Users

Tripwire.io uses user accounts and roles to control access, and to manage the actions that each user can perform. Each user account is assigned one or more roles, which define specific actions that an account with that role can perform.

The Users page displays the current list of user accounts. Each account has one of four states:

  • Active means this user has activated their account.
  • External means that this account has been authenticated by an external AD/LDAP server, rather than by Tripwire.io. For more information, see Integrating with Active Directory Federation Services (ADFS).
  • Pending Activation means the account has been created, but has not been activated from an email link.
  • Suspended means that the account has been suspended, and cannot log in until it is unsuspended.

Note:  

In order to access the Users page, your user account must have the CustomerAdmin role.
  1. Navigate to Settings > User Management and select the Users tab.
  2. Click NEW USER and complete the form:
    • First Name, Last Name, and Email are required. Each user account must have a different email address.
    • Roles define actions that this user account is allowed to perform. Select one or more roles from the dropdown menu. See User Role Descriptions for more information.
    • Groups can also be used to assign roles to user accounts. Select one or more user groups from the dropdown menu. See User Groups for more information.

    After selecting Roles and Groups, the list of Effective Roles for the new user account is displayed. Effective Roles are the sum of roles applied to a user account directly, plus any roles assigned based on group membership.

  3. Click Save to create the new user account.

After an account is created, Tripwire.io sends an activation email to the associated email address. The user must activate the account using a link in the email before logging in for the first time. If necessary, an administrator can resend the activation email.

  1. Navigate to Settings > User Management and select the Users tab.
  2. Select one or more user accounts and select one of the following:
    • Edit: You can only edit one user account at a time, and only the account's name and assigned roles can be changed.
    • Resend Activation: Re-send an activation email to the email address associated with the account.
    • Delete: Permanently delete one or more accounts. This operation cannot be undone.
  1. Navigate to Settings > User Management and select the Users tab.
  2. Select one or more user accounts and click one of these buttons:
    • Suspend/Unsuspend: Prevent a user from logging in, or restore access. A user with a suspended user account cannot log in. If the user is logged in when their account is suspended, they will be logged out 15 minutes later.
    • Reset Password: Force a user to reset their password the next time they log in.
    • Unlock: Immediately unlock a user who is locked out because of three unsuccessful login attempts.

User Role Descriptions

Common Roles

Role Name

Description

AssetAdmin

A user with this role can access the Environment > Assets page to:

  • assign Tags to Assets
  • reconcile Assets
  • purge TSA data for Assets
  • delete Assets
  • view, sort, and filter Assets

AssetUser

A user with this role can access the Environment > Assets page to:

  • view, sort, and filter Assets

CustomerAdmin

A user with this role can access the Settings > User Management page to:

  • create and modify users

DataAdapterAdmin

A user with this role can access the Settings > Data Sources page to add new Data Sources.

TagAdmin

A user with this role can access the Environment > Tags page to:

  • create new Tags or Tag Sets
  • edit, duplicate, and delete Tags or Tag Sets
  • view, sort, and filter Tags and Tag Sets

TagUser

A user with this role can:

  • View, sort, and filter Tags and Tag Sets

Configuration Manager Roles

Role Name

Description

CMAAdmin

A user with this role can access the Cloud dashboard to:

  • view, create, and modify any object in the dashboard (schedules, responses, waivers, etc.)

A user with this role can access the Cloud Accounts page to:

  • view, create, edit and delete Cloud Accounts

A user with this role can access the Event Logs page to:

  • export event logs
  • view, sort, and filter event logs

CMAAssessmentAdmin

A user with this role has all of the permissions of the CMAAdmin role, except for:

  • viewing, creating, and modifying Responses (on the Responses tab of the Cloud dashboard)

CMAResponseAdmin

A user with this role can access the Responses tab of the Cloud dashboard to:

  • view, create, and modify Responses

CMAUser

A user with this role can access the Cloud dashboard to:

  • view any object in the dashboard (schedules, responses, waivers, etc.)

A user with this role can access the Cloud Accounts page to:

  • view Cloud Accounts

A user with this role can access the Event Logs page to:

  • view, sort, and filter event logs

Connect Roles

Role Name

Description

ConnectAdmin

A user with this role can access the Reporting page to:

  • view, create, and modify any object
  • run or modify Scan on Demand scans
  • search the Connect Indexes

ConnectSCMUser

A user with this role can access the Connect SCM User Dashboards.

ConnectUser

A user with this role can access the Reporting page to:

  • view any object

ConnectVMUser

A user with this role can access the Connect VM User Dashboards.

Tripwire State Analyzer Roles

Role Name

Description

SupervisorAdmin

A user with this role can access the Settings > Data Sources page to add new TSA Data Sources. 

TSAAdmin

A user with this role can perform any action on any of these pages:

  • State Analyzer > Allowed Items
  • State Analyzer > Allowlist Assessments
  • State Analyzer > Allowlist Settings
  • Event Logs

TSAUser

A user with this role can view everything on any of these pages:

  • State Analyzer > Allowed Items
  • State Analyzer > Allowlist Assessments
  • State Analyzer > Allowlist Settings
  • Event Logs

TSAAllowlistAdmin

A user with this role can access the State Analyzer > Allowed Items page to:

  • create new Allowed Items
  • modify existing Allowed Items
  • view change history of Allowed Items
  • import/export Allowed Items
  • view, sort, and filter Allowed Items

TSAAllowlistUser

A user with this role can access the State Analyzer > Allowed Items page to:

  • view, sort, and filter Allowed Items

TSAAllowlistAssessmentAdmin

A user with this role can access the State Analyzer > Allowlist Assessments page to:

  • create new Assessments
  • modify existing Assessments
  • export Assessments
  • view, sort, and filter Assessments

TSAAllowlistAssessmentUser

A user with this role can access the State Analyzer > Allowlist Assessments page to:

  • view, sort, and filter Assessments

TSAAllowlistSettingAdmin

A user with this role can access the State Analyzer > Allowlist Settings page to:

TSAAllowlistSettingUser

A user with this role can access the State Analyzer > Allowlist Settings page to:

  • view all Settings tabs

TSAEventLogAdmin

A user with this role can access the Event Logs page to:

  • export event logs
  • view, sort, and filter event logs

TSAEventLogUser

A user with this role can access the Event Logs page to:

  • view, sort, and filter event logs