Skip to main content
Mitratech Success Center

Findings Module Security

Assignments are additive

If User has access to a finding by at least one rule - User is able to see the Finding.

If User has access to a finding with some Role by at least one rule - User is able to do all operations with the Finding which the Role allows.

 

Terminology

CONFIDENTIAL Finding is a finding with Confidential option enabled

NON-CONFIDENTIAL Finding is a finding with Confidential option disabled

 

Custom Assignments

Applicable to: a Finding with Custom Assignments (including CONFIDENTIAL Findings).

Access granted to:

  1. Users that are selected in Finding page / Assignments tab
    • with roles from Admin / Users / Edit dialog
  2. Members of User Groups that are selected in Finding page / Assignments tab
    • with roles from Add Assignment dialog - if Consider Roles option of User Group is enabled
    • with roles from Admin / Users / Edit dialog - if Consider Roles option of User Group is disabled

 

Company Defaults

Applicable to: NON-CONFIDENTIAL Findings

Access granted to:

  1. Users that are selected in Admin / User Groups / Default User Groups page / Default Finding Assignments section
    • with roles from Admin / Users / Edit dialog
  2. Members of User Groups that are selected in Admin / User Groups / Default User Groups page / Default Finding Assignments section
    • with roles from Add Assignment dialog - if Consider Roles option of User Group is enabled
    • with roles from Admin / Users / Edit dialog - if Consider Roles option of User Group is disabled

 

Inherited from Org Unit/Entity Pair

Applicable to: NON-CONFIDENTIAL Findings with selected Org Unit or Entity

Access granted to:

  1. Users that are given access to Finding's Org Unit / Entity pair
    • with roles from Admin / Users / Edit Assignments page that meet Role-Requirements
  2. Members of User Groups that are given access to Finding's Org Unit / Entity pair
    • with roles from Admin / User Groups / Edit Assignments page that meet Role-Requirements - if Consider Roles option of User Group is enabled
    • with roles from Admin / Users / Edit dialog that meet Role-Requirements - if Consider Roles option of User Group is disabled

Role-Requirements:

  • Finding Category of Finding must be selected for Role on Admin / Roles / Edit page / Finding Permissions section / Category Restrictions popup

this role-requirement is applied only for Findings with Finding Category selected

Note: If User or User Group is assigned to Finding's Org Unit / Entity pair, but Role-Requirements are not met - user does not have access to the Finding

 

Owner

Applicable to: NON-CONFIDENTIAL Findings

Access granted to:

  1. User that created the Finding
    • with roles that user has against Finding's Org Unit / Entity pair (including assignments of User Groups the user is member of)

Note: If User is not assigned to Finding's Org Unit / Entity pair - user does not have access to the Finding

 

Confidential

Applicable to: CONFIDENTIAL Findings

Access granted to:

  1. Users selected in Edit Finding popup / Select Confidential Users popup
    • with roles from Admin / Users / Edit dialog

 

  • Was this article helpful?