Managing Roles
Creating New Roles
To create new roles, perform the following steps:
Click Create Role
Name the role and click Create
Write the role's Description (Optional). You should include the purpose for which you created the role.
Expand the Role Mapping section.
Add roles (Composite and/or Actions) by clicking the relevant Add buttons.
Click Save. The new composite role is added to the composite roles list.
The following table lists the roles in Checkmarx One, along with their respective permissions:
Roles | Related Activity | Description |
|---|---|---|
create-application | Application | Create an application |
delete-application | Applications | Delete an application |
update-application | Application | Update an application |
view-applications | Application | View applications |
view-engines | Engines | View engines |
create-project | Project | Create a project |
delete-project | Project | Delete a project |
update-project | Project | Update a project |
view-projects | Project | View projects |
create-query | Query | Create a query |
delete-query | Query | Delete a query |
update-query | Query | Update a query |
view-queries | Query | View queries |
update-result | Results | Update results |
update-result-not-exploitable | Results | Update results state to Not exploitable |
view-results | Results | View results |
create-scan | Scan | Initiate a scan |
delete-scan | Scan | Delete a scan |
update-scan | Scan | Cancel a scan |
view-scans | Scan | View scans |
dast-admin | Environment | Manage environments and scans, update results, and execute other actions in DAST. |
dast-update-scan | Environment | The user can update a scan's properties in DAST. |
dast-update-results | Environment | The user can update results in DAST (severity, comments, etc.) |
dast-create-scan | Environment | The user can create a new scan in DAST. |
dast-delete-scan | Environment | The user can delete a scan in DAST. |
dast-update-environment | Environment | The user can update an environment in DAST. |
dast-create-environment | Environment | The user can create a new environment in DAST. |
dast-external-scans | Environment | CI/CD user for executing actions related to External Workers. |
dast-delete-environment | Environment | The user can delete an environment in DAST. |
dast-cancel-scan | Environment | The user can cancel a scan in DAST. |
view-codebashing | Results | The user can view Codebashing links in the SAST results viewer, as long as a dedicated Codebashing lesson exists for the specific vulnerability and programming language. |
IAM Roles
IAM roles are related to the actions available in the User and Access Management console.
The following table lists the action roles that are provided for Checkmarx One, along with their respective permissions:
Checkmarx One IAM Roles | Permissions |
|---|---|
iam-admin |
|
manage-clients | Manage O-Auth clients |
manage-keys | View, create, edit, and delete API keys |
manage-groups | Manages groups in the system |
manage-users | Manages the users in the system |