Roles

Roles define actions that a user account is allowed to perform. In Tripwire.io, there are two types of Roles:

Global Roles define actions that a user account is allowed to perform on all Assets. Global Roles are created by Tripwire.io, and cannot be changed or edited by users. See Global Role Descriptions for more details.
Custom Roles define actions that a user account is allowed to perform on specific resources (Assets Tags, Data Sources, etc). Custom Roles can be created or edited by users.

Each user account can have multiple Global and/or Custom Roles. In addition, you can assign Roles to user accounts with User Groups.

Note:	You should always assign a user account the AllowlistAdmin, AssessmentAdmin, and AllowlistSettingsAdmin Custom Roles for the same Allowlist Type.

You can mix Global and Custom roles for the same user account. For example:

To enable a user to administer only the Open Ports Allowlist, but all asset and tag types, assign:
TSAAdmin-OpenPort (custom), AssetAdmin (global), TagAdmin (global).
To enable a user to administer only the Open Ports Allowlist, and only for Windows Assets:
TSAAdmin-OpenPort (custom), AssetAdmin-Windows (custom), TagAdmin-Windows (custom)
To enable a user to administer all Allowlist types, but only Windows Assets:
TSAAdmin (global), AssetAdmin-Windows (custom), TagAdmin-Windows (custom)

To create a Custom Role

Navigate to Settings > User Management and select the Roles tab.
Click NEW CUSTOM ACCESS ROLE and complete the form:
- Use the Role Name and an optional Description to identify the Custom Role.
- Select a Global Access Role as the basis of this Custom Role. A user will have this Role for the Resources specified below.
- Select one or more Resources for the Custom Role. The Resources displayed will vary based on the Global Access Role selected.
  Tip:
  You can see a complete list of Resources on the Resources tab of the User Management page.
Click Save to create the new Custom Role.

Tip:	You can see a complete list of Resources on the Resources tab of the User Management page.

To edit a Custom Role

Navigate to Settings > User Management and select the Roles tab.
Select the Custom Role you want to edit and click Edit.
Note:
You can only edit Custom Roles (Type = Custom). Global Roles cannot be edited or deleted.
Make the desired edits and click Save.

Note:	You can only edit Custom Roles (Type = Custom). Global Roles cannot be edited or deleted.

To delete a Custom Role

Navigate to Settings > User Management and select the Roles tab.
Select the Custom Roles you want to delete and click Delete.
Note:
You can only edit Custom Roles (Type = Custom). Global Roles cannot be edited or deleted.

Note:	You can only edit Custom Roles (Type = Custom). Global Roles cannot be edited or deleted.

Global Role Descriptions

Common Roles

Role Name	Description
AssetAdmin	A user with this role can access the Environment > Assets page to: assign Tags to Assets reconcile Assets purge TSA data for Assets delete Assets view, sort, and filter Assets
AssetUser	A user with this role can access the Environment > Assets page to: view, sort, and filter Assets
CustomerAdmin	A user with this role can access the Settings > User Management page to: create and modify users
DataAdapterAdmin	A user with this role can access the Settings > Data Sources page to add new Data Sources.
TagAdmin	A user with this role can access the Environment > Tags page to: create new Tags or Tag Sets edit, duplicate, and delete Tags or Tag Sets view, sort, and filter Tags and Tag Sets
TagUser	A user with this role can: View, sort, and filter Tags and Tag Sets

Configuration Manager Roles

Role Name	Description
CMAAdmin	A user with this role can access the Cloud dashboard to: view, create, and modify any object in the dashboard (schedules, responses, waivers, etc.) A user with this role can access the Cloud Accounts page to: view, create, edit and delete Cloud Accounts A user with this role can access the Event Logs page to: export event logs view, sort, and filter event logs
CMAAssessmentAdmin	A user with this role has all of the permissions of the CMAAdmin role, except for: viewing, creating, and modifying Responses (on the Responses tab of the Cloud dashboard)
CMAResponseAdmin	A user with this role can access the Responses tab of the Cloud dashboard to: view, create, and modify Responses
CMAUser	A user with this role can access the Cloud dashboard to: view any object in the dashboard (schedules, responses, waivers, etc.) A user with this role can access the Cloud Accounts page to: view Cloud Accounts A user with this role can access the Event Logs page to: view, sort, and filter event logs

Connect Roles

Role Name	Description
ConnectAdmin	A user with this role can access the Reporting page to: view, create, and modify any object run or modify Scan on Demand scans search the Connect Indexes
ConnectSCMUser	A user with this role can access the Connect SCM User Dashboards.
ConnectUser	A user with this role can access the Reporting page to: view any object
ConnectVMUser	A user with this role can access the Connect VM User Dashboards.

Tripwire State Analyzer Roles

Role Name	Description
SupervisorAdmin	A user with this role can access the Settings > Data Sources page to add new TSA Data Sources.
TSAAdmin	A user with this role can perform any action on any of these pages: State Analyzer > Allowed Items State Analyzer > Allowlist Assessments State Analyzer > Allowlist Settings Event Logs
TSAUser	A user with this role can view everything on any of these pages: State Analyzer > Allowed Items State Analyzer > Allowlist Assessments State Analyzer > Allowlist Settings Event Logs
TSAAllowlistAdmin	A user with this role can access the State Analyzer > Allowed Items page to: create new Allowed Items modify existing Allowed Items view change history of Allowed Items import/export Allowed Items view, sort, and filter Allowed Items
TSAAllowlistUser	A user with this role can access the State Analyzer > Allowed Items page to: view, sort, and filter Allowed Items
TSAAllowlistAssessmentAdmin	A user with this role can access the State Analyzer > Allowlist Assessments page to: create new Assessments modify existing Assessments export Assessments view, sort, and filter Assessments
TSAAllowlistAssessmentUser	A user with this role can access the State Analyzer > Allowlist Assessments page to: view, sort, and filter Assessments
TSAAllowlistSettingAdmin	A user with this role can access the State Analyzer > Allowlist Settings page to: import and export files edit Display Types and Preferences create User-Defined Attributes modify existing Attributes view all Settings tabs
TSAAllowlistSettingUser	A user with this role can access the State Analyzer > Allowlist Settings page to: view all Settings tabs
TSAEventLogAdmin	A user with this role can access the Event Logs page to: export event logs view, sort, and filter event logs
TSAEventLogUser	A user with this role can access the Event Logs page to: view, sort, and filter event logs