Preconfigured roles
The following table lists the preconfigured roles you can assign to users in Application Security. The roles are listed in descending order of level of authority. For information about how to view the permissions associated with each preconfigured role, see Viewing permission information for Application Security roles.
| Role | Description |
|---|---|
Administrator | Has full access to the system and all results |
Security Lead | Security team member who can create application versions and users |
Manager | Responsible for guiding developers to work on results Managers cannot create applications but can grant or revoke access to their team members |
Developer | Developer responsible for producing security results and taking action to triage or remediate security issues |
View Only | Can view results, but cannot interfere with the issue triage or the remediation process. Example users: system automation account or temporary auditor |
Application Security Tester | Can perform tasks required to execute dynamic scan requests, including:
|
WebInspect Enterprise System | Can connect a Fortify WebInspect Enterprise instance to Application Security and retrieve issue audit information. This role is intended for use only by a WebInspect Enterprise instance. |
| ScanCentral SAST Controller | Can upload scans from Fortify ScanCentral SAST to Application Security on behalf of users who have permission to run scans but do not have the "Upload analysis results" permission. This role is intended for use only when configuring a ScanCentral SAST Controller. For more information, see the OpenText™ Fortify ScanCentral SAST Installation, Configuration, and Usage Guide. |
ScanCentral DAST Controller | This role is intended for use only when configuring a ScanCentral DAST Controller. For more information, see the OpenText™ ScanCentral DAST Configuration and Usage Guide. |
See Also