Custom Group Permissions

When creating or editing a user account, you can customize a user's group permissions.

Your selection in the Group field assigns the user to a group.
Your selections in the Group Permissions section grant the user resource (user and object) permissions in their assigned group and other groups.

For more information about organizations and groups, see Organizations and Groups.

In the Group Permissions section, the Manage All Users and Manage All Objects sliders enable or disable all of the settings in the User Permission and Object Permission columns, respectively. By default, the system enables all permissions for all groups. You can clear the check boxes in each group row to restrict the user's ability to perform the following actions on the resources within a group.

Resources Controlled by Manage Users/User Permissions	Resources Controlled by Manage Objects/Object Permissions
Users (edit and delete) Groups (edit and delete)	Reports (launch, stop, copy, delete, and sometimes edit) Note: A user can only edit reports within their assigned group, even if you grant them Object Permissions for another group. Report results (publish, email, copy, and delete) Report images (delete) Report attributes (delete) Scan results (launch, import, copy, send to report, stop, pause, and delete) Policies (edit, copy, and delete) Assets (edit, share, and delete) Alerts (edit and delete) Audit files (edit, share, and delete) Credentials (edit, share, and delete) Tickets (edit, resolve, and close) Risk rules (delete) Queries (edit, share, and delete) ARCs (edit, share, copy, and delete) Dashboards (edit, share, copy, and delete)

Resources Controlled by Manage Users/User Permissions

Resources Controlled by Manage Objects/Object Permissions

Users (edit and delete)
Groups (edit and delete)

Reports (launch, stop, copy, delete, and sometimes edit)

Note: A user can only edit reports within their assigned group, even if you grant them Object Permissions for another group.
Report results (publish, email, copy, and delete)
Report images (delete)
Report attributes (delete)
Scan results (launch, import, copy, send to report, stop, pause, and delete)
Policies (edit, copy, and delete)
Assets (edit, share, and delete)
Alerts (edit and delete)
Audit files (edit, share, and delete)
Credentials (edit, share, and delete)
Tickets (edit, resolve, and close)
Risk rules (delete)
Queries (edit, share, and delete)
ARCs (edit, share, copy, and delete)
Dashboards (edit, share, copy, and delete)

Examples

Consider the following examples for a user assigned to Group1.

Control Permissions to Resources in the User's Assigned Group

If you select the User Permissions and/or Object Permissions check boxes in the Group1 row, the user can perform actions for all resources in Group1, including the resources owned by other users.
If you clear the User Permissions and/or Object Permissions check boxes in the Group1 row, the user cannot perform actions on resources owned by other users in Group1.

Control Permissions to Resources in Other Groups

If you select the User Permissions and/or Object Permissions check boxes in the Group2 row, the user can perform actions for all resources in Group2, including the resources owned by other users.
Note: Although the user receives many permissions for resources in Group2, the user cannot edit reports owned by Group2 users. Users must be assigned to Group2 and have Object Permissions selected in order to edit reports, active scans, and agent scans.
If you clear the User Permissions and/or Object Permissions check boxes in the Group2 row, the user cannot perform actions on resources owned by other users in Group2.