Managing Your DigitSec Users
DigitSec allows you to include as many users in your subscription as you like. There is
no additional cost for everyone on your team to have access. Giving everyone access to
understanding the security posture of your organization's Salesforce security can be very
powerful. It allows Executives and Managers to understand how to prioritize their resources, it
allows Developers to focus on potential vulnerabilities in their code, and it allows Administrators
to lock down critical settings.
DigitSec Users are managed in two different tiers, the Environment Tier and the Workspace
Tier.
To access User Management at the Environment Tier use the top bar navigation to click on "Setup" and then use the sub-tab navigation to choose Users.
Environment Tier
The default roles that exist with DigitSec at the Environment Tier are Admin, Environment
Manager, Environment User, and Environment User-Read Only.
Admin(istrator) users have complete control over the system and have direct access to all Workspaces. Environment Managers can add new Workspaces, but they do not have access to the “Configure” or “Setup” sections which govern global integrations/settings and users, respectively.
Environment Managers, Environment Users, and Environment Users Read-Only are offered mainly as references as they are all restricted in terms of requiring explicit Workspace assignment, cannot manage configurations or settings at the global level. Each of these roles, except for Environment User Read-Only can create new Workspaces to which they will automatically be given access and will be considered as the Owner.
An Environment User Read-Only can only review data to which they are given access, they cannot initiate scans, make changes to workspaces or add comments to findings. They are the only group that cannot create new Workspaces
Workspace Tier
Once a user has been assigned to an Environment Role, they can be assigned access on a per Workspace basis. Click on the blue + button (diagonal arrow) to create a new access permission. Use the Workspace Selector and the Role Selector buttons to create the access pairing desired. Remember to scroll (horizontal arrow) to the bottom of the modal window and use the blue Submit button to create the assignments.
By default, there are three different user roles: Workspace Manager, Workspace User and
Workspace User Read-Only.
Workspace Managers can add/remove existing Environment Managers, Users or Users Read
Only to/from a Workspace. Workspace Users cannot manage access to a Workspace.
Workspace Users and Managers are able to initiate scans, rename or tag scans, change
severity or finding assignments, and make findings comments.
Environment Users that create a Workspace will be automatically given a Workspace Manager
role.
Active/Deleted Users
The default display for the Users tab is for "Active Users". These are users that have a current and valid user access to the environment and to specific workspaces.
The first column displays the user and their latest login; the second column shows their Environment Role; the third column display their workspace assignment count. The function menu allows you to Delete a User, Reset Their Password or Edit their Role and Assignments.
You can use the download icon (arrow pointing down to a bar) that appears below the Add+ buttons to download a current report of Users that includes their Workspace:Role assignments.
Admin users can switch from the Active Users display to the Deleted Users display. There columns on this screen also indicate who deleted the user and when it happened. The function menu allows you to read the Workspace:Role Assignments or to Restore the User to Active Status.
The download icon on this page also shows a report of users that previously had access and their Workspace:Role Assignments.
Custom Roles
You can create custom Roles at either the Environment or Workspace Tier to meet your needs.
Use the “+Add Roles” button on the Users Management screen to bring up the Add Role modal
dialog.
You can enter a custom name within the Role Name input field (horizontal arrow), select a scope of
Environment or Workspace with the Role Type selector, and then add Permissions as needed.
Each Permission Object corresponds to a component of functionality at the corresponding level (diagonal arrow). A permission is either READ or WRITE (WRITE privileges are inclusive of READ privileges). See the following table to see the tier-object relationship.
Environment Permission | Workspace Permission |
|
|
Once a new Custom Role has been created, it will be available in the appropriate Role Selector
menu in the User Management Detail Modal dialog.