How do I manage roles in SSC

Question

How do I use the role-based access control provided by Fortify SSC?

Answer

Fortify SSC provides role-based access controls that can be set by anyone who has the administrator role or a custom role with the appropriate privileges. There are two axes for the access control - the permissions a user or group has and the applications that the user or group may access. For the most part, permissions are only granted for the applications and versions that the user is allowed to access.

The remainder of this technical note will look at how to set these two sets of permissions.

Roles

Fortify SSC roles are defined on the Administration pages. First select the “Administration” Menu at the top of the page:

Select Administration from top menu bar

The select the “Users” -> “Roles” item from the menu on the left side of the page:

Select Roles from side menu bar

This page contains a set of default roles that may be sufficient for your needs. Clicking on each role will show the permissions that are associated with each role.

If none of these roles meet your needs, you can create a custom role be selecting the “New” button in the upper right hand corner of the page. This will bring up a screen to define a new role:

Create new role screen

Give the role a name and a description of what it does or is for. Set the permissions for the role by selecting the “+ Add Permissions” button and select the desired permissions.

These permissions are on a per application/version basis unless they say otherwise.

If the role is intended to have these permissions SSC-wide, the “Universal access” checkbox under the role Name must be checked.

Adding Roles/Application Access to a User or Group

To assign a user a role and/or give the user access to one or more applications, go to the user administration page by selecting the appropriate user account type (LDAP or Local) from the menu on the left side:

Select Local user from side menu bar

Select the user whose access you want to change or create a new user as appropriate:

Screen to set user role

On the left, you can assign the user to one or more roles.

On the right, you can assign the applications that the user may access.

Unless the role is set to universal access, then the user’s permissions only apply to to the selected applications.

References

Fortify SSC User’s Guide