Role Permission Chart
This chart is intended to list all permissions related to a Product or Product Type, as well as which permissions are available to each role.
Section | Permission | Reader | Writer | Maintainer | Owner | API Imp |
Product / Product Type Access | View assigned Product or Product Type ¹ | ☑️ | ☑️ | ☑️ | ☑️ | ☑️ |
| View nested Products, Engagements, Tests, Findings, Endpoints | ☑️ | ☑️ | ☑️ | ☑️ | ☑️ |
| Add new Products (within assigned Product Type) ² |
|
| ☑️ | ☑️ |
|
| Delete assigned Products or Product Types |
|
|
| ☑️ |
|
Product / Product Type Membership | Add Users as Members (excluding Owner Role) |
|
| ☑️ | ☑️ |
|
| Edit member Roles (excluding Owner Role) |
|
| ☑️ | ☑️ |
|
| Edit member Roles (including Owner Role) |
|
|
| ☑️ |
|
| Remove self from Product / Product Type membership | ☑️ | ☑️ | ☑️ | ☑️ |
|
| Add an Owner Role to another User |
|
|
| ☑️ |
|
| Edit an associated Product/Product Type Membership within a Group³ |
|
|
| ☑️ |
|
| Delete an associated Product/Product Type Membership within a Group³ |
|
|
|
|
|
Engagements (Within a Product) | Add, Edit Engagements |
| ☑️ | ☑️ | ☑️ | ☑️ |
| Add, Edit Risk Acceptances |
| ☑️ | ☑️ | ☑️ |
|
| Delete Engagements |
|
| ☑️ | ☑️ |
|
Tests (Within a Product) | Add Tests |
| ☑️ | ☑️ | ☑️ |
|
| Edit Tests |
| ☑️ | ☑️ | ☑️ | ☑️ |
| Delete Tests |
|
| ☑️ | ☑️ |
|
Findings
(Within a Product)
| Add Findings |
| ☑️ | ☑️ | ☑️ |
|
| Edit Findings |
| ☑️ | ☑️ | ☑️ |
|
| Import, Reimport
Scan Results
|
| ☑️ | ☑️ | ☑️ | ☑️ |
| Delete Findings |
|
| ☑️ | ☑️ |
|
| Add, Edit, Delete
Finding Groups
|
| ☑️ | ☑️ | ☑️ |
|
Other Data
(Within a Product)
| Add, Edit Endpoints |
| ☑️ | ☑️ | ☑️ |
|
| Delete Endpoints |
|
| ☑️ | ☑️ |
|
| Edit Benchmarks |
| ☑️ | ☑️ | ☑️ |
|
| Delete Benchmarks |
|
| ☑️ | ☑️ |
|
| View Note History | ☑️ | ☑️ | ☑️ | ☑️ |
|
| Add, Edit, Delete Own Notes | ☑️ | ☑️ | ☑️ | ☑️ | ☑️ |
| Edit Other Notes |
| ☑️ | ☑️ | ☑️ | ☑️ |
| Delete Other Notes |
|
| ☑️ | ☑️ |
|
A user who is assigned permissions at the Product level only cannot view the Product Type it is contained in.
When a new Product is added underneath a Product Type, all Product Type-level Users will be added as Members of the new Product with their Product Type-level Role.
The user who wishes to make changes to a Group must also have Edit Group Configuration Permissions, and a Maintainer or Owner Group Configuration Role in the Group they wish to edit.
Configuration Permission Chart
Each Configuration Permission refers to a particular function in the software, and has an associated set of actions a user can perform related to this function.
The majority of Configuration Permissions give users access to certain pages in the UI.
Configuration Permission | View ☑️ | Add ☑️ | Edit ☑️ | Delete ☑️ |
Credential Manager | Access the ⚙️Configuration > Credential Manager page | Add new entries to the Credential Manager | Edit Credential Manager entries | Delete Credential Manager entries |
Development Environments | n/a | Add new Development Environments to the 🗓️Engagements > Environments list | Edit Development Environments in the 🗓️Engagements > Environments list | Delete Development Environments from the 🗓️Engagements > Environments list |
Finding Templates¹ | Access the Findings > Finding Templates page | Add a Finding Template | Edit a Finding Template | Delete a Finding Template |
Groups | Access the 👤Users > Groups page | Add a new User Group | Superuser only | Superuser only |
Jira Instances | Access the ⚙️Configuration > JIRA page
| Add a new JIRA Configuration | Edit an existing JIRA Configuration | Delete a JIRA Configuration |
Language Types |
|
|
|
|
Login Banner | n/a | n/a | Edit the login banner, located under ⚙️Configuration > Login Banner | n/a |
Announcements | n/a | n/a | Configure Announcements, located under ⚙️Configuration > Announcements | n/a |
Note Types | Access the ⚙️Configuration > Note Types page | Add a Note Type | Edit a Note Type | Delete a Note Type |
Product Types | n/a | Add a new Product Type (under Products > Product Type) | n/a | n/a |
Questionnaires | Access the Questionnaires > All Questionnaires page | Add a new Questionnaire | Edit an existing Questionnaire | Delete a Questionnaire |
Questions | Access the Questionnaires > Questions page | Add a new Question | Edit an existing Question | n/a |
Regulations | n/a | Add a Regulation to the ⚙️Configuration > Regulations page | Edit an existing Regulation | Delete a Regulation |
SLA Configuration | Access the ⚙️Configuration > SLA Configuration page
| Add a new SLA Configuration | Edit an existing SLA Configuration | Delete an SLA Configuration |
Test Types | n/a | Add a new Test Type (under Engagements > Test Types) | Edit an existing Test Type | n/a |
Tool Configuration | Access the ⚙️Configuration > Tool Configuration page
| Add a new Tool Configuration | Edit an existing Tool Configuration | Delete a Tool Configuration |
Tool Types | Access the ⚙️Configuration > Tool Types page | Add a new Tool Type | Edit an existing Tool Type | Delete a Tool Type |
Users | Access the 👤Users > Users page | Add a new User to DefectDojo | Edit an existing User | Delete a User |
Access to the Finding Templates page also requires the Writer, Maintainer or Owner Global Role for this user.
Group Configuration Permissions
Configuration Permission | Reader | Maintainer | Owner |
View Group | ☑️ | ☑️ | ☑️ |
Remove self from Group | ☑️ | ☑️ | ☑️ |
Edit a Member’s role in a Group |
| ☑️ | ☑️ |
Edit or Delete a Product or Product Type Membership from a Group¹ |
| ☑️ | ☑️ |
Change a Group Member’s role to Owner |
|
| ☑️ |
Delete Group |
|
| ☑️ |
This also requires the User to have at least a Maintainer Role on the Product or Product Type which they wish to edit.