Home
Administration
Define users, applications, policies, and configure DevOps integrations.
Users
User management allows you to control access to sensitive applications by assigning them to asset groups and then adding specific users to those groups.
User roles
Users are assigned to asset groups by an administrator. Predefined user roles cannot be deleted.
Defining custom user roles
A custom role is a set of permissions that are applied to a user so that they can perform certain administrative tasks.

Getting started
Welcome to the documentation for HCL AppScan 360°, where you can find information about how to install, maintain, and use this service.
Installation
Administration
Define users, applications, policies, and configure DevOps integrations.
- Users
  User management allows you to control access to sensitive applications by assigning them to asset groups and then adding specific users to those groups.
  - User roles
    Users are assigned to asset groups by an administrator. Predefined user roles cannot be deleted.
    - Managing users
      Examine your users and decide who needs access to which apps and asset groups. Consider grouping them by business unit or geography.
    - Defining custom user roles
      A custom role is a set of permissions that are applied to a user so that they can perform certain administrative tasks.
    - Changing the default user role
      Administrators can change the default user role to any role (except Administrator), including a custom role. This ability helps you customize user access for your organization.
  - Asset groups
    Asset groups represent abstract components of your organization, like "Finance" or "Engineering." Administrators can restrict access to specific applications by assigning them to an asset group and limiting the users who belong in the group.
- Applications
  An application is a collection of scans related to the same project. It can be a web site, a desktop app, a mobile app, a web service, or any component of an app. Applications enable you to asses risk, identify trends, and make sure that your project is compliant with industry and organization policies.
- Policies
  You can apply the predefined policies, as well as your own custom policies, to show only data for the issues that are relevant for you.
- DevOps
  Tools for incorporating AppScan 360° in your software development lifecycle.
- Personal scans
  A personal scan is a way of evaluating the relative security of an application in development without affecting overall application scan data (issues, for example), or compliance.
- Scan status
- Audit trail
  The audit trail (Organization > Audit trail) logs user activity.
Navigation
This section describes the items on the main AppScan 360° menu bar, with links to more detailed information.
Static analysis
Use static analysis (SAST) to scan for security vulnerabilities in web and desktop applications. Static analysis includes Intelligent Finding Analytics (IFA) and Intelligent Code Analytics (ICA).
Results
The Scan History tab of your application displays your scan results (including scan statistics) and rescan options.
Reference
Some frequently asked questions, and information about integrating AppScan 360° into the product lifecycle (SDLC).

Defining custom user roles

A custom role is a set of permissions that are applied to a user so that they can perform certain administrative tasks.

About this task

As an organizational security measure, users that are assigned limited administrative permissions see a streamlined view of the Administration tab and can access only the administrative pages that they are allowed to use.
You can't delete a custom role if it's assigned to a user. Re-assign the user to a different role and then delete the custom role.
Predefined user roles cannot be deleted.

Procedure

Select Access management > Roles.
Click Add new role and give the custom role a unique name and a description.
Select the capabilities for this role and click Save.