Understanding Permissions - Users, Roles, and Assets

The Continuous Dynamic Portal offers standardized sets of permissions that can be assigned to a user for a given asset or set of assets (referred to as an asset group). Standard roles include:

  • Viewer

  • Asset Manager

  • Developer

  • Security Operator

  • Security Operations Administrator

  • Continuous Dynamic Admin

Details of the permissions associated with each role can be found in About User Roles.

A given user may be assigned one or more roles. Each role defines the user’s permissions with regard to a particular set of assets, defined when the role is assigned to the user. That definition may be edited in the User Management screens. A given user may have only one role with respect to a given asset.

user role diagram

In the diagram above, User 1 is a Continuous Dynamic Admin for the asset named Elm. At the same time, User 1 is a SecOps Admin for the assets Beech and Acorn, and for the asset group Omega. However, for asset groups Epsilon and Delta, User 1 is only a Viewer. If there are other assets or asset groups, User 1 cannot access them at all, because no permissions have been assigned to User 1 for those assets.

Each user-role-asset relationship is singular, meaning that a user may not have multiple roles with respect to the same asset. However, roles may be assigned to users for any combination of assets and asset groups.

In keeping with good security practices, each user should be assigned only the role that is actually required for that user to do their job with respect to a given asset or asset group. Always grant the lowest level of permissions that is practical. For more detail on what permissions are associated with which role, see About User Roles.

Video Tutorial - User Management Tab

Also refer to Managing Groups.

Video Tutorial - Group Management Tab