Vulnerability Response Dashboard rights

William Froger · ‎08-17-2022

Hi there !

I'm currently working on vulnerability response and I'm trying to share dashboard with some members of the IT security team.

I've set up an ACL to partition our data and this ACL allows users to see only vulnerable items which are assigned to them.

To make a long story short, management now needs to be able to see all the data from Vulnerability Response making the ACL useless.

Anyway I thought the role "sn_vul_read_all" could have been the answer to my trouble but it didn't.

In fact, even though I've shared dashboards with users who have been granted this role, they can't display the dashboard.

Do the ACL override the "sn_vul_read_all" role ?

Is there an OOT role which has just the right to read all data from VR but without any writing permission ?

Hope this is clear 🙂

Cheers 🙂

Chris McDevitt · ‎08-17-2022

Hi,

Can you share a screenshot? Can they not access the entire Dashboard or just a Widget on the Dashboard? If it is just a Widget that they can't see, is it a Repor or a PA Widget?

Rahul Popli1 · ‎08-18-2022

Is the issue with visibility of Dashboard or Vulnerable Items? For VITs there is an OOB ACL that allows read access to read_all role (ACL sys_id 018552f1ff10020023c7fffffffffff7). As long as this ACL is active in your instance, users with this role should be able to view VITs.

Similarly if Dashboard and Reports are shared with this role (sn_vul.read_all), they should be able to see it.

If it still doesn't work after above checks have been made, please share the screenshot of issue.

William Froger · ‎08-25-2022

Hello Rahul, Chris,

Thanks to both of you for your answer.

I've been investigating this "case" and I have found the root cause.

This issue is caused by a too restrictive ACL I've set up. I need to use "sn_vul_read.assigned" and "sn_vul_write.assigned"

OOTB roles are too permissive in our professionnal context so I can't use Remediation Owner OOTB persona.

Regards