Login, Permissions, Security

The user just has the ‘REPORTADMIN’ role, as we only want them to do assessments and get reports, nothing else on the platform.

I want to see that when a user only has Asset View, they should be able to only see Assets and nothing else in the system. The fact they can see settings and integration usernames at a global level feels like a potential breach waiting to happen.

My organization services a wide range of clients. Some of them have technical staff that will take initiative on addressing vulnerabilities. They would benefit greatly by being able to initiate scans from the All Assets screen. For management purposes, we do not want to provide AssetWriter permissions and they may not have direct access to the device in question to run a command line to initiate the scan. If we could create a role to allow for the ability of initiate scanning and potentially include initiating patch jobs would be ideal. Or at the very least expand the AssetViewer role to include the ability to initiate a scan but not edit scan configuration.