Working with system roles
Each user role has permissions to perform certain actions in Kaspersky Container Security. Actions are selected for the following solution functionality:
- Resources (including managing clusters and images from registries, object scan results, and benchmark compliance checks).
- Components (managing agents and getting information about the state of core components of Kaspersky Container Security).
- Policies (including all kinds of security policies, the File Threat Protection component, and risk acceptance for identified threats).
- Integrations (with all third-party resources supported by Kaspersky Container Security).
- Access management (creating and managing users, user roles, and scopes).
- Administration (including the management of licensing parameters, the event list, and reports).
For each action, you can choose one of the following access permission options:
- No access.
- View.
- View and manage.
- View and run rescan.
Together, actions with certain permissions form permission sets. Permission sets for system roles are created in advance and become available after the initial installation of the solution. The table below lists the main actions that are available to users with system roles in the Kaspersky Container Security web interface after installation.
System user roles and their available actions
|
Action |
Access Administrator |
Information Security Administrator |
Information Security Auditor |
Information Security Officer |
Developer |
|---|---|---|---|---|---|
|
View image scan results |
|
|
|
|
|
|
Manually start scanning images |
|
|
|
|
|
|
Manage risks (accept a risk, edit a risk and cancel risk acceptance) |
|
|
|
|
|
|
View accepted risks |
|
|
|
|
|
|
View clusters |
|
|
|
|
|
|
Manage clusters |
|
|
|
|
|
|
View registries |
|
|
|
|
|
|
Manage registries |
|
|
|
|
|
|
View CI/CD scan results |
|
|
|
|
|
|
Manage CI/CD scanning |
|
|
|
|
|
|
View and manage agents |
|
|
|
|
|
|
View benchmark compliance check results |
|
|
|
|
|
|
Start benchmark compliance check |
|
|
|
|
|
|
View scanner policies |
|
|
|
|
|
|
Manage scanner policies |
|
|
|
|
|
|
View assurance policies |
|
|
|
|
|
|
Manage assurance policies |
|
|
|
|
|
|
View response policies |
|
|
|
|
|
|
Manage response policies |
|
|
|
|
|
|
View runtime policies |
|
|
|
|
|
|
Manage runtime policies |
|
|
|
|
|
|
View the File Threat Protection settings |
|
|
|
|
|
|
Manage the File Threat Protection settings |
|
|
|
|
|
|
View the list of users |
|
|
|
|
|
|
Manage users |
|
|
|
|
|
|
View roles and permission sets |
|
|
|
|
|
|
Manage roles and permission sets |
|
|
|
|
|
|
View scopes |
|
|
|
|
|
|
Manage scopes |
|
|
|
|
|
|
View the default scope |
|
|
|
|
|
|
Manage the default scope |
|
|
|
|
|
|
View the event log |
|
|
|
|
|
|
Viewing license information |
|
|
|
|
|
|
Manage licensing settings |
|
|
|
|
|
|
View image registry integrations |
|
|
|
|
|
|
View image registry integrations |
|
|
|
|
|
|
View integrations with image signature validators |
|
|
|
|
|
|
Manage integrations with image signature validators |
|
|
|
|
|
|
View integrations with notification systems |
|
|
|
|
|
|
Manage integrations with notification systems |
|
|
|
|
|
|
View reports |
|
|
|
|
|
|
Manage reports |
|
|
|
|
|
|
View and manage integration with LDAP server |
|
|
|
|
|
|
View information about the state of the core components |
|
|
|
|
|
The permission sets of user roles depend on your specific needs and can be configured individually.
Page top