Vulnerability Response roles support - allowing group managers to see VULs assigned to their groups

samanthaslu
Tera Contributor

I've noticed that assignment group managers are unable to see VULs that are assigned to groups they manage... 

 

In instances where a group manager is not explicitly included as a member of the group (i.e. the manager of the group is listed under the group "Manager" field, but they are not listed in the "Group Members" of the group), they cannot see the VULs assigned to the groups they manage. The managers, as well as the group members, have the remediation_owner role. When the group members go to the "Assigned to my Groups" view, they are able to see VULs assigned to their group, but the group Manager does not see those same VULs even though we would want them to. 

 

I don't want to provide the read_all role to the managers, so how else can I allow them to see the VULs for the groups they manage? 

 

And just an example to provide more clarity. Let's say Bob is listed in the group "Manager" field for the IT group. However, Bob is not listed as a group member in the IT group. I want Bob to be able to see all the VULs assigned to the IT group, since he manages it.

 

Would really appreciate some help with this.

0 REPLIES 0