Overview

This guide discusses how you can set up and use beSECURE Permissions, Account Profiles and Security Profiles to customize a user to fit your organization's needs.


Account Profile

The account profile defines the default rights assigned to a user who is assigned to this account type (which is basically like a rule set a new user inherits). There are two types of account profiles:

  • Reporting Users- Access to the scan data with only view rights of scanned reports. Reporting user Cannot access scan details, edit, create new scans or delete scans.
  • Scanning Users- ability to create, access to scan data, edit or delete scans. Scanning users should be the users who should administer the scans (set up, edit, delete).


Permissions

Provides an organization administrator the ability to give specific users account profiles access to objects (that is, scans, reports and views). This allows for flexibility within the system. Example, a user can be given ownership over one specific scan rather than all the scans from the organization. Another example would be to give ownership for a specific user

within a sub organization which he will be able to administrate.


There are three levels of permissions that are assigned to account profiles found on the permissions tab when viewing the account profile:

  • Owned by - Shows who is the owner of the object. Owner can assign users to objects and change settings.
  • Association – Will associate the object with an organization and by that the object will be visible fir the organization.
  • Ownership- Users who are given ownership over an account profile have the ability to edit profile permissions. Owners can add or remove user accounts and change profile settings (Contacts, Organizations, ISecs, Scans, Webscans, LLSes, Licenses, Logos, other Account Profiles, Security Profiles, and Credential Storage) to the account profile. Ownership has 11 tab options:
    • Accounts - Ability to see all their objects, edit account details and impersonate the user.
    • Contacts - User who owns a contact can set up a scan to send notifications and reports to that contact or group contact (G).
    • Organizations - Users can set up new scans to organization.
      Note:       If a user only owns an organization without having association then the user cannot see results of scans, they can only set up new scans to the organization. So, to see scan from that organization, give ownership of scan(s) to user or associate the user to the organization.
    • Scans - Once a user is given ownership of a scan it will show up in their scans list where they can view it and make changes to the scan (as long as they have ownership over the org and contacts as well). 
    • Webscans - A user can be assigned to individual web scans. For the user to be able to edit the webscan, the user must also have ownership over the organization and contact for the specific webscan.
    • LSS - Ownership over the LSS allows users to be able to set up scans to the scanner (LSS). This is important when a company is using multiple LLSes, choosing the correct LSS becomes very important,tant so the user needs to have ownership of the needed LSSes. 
    • Licenses - User can view the license consumption (remaining IPs) and expiration date. 
    • My logo - User can use the logo on reports for their scans (white labeling reports). 
    • Account profiles - User has access to the profile in their account and can make changes to the profile account permissions-add/remove object for the profile.
    • Security profiles - User has access the security profile and has the ability to edit password requirements.
    • Credential storage- user can use the stored credentials for authenticated scans on new or add to existing scans.

      Note: An account profile can be associated with one or more organizations, and can own multiple objects (accounts, scans, contacts, etc.) in the system. This grants users with that profile access to the specified objects. Every user who is owned by and assigned ownership of an account profile will see the objects that are associated with the account profile.


Creating and editing Account Profiles

By default, a scanning user and reporting user profile are preconfigured for you, and you have the ability to edit these profiles by adding/removing permissions from them. You also have the option to create additional reporting user account profiles. However, if you need an additional scanning user profile, contact technical support at support@beyondsecurity.com.


Creating an Account Profile

To create an account profile, do the following:

  1. Log in to beSECURE.
  2. In the upper-left corner of the Home page, select DevOps.
  3. Select Admin > Accounts > Account Profiles.
  4. Select the Newbutton.
  5. In the Profile Name box, enter a name.
  6. In the Account Type box, select Reporting user or Scanning user.
  7. Select Create. The new profile will appear on the Account Profile List page.


Editing permissions options for reporting users

The only permission you can assign to a reporting user is their association to an organization. Once associated, that user can then see data from that organization's scans. You can associate a user with more than one organization. Reporting users cannot view the settings of a scan, only the scan's results. Note: You cannot change the Account Type of an existing Account Profile from Reporting user to Scanning user, vice versa. If an Account Profile was configured incorrectly, you must delete it and then recreate it.


To change the permissions for a reporting user, do the following:

  1. Log in to beSECURE.
  2. In the upper-left corner of the Home page, select DevOps.
  3. Select Admin > Accounts > Account Profiles.
  4. On the Account Profile List page, select an account with the Reporting user Account Type.
  5. Select the Permissions tab.

Below is a breakdown of the options on the Permissions tab:

  • Owned By - You can set the owner of the object. The owner can assign users to objects and change settings. Select a user from the Available box to move it to the Assigned box.
  • Association(s) - You can only associate reporting users with organizations, which allows them to see the scan results for each organization. Select a user from the Available box to move it to the Assigned box. Select Top Level to view the search results and its hierarchy.


Editing permissions options for scanning users

Scanning users have the same association option as reporting users and in addition they have the option to have ownership over objects. Note: You cannot change the Account Type of an existing Account Profile from Reporting user to Scanning user, vice versa. If an Account Profile was configured incorrectly, you must delete it and then recreate it.


To change the permissions for a scanning user, do the following:

  1. Log in to beSECURE.
  2. In the upper-left corner of the Home page, select DevOps.
  3. Select Admin > Accounts > Account Profiles.
  4. On the Account Profile List page, select an account with the Scanning user Account Type.
  5. Select the Permissions tab.
  6. In addition to Association(s), you can edit Ownerships for Scanning users. Users who are given ownership over an Account Profile can edit profile permissions by adding or removing user accounts and changing profile settings. Select a user from the Available box to move it to the Assigned box.


Default permissions

The Default Permissions option makes any new objects created by a user available to other users or Account Profiles who are also assigned to the user creating the new objects. This includes new scans, organizations, and user accounts. This is for new objects only, so you must manually assign any existing objects using the permissions options for each object individually. This is beneficial when there is more than one user who creates scans where multiple users require access. If you do not enable this option, when a user configures a scan and does not manually give another user permission to it, the other users will not have access to that scan. 


To configure Default Permissions for new objects, do the following:

  1. Log in to beSECURE.
  2. In the top-right corner of the Home page, select your username > Account.
  3. Select the Default Permissions (for new objects) tab.
  4. Select a user from the Available box to move it to the Assigned box.
  5. Select Modify to save your changes.


Creating a Security Profile

A Security Profile is a set of rules you can assign to a specific user where the management administrator can define which Security Profile can be a Reporting user, a Scanning user or and Admin user.


To create a Security Profile, do the following:

  1. Log in to beSECURE.
  2. In the upper-left corner of the Home page, select DevOps.
  3. Select Admin > Accounts > Security Profiles.
  4. Select the Newbutton.
  5. Enter information in all required (*) boxes.
  6. For Owned By, select a user from the Available box to move it to the Assigned box.
  7. Select Create.