so when user1a scans something user1b and user1c will have access to all of these results. But user2a,user2b,user2c will not have access.
At the moment we provide only one Team means, when we would give users access to netsparker UI, they will see all results .
Wanted
Every project user should only see its own project results.
Obstacles
One thought solution was to define a team for every sechub project and give access to users
inside this team only.
Unfortunately netsparker users must all have unique email adresses and we got a 1:1 mapping between team admin and users, means when we got a user which is in project1 and project2 we could not manage this situation - except when we add two different email addresses (means accounts) to same person! So a solution by just setting up for netsparker teams for each sechub project will not work!
Solution
Netsparker provides a mechanism called "website groups". Inside these groups you can give explicit permissions. Having a website group defined those scans are no longer visible for all users but only dedicated ones.
Example:
user1a (=Team1 = Team1 admin)
|_user1b
|_user1c
|_website-group1 (contains. test1.example.com)
|_assign user1b to this group
|_website-group2 (contains. test2.example.com)
|_assign user2b to this group
In the example before user2b has only access t o scans fortest2.example.com.
So this solves our problem and we have no
Consequences
If you need to separate results because of need of multi tenancy you are currently forced
to create website groups (manual) and add users to these website groups (manual)
Situation
Netsparker has (currently) following permission model:
so when user1a scans something user1b and user1c will have access to all of these results. But user2a,user2b,user2c will not have access.
At the moment we provide only one Team means, when we would give users access to netsparker UI, they will see all results .
Wanted
Every project user should only see its own project results.
Obstacles
One thought solution was to define a team for every sechub project and give access to users inside this team only.
Unfortunately netsparker users must all have unique email adresses and we got a 1:1 mapping between team admin and users, means when we got a user which is in project1 and project2 we could not manage this situation - except when we add two different email addresses (means accounts) to same person! So a solution by just setting up for netsparker teams for each sechub project will not work!
Solution
Netsparker provides a mechanism called "website groups". Inside these groups you can give explicit permissions. Having a website group defined those scans are no longer visible for all users but only dedicated ones.
Example:
In the example before
user2b
has only access t o scans fortest2.example.com
.So this solves our problem and we have no
Consequences