Hi juliero, and welcome to the Greenbone Community Forum!
Would you like to share all reports or only specific reports with that second user? Should that user be able to do the same operations as an admin with those reports or do you want to only grant read permissions?
Thank you for your answer. I want to grant only Read permissions to the second user.
This way the second user can see, tasks, reports, results, targets, without modifying anything.
The best way I have found so far is to give a user read permission for tasks. They will be able to read any reports and results from those tasks.
In order to do that, you have to first get the ID of the task you want to grant read access to. Do to that, go to the details page of the task by clicking the magnifying glass icon after clicking on it. You can then find the task ID there:
Copy the ID to your clipboard. Then, go to Administration > Permissions and click the add icon in the top left corner. As permission name, choose get_tasks. Then choose the correct user who should get access and paste the task ID.
Click save. Now the other user should have read access to the task and its generated reports. You can repeat this process for any tasks, reports and targets (Of course the permission name will be get_tasks, get_reports and get_targets respectively).
That’s true, however the results and reports will be shared with the user if they have read access to the corresponding tasks. So at least some work can be saved by sharing the tasks with them instead of the single reports.
Sorry to resurrect an old thread, but is there a way to automatically grant write permissions to the admin role when things are created? The only people using GVM will be admins (at least, for the time being), and they should be able to see and/or modify any tasks and reports created. SInce they are granted the admin role, they should automatically be able to see/modify any tasks, assets, configurations, anything.
EDIT: Since we are just starting to look at GVM, there were only a few tasks configured, so I added the admin role with write permissions to them, but no other admins can see the 1000+ assets discovered, and they are unable to delete any of the tasks I created. I would like to allow other admins to fully administer the system. If I win the lottery tomorrow (or get hit by a bus), others should be able to have full permissions over anything I created.
You are looking for Super Admin role. From the docs:
The role Super Admin is the highest level of access.
The role Admin is allowed to create, modify and delete users. Additionally, it can view, modify and delete permissions but is subordinated to those permissions as well. If any user creates a private scan configuration but does not share it, the administrator cannot access it.
The role Super Admin is more suited for diagnostic purposes. The super administrator is excluded from permission restrictions and allowed to view and edit any configuration settings of any user.
Be aware they have no restrictions and can modify other users.
Super admins need to be created through the GOS interface. See: How to create a Super Admin. However, this is not available in the Community Edition. This is a limitation of the Greenbone Community Edition. The feature is available with Greenbone Basic Enterprise appliance.
