Default Security Compliance Management roles

There are three default roles provided for Security Compliance Management users. Each role is assigned different permissions and has a different view of the Security Compliance Management console, meaning that some options in Security Compliance Management are greyed out or unavailable for users with certain roles.

The following table explains the permissions included by default for each role:

Category Action Security Compliance Management Role
comply-admin comply-operator comply-viewer
Dashboard View compliance dashboard
Node Results View node results list
Export node results data to CSV  
View node detail
Rule Detail View rule detail
Create an exception  
Scan Reports View scans list
View scan report
View scan report: rule performance
View scan report: node performance
Run an ad hoc scan  
Generated Reports View the list of exported data
Download exported data
Inventory View inventory list
Update desired compliance (in bulk and individually)  
Scan Schedules View scan schedules list
Create a scan schedule  
View a scan schedule detail
Edit a scan schedule  
Manage the nodes linked to a scan schedule  
Pause, end, restart a scan schedule  
Delete a scan schedule  
Custom Profiles Create a custom profile  
View custom profiles list
View custom profile details
Create a custom profile  
Edit a custom profile  
Delete a custom profile  
Export custom profiles to csv  
Exceptions View exceptions list
View exceptions detail
Create an exception  
Edit an exception  
Resolve an exception (one, many, all nodes)  
Delete an exception  
Activity Feed View activity feed scans tab  
View activity feed assessor upgrade tab  
View activity feed assessor upgrade summary page  
License View license page    
Sync license    
Settings View settings page    
Edit settings page (refresh data, remove/add PE)    
Upgrade See alert advising there is an upgrade available