Note: you must be an org admin in order to conduct the actions in this article.
Nucleus allows for Role Based Access Control within each project so that you can define who has access to what functionality in the application and control what they can do in each project.
Nucleus has 4 built-in roles, which should serve the vast majority of organizations:
- Organization Admin: This is the user who has full rights to the organization, and is the only user which can do full user management for the organization.
- Project Admin: This user role is defined on a per-project basis by an org admin, and has full rights within their project, such as user management and all editing of findings, connector creation etc.
- General User: This role is assigned on a per-project basis, and the majority of users within Nucleus should be assigned this role. This allows for full functionality of the app, minus the user management. This role is intended for the practitioners to do their job and to take advantage of the full Nucleus feature set
- Auditor: This role is assigned on a per-project basis, and is a read-only role intended for users who need to see information contained within Nucleus but should not be able to make any changes to the data in Nucleus. Common use cases for this role include report generation and vulnerability trend analysis.
If one of these roles is going to work for you, we recommend skipping the rest of this document & moving on to Invite Users to Nucleus page to get your users onboarded to Nucleus quickly.
Custom Roles
You can also define your own custom roles within Nucleus, which allows you to define custom permission sets based on your organization's needs. You can name these roles whatever you want, as long as they do not overlap with the above 4 role names.
To create a custom role, you can do the following:
OPTION 1 - Create role from scratch
1. An Org Admin should navigate to Global Administration > Roles
2. Click Add Role along the top navigation bar
3. Enter the following information and click Save
- Name: This is what the name of the role will be displayed as in Nucleus
- Description: This is an optional field which allows you to enter a description of the role so other admins know what the role is intended to do
- Default Role: Check this box to make it the default role for the organization. (IE all users added to projects will have this role pre-populated)
- Permissions: Check the boxes of the permissions that you would like the role to have. NOTE: all edit permissions will allow for read access as well.
You now have a custom role which you can assign to users!
OPTION 2 - Clone from existing role permissions
1. An Org Admin should navigate to Global Administration > Roles
2. Look in the list for a role which is closest to the role you want to create, and click Clone
3. This will pop up the same window as in OPTION 1, but with the permissions pre-populated based on that role, so you can do less clicky clicky when assigning permissions.
4. Enter the same information as in OPTION 1, and click Save.
This option is best when you want to create a role which is very similar to the built-in roles, but maybe want to give one less permission to your project admin, for example.
Now you have created the roles you want to use in Nucleus, it is time to invite users to Nucleus!
Comments
0 comments
Please sign in to leave a comment.