|License Type||SaaS & On-Premise|
|Main Product Category||Contrast UI|
Problem: Contrast User is Unable to Approve or Reject a Vulnerability Status Change
This issue can be seen even in the case where the Contrast User has already been given "RulesAdmin" permissions to the Application containing the vulnerability whose status change needs approval.
This problem can be present if either of the following is true:
1. The contrast user has not been given RulesAdmin permissions.
2. The contrast user belongs to a group that gives RulesAdmin permissions to the Application containing the vulnerability whose status change needs approval, BUT at the same time, the user also belongs to another group that gives lower permissions to the same Application.
Contrast user Billy Adams is a member of both GroupA and GroupB. Both groups give access to the application "Webgoat8.1", but GroupA only gives
Edit access while GroupB gives
RulesAdmin access. Even though Billy is a member of GroupB which would allow him to Approve (or Reject) a vulnerability status change for a vulnerability in the Webgoat8.1 application, in actuality, he will not be allowed by contrast to approve/reject, since he is also a member of GroupA which only gives Edit access to Webgoat8.1.
First of all, make sure that the user belongs to a group that gives at least "RulesAdmin" permissions to the Application that contains the vulnerability whose status change needs approval.
Second, make sure that the user does not belong to multiple groups that give conflicting permissions to the same Application. If the user does belong to multiple groups that give conflicting permissions, then you will need to fix the group memberships and/or application access settings within the relevant groups so that the contrast user ends up with RulesAdmin permissions to the Application in question.
The necessary permissions for Approving/Rejecting vulnerability status changes:
Information about the different Organization Roles:
Important Notes regarding Groups: