a ticket using integrated ticketing tools. |
Deploy a fix | Deploy a fix using integrated deployment tools. |
Share vulnerability | Share a vulnerability with others using a ticketing tool (through Email or other collaboration tools). |
Edit risk | Manually edit and revert the risk associated with vulnerabilities. |
Manage saved searches | Create, edit, and delete saved searches when filtering vulnerabilities for quick and convenient access to specific vulnerabilities. |
Export vulnerabilities | Export the list of vulnerabilities to a CSV format for further analysis or reporting purposes. |
Manage vulnerability tags | Create/delete vulnerability tags to categorize and classify vulnerabilities based on specific attributes. |
Attach/detach vulnerability tag | Attach/detach a vulnerability tag to associate/dissociate it with a specific vulnerability.
|
Manage due date | Set/edit vulnerabilities' email due dates manually or via an automated playbook. |
Exceptions Access Modules
As Admin, check the actions you want to enable access to for users assigned to this role:
"Exceptions" Access Permission | Description |
Manage exception requests | - Create/edit/comment exception requests in the Vulnerabilities table. - Create/edit/view Exception playbooks. |
Approve/decline exception requests | - Approve, be assigned as an approver, and decline exception requests (automation or manual). |
Change the expiration date for Exception Requests | - Change the expiration date for new manually created requests or when editing existing requests. |
Edit exception request | - Edit all exception requests in all statuses (Pending, Approved, Expired, Declined). |
Access to Remediation Work Form
Enabling access to this module allows the user to:
Access the Remediation work form from tickets generated by Vulcan Cyber ExposureOS, view specific ticket vulnerabilities, and create exception requests
Campaigns
Enabling access to this module allows the user to:
Access the Campaign page. Note that all roles can see all remediation campaigns, regardless of their access to business groups.
Perform actions in Campaigns.
As Admin, check the actions you want to enable access to for users assigned to this role:
"Campaign" Access Permission | Description |
Close campaign pending tickets | Close tickets that are pending within a campaign. |
Mark open campaigns as done | Proactively mark a campaign as "Done" and close all associated open tickets. |
Cancel running campaign | Proactively mark a campaign as "Canceled" and close all associated open tickets. |
Take action from a campaign | Open a ticket or share a vulnerability from a running campaign. |
Automation
Enabling access to this module allows the user to:
Access the Automation page. Note that all roles can see all running automation regardless of their access to business groups.
Assets
Enabling access to this module allows the user to:
Access to the assets associated with the Business Groups the role has access to.
Perform actions on assets.
As Admin, check the actions you want to enable access to for users assigned to this role:
"Assets" Access Permission | Description |
Manage Tags | Create/edit/assign tags to assets to categorize and label assets based on specific attributes. |
Manage Business groups | Create/edit/assign business groups to categorize assets within organizational business groups. |
Manage Dynamic Properties | Create/edit dynamic properties to assign and manage asset information, including ownership, ensuring accountability and responsibility. |
Manage Saved Searches | Create/edit/delete saved searches when filtering assets for quick and convenient access to specific assets. |
Export assets list | Export the list of assets to a CSV format for further analysis or reporting purposes. |
Remedies
Enabling access to this module allows the user to:
Access the Remedies page. Note that all roles can see all remedies, regardless of their access to business groups.
Analytics
Enabling access to this module allows the user to:
Access the reports on the Analytics page. Note that all roles can see all reports based on their access to business groups.
Sharing: Users can share customized reports with others authorized for the included business groups.
Connectors
Enabling access to this module allows the user to:
Access the Connectors page and set up connectors. Note that all roles can view and set up connectors, regardless of their access to business groups.
Assigning a Role to a User
Each user in the Vulcan Cyber ExposureOS platform must be assigned a Role. To learn how to assign roles to users, see Managing Users.