Hello,
we startet using OPENVAS SCAN some weeks ago and are trying to figure out the best way for our different admins to deal with the reports and for us as the information security team to monitor the remediation of all the foundings.
As it is the system regularly sends emails with the reports to all the different teams which are responsible for different hosts. The executives don’t want that one team gets to know which vulnerabilities where found for the hosts of other teams.
So I would love to create a role which allows certain admins to only see their own remediation tickets and the details of the results which those tickets refer to. Only seeing your own remediation tickets was easy, but I can’t figure out how I can grant them permission to only see the results for the hosts, they are responsible for. That would be the better UX, instead of working on a remediation ticket, but having to look up the vulnerability details for the ticket in the report, they got via mail.
The best way would be, that I can somehow grand permission to see every result refered by a remediation ticket. The second best option seems to be, that I can grand permission to only see results of certain hosts, much as I can grand permission only to scan certain hosts.
So, is it possible to create such a “remediation ticket user” role?
Thanks in advance for your help.