Skip to main content
All CollectionsSettings and AccountUsers and Roles
Managing Roles (Role-Based Access Control)
Managing Roles (Role-Based Access Control)
Updated this week

The Role-Based Access Control (RBAC) in the Vulcan Cyber ExposureOS platform is a security model that provides access permissions to users based on their assigned roles within an organization.

In RBAC, access is granted based on roles rather than individual user accounts. Each role is defined with a set of permissions that determine what actions or operations a user with that role can perform.

Role Types

The Vulcan Cyber ExposureOS platform has the following three role types:

Role

Description

Availability

Can be modified?

Admin

Admins have the full privilege to use all of the functionality in the Vulcan Cyber ExposureOS product and have full access to the data within the system.
Therefore, Admins can modify configuration settings (like users, org SLA, and risk prioritization) and all operational features.

By default.

No.

Standard

Standard users have the full privilege to use all of the functionality in the Vulcan Cyber ExposureOS product. However, unlike Admins, they cannot consume or modify configuration settings.

By default.

Yes.

Remediation Collaborator

It allows access to the Remediation WorkForm via tickets generated by the Vulcan Cyber ExposureOS, allows you to view specific ticket vulnerabilities, and allows you to create exception requests.

By default.

Yes.

Custom ("Add Role")

Custom roles can have configurable permission set based on the following:
(1) Access to business groups, (2) Access to modules in the platform, (3) Permissions for actions per module.

Can be created.

Yes.

Creating a Role

To create a Role:

  1. Go to Settings > Roles.

  2. Click to Add a role or edit an existing Standard/Custom Role.

  3. Insert an indicative role name and define the role access permissions.

Role Access Modules and Permissions

The following is a list of access and action modules you can define per role.

Access to Business Groups

As Admin, enable access to all or a selection of business groups. This determines which Business Groups you want to allow access to for the users assigned to the role.

Access to Modules and Action Permissions

Settings Access Modules

Enabling access to the Settings module allows the user to:

  • Access specific settings and configurations

As Admin, check the settings you want to enable access to for the users assigned to the role:

"Setting" Access Permission

Description

Administration

- Define risk priority weights to customize the prioritization of risks.

- Specify whether to include or exclude archived assets in the relevant table or data view.

Authentication

Configure single sign-on and provisioning capabilities for authentication purposes.

Audit Events

View audit events, providing a comprehensive record of activities and changes made by all users.

Exceptions

SLA

Configure Service Level Agreement (SLA) policies for users with access to all Business Groups.

Ticket preferences

Asset deduping

Home Dashboard Access Module

Enabling access to this module allows the user to:

  • View the dashboard based on the role’s access to business groups.

As Admin, enable/disable access to the dashboard for the users assigned to this role.

Vulnerabilities Access Modules

Enabling access to this module allows the user to:

  • View vulnerabilities based on the role’s access to business groups.

  • Perform a list of actions on vulnerabilities.

As Admin, check the actions you want to enable access to for the users assigned to this role:

"Vulnerabilities" Access Permission

Description

Open a ticket

Open a ticket using integrated ticketing tools.

Deploy a fix

Deploy a fix using integrated deployment tools.

Share vulnerability

Share a vulnerability with others using a ticketing tool (through Email or other collaboration tools).

Edit risk

Manually edit and revert the risk associated with vulnerabilities.

Manage saved searches

Create, edit, and delete saved searches when filtering vulnerabilities for quick and convenient access to specific vulnerabilities.

Export vulnerabilities

Export the list of vulnerabilities to a CSV format for further analysis or reporting purposes.

Manage vulnerability tags

Create/delete vulnerability tags to categorize and classify vulnerabilities based on specific attributes.

Attach/detach vulnerability tag

Attach/detach a vulnerability tag to associate/dissociate it with a specific vulnerability.

Manage due date

Set/edit vulnerabilities' email due dates manually or via an automated playbook.

Exceptions Access Modules

As Admin, check the actions you want to enable access to for users assigned to this role:

"Exceptions" Access Permission

Description

Manage exception requests

- Create/edit/comment exception requests in the Vulnerabilities table.

- Create/edit/view Exception playbooks.
- Add/edit/delete the user's comments in any exception request on the Exceptions page (automation or manual).

Approve/decline exception requests

- Approve, be assigned as an approver, and decline exception requests (automation or manual).

Change the expiration date for Exception Requests

- Change the expiration date for new manually created requests or when editing existing requests.
- Modify the expiration date of requests in playbooks.

Edit exception request

- Edit all exception requests in all statuses (Pending, Approved, Expired, Declined).
Note: Making changes to a request restarts the approval process.

Access to Remediation Work Form

Enabling access to this module allows the user to:

Campaigns

Enabling access to this module allows the user to:

  • Access the Campaign page. Note that all roles can see all remediation campaigns, regardless of their access to business groups.

  • Perform actions in Campaigns.

As Admin, check the actions you want to enable access to for users assigned to this role:

"Campaign" Access Permission

Description

Close campaign pending tickets

Close tickets that are pending within a campaign.

Mark open campaigns as done

Proactively mark a campaign as "Done" and close all associated open tickets.

Cancel running campaign

Proactively mark a campaign as "Canceled" and close all associated open tickets.

Take action from a campaign

Open a ticket or share a vulnerability from a running campaign.

Automation

Enabling access to this module allows the user to:

  • Access the Automation page. Note that all roles can see all running automation regardless of their access to business groups.

Assets

Enabling access to this module allows the user to:

  • Access to the assets associated with the Business Groups the role has access to.

  • Perform actions on assets.

As Admin, check the actions you want to enable access to for users assigned to this role:

"Assets" Access Permission

Description

Manage Tags

Create/edit/assign tags to assets to categorize and label assets based on specific attributes.

Manage Business groups

Create/edit/assign business groups to categorize assets within organizational business groups.
***Currently, only the Admin user can create/edit Business Groups (Settings > Business Groups) ****

Manage Dynamic Properties

Create/edit dynamic properties to assign and manage asset information, including ownership, ensuring accountability and responsibility.

Manage Saved Searches

Create/edit/delete saved searches when filtering assets for quick and convenient access to specific assets.

Export assets list

Export the list of assets to a CSV format for further analysis or reporting purposes.

Remedies

Enabling access to this module allows the user to:

  • Access the Remedies page. Note that all roles can see all remedies, regardless of their access to business groups.

Analytics

Enabling access to this module allows the user to:

  • Access the reports on the Analytics page. Note that all roles can see all reports based on their access to business groups.

  • Sharing: Users can share customized reports with others authorized for the included business groups.

Connectors

Enabling access to this module allows the user to:

  • Access the Connectors page and set up connectors. Note that all roles can view and set up connectors, regardless of their access to business groups.

Assigning a Role to a User

Each user in the Vulcan Cyber ExposureOS platform must be assigned a Role. To learn how to assign roles to users, see Managing Users.

Did this answer your question?