User account types

In addition to the administrator-level account used to administer user accounts, Application Security supports the following user account types, in descending order of level of authority:

  • Administrator—An Administrator has access to all application versions and can perform all actions in the system.
  • Security Lead—A Security Lead has access to all administrative operations except user account creation and editing. The Security Lead can create application versions and edit all aspects of the versions that they created or to which they are assigned.
  • Manager—A Manager has read-only access to most administrative data. Managers can create and edit all data for the application versions to which they are assigned.
  • Developer—A Developer has read-only access to some administrative data. Developers can create and edit a subset of data for the application versions to which they are assigned.

  • View-Only—A View-Only user can view general information and issues for application versions to which they have access. A View-Only user cannot upload analysis results or audit issues.

  • Application Security Tester—An Application Security Tester can perform operations that pertain to execution of dynamic scan requests. An Application Security Tester can view application versions, view and generate reports, process dynamic scans, upload results and audit issues.

  • WebInspect Enterprise System—Users assigned the Fortify WebInspect Enterprise System role can register and de-register an OpenText™ Fortify WebInspect Enterprise instance from Application Security and can retrieve issue audit information. This role is intended for Fortify WebInspect Enterprise use only.

  • ScanCentral SAST Controller—Users assigned the ScanCentral SAST Controller role can upload scans to Application Security using Fortify ScanCentral SAST on behalf of the users who have permission to run scans but do not have the "Upload analysis results" permission. This role is intended for use only when configuring a Fortify ScanCentral SAST Controller. For instructions on using this role in the Fortify ScanCentral SAST configuration, see the OpenText™ Fortify ScanCentral SAST Installation, Configuration, and Usage Guide.

See Also

User accounts and access

About Creating User Accounts

Unlocking local user accounts