Silly question.
I have set up another users (secondary admin) on my GSE GVM/GSAD 9.0.1. I had thought if they had the same permissions as I, they would be able to see all the tasks and reports I had set up. But apparently this is not the case, as the second user cannot see any existing tasks or reports.
How do I “share” what I have created with the second user?
Any help appreciated. I am against sharing credentials.
Cheers
Hi jstevensog.
A) to be able to share, the new account needs the “global permissions” to use the object. If the second user also has the role Admin, this is covered.
B) to use a specific object of user A user B needs the specific permission to do this object. This can be given manually by user A as follows:
Now if you want to do this with every object a user has, this is a lot of work. For this reason, we created “Special Groups”. Every Member of this groups automatically shares all objects with all other members.
To create such a group, create a new one via
Web-GUI > Configurations > Groups > New
And make sure to choose [x] special
I hope this helped.
Hi @Tino,
I have similar issue. On my GVM 11 I have 2 global admins. Both admins added via cli. None of these global admins can list the other global admin on the webUI. I tried the above solution provided by @Tino, but it did not work, since the “special” group is a resource added by either one of these admins and they do not share resources.
Any other idea I could try?
Thank you
Thanks @Tino,
Completely solved my problem with the Special Group advice, and I can see the benefits of individual object permissions. Now I know how to do that I will certainly make use of it.
Cheers
Hi ManuelF.
An account, that has not been created in the Web-GUI has no “owner”. The only kind of account that can “get” aka “see” an ownerless account is a superadmin account.
Please create a superadmin account via
GOS Admin Menu > Setup > User > Users > Super Admin
Logging in as the superadmin, you should be able to attach permissions for one account to the other as well as putting both in the same group.
Hi @Tino,
I went to the web-GUI -> Admnistration -> Users -> New User, but Super Admin role is not available. I am using the admin account added during the installation via CLI gvmd --create-user=admin --password=admin, and from the web-GUI it says it is a global user, but maybe it is not a Super Admin and that is why I can’t access the Super Admin role?
I am running the compiled version from source, not the VM.
Thank you
The Super Admin role needs to be enabled in the GOS-Admin-Menu. Via
GOS Admin Menu > Setup > User > Users > Super Admin
If you don’t have access to the GOS Admin Menu, please ask the Administrator of the GOS Admin Menu. The super admin role is not availiabe in the Web GUI to enable preventing web users from accessing other web users data.
Hi @Tino,
I am the only Administrator of this GVM 11. There is no other admin to ask for help. Like I said, all the admin accounts that I have, were created through the CLI. I have full access to the source files, webUI and CLI, but I may not know how to fully use those resources due to a lack of knowledge. I managed to share resources (tasks, reports, etc) among some GVM users by adding a group, enabling the option to share all content and adding the users to that group. Perhaps I am not using a Super Admin account, but it is a workaround.
If you know how I can add or enable a Super Admin account via CLI or web UI, I would be happy to try it, since i do not know how to do it, even when I have full access to GVM.
Thanks
You don´t need the super-admin. The super-admin is only needed if you have multiple admins, and you need to see results from users across different admins.
Hi @Lukas,
Thank you for joining the loop. For now I am the only admin, but soon we could be more (at least two) and my boss will want to monitor both admin accounts with a Super Admin account, that will be the only one. That is why I am trying to get one setup for him.
Any help or ideas are welcome 
Thank you
Hello,
I have more or less the same question. I have a new user I’d like to monitor while he gets up to speed; without giving him the possibility to see my objects. I understand special group could help here, but unfortunately it works both ways. Eg, members in the special group will see each other objects.
Is there any way to share existing and future objects of a particular user to another user, but not vice versa ?
More generally; since the permission model is very confusing in GVM 20.8/21.4, is there any good documentation explaining how it works and how it should be used ?
Thanks
After many tries I’ve discovered that to make many users have permissions to others reports you have to:
For the records, the relevant documentation (also valid for source installations) on permission management is accessible here:
https://docs.greenbone.net/GSM-Manual/gos-22.04/en/web-interface-access.html#managing-permissions
which could help as well.