Create admin user who can see all scans

Archive Greenbone Community Edition
1

Hello,

When I create a new user with the admin role, this user cannot see any scans of other users, such as the builtin admin. Is this ‘normal’? How can I create a user who can see all scans, just like the builtin admin?

GVM versions

gsad: Greenbone Security Assistant 20.08.0
gvmd: Greenbone Vulnerability Manager 20.08.0
Manager DB revision 233
openvas-scanner: OpenVAS 20.8.0
gvm-libs 20.8.0
gvm-libs: gvm.noarch 20.8.0-14930.el8.art @atomic
gvm-libs.x86_64 20.8.0-14795.el8.art @atomic
gvmd.x86_64 20.8.0-14595.el8.art @atomic

Environment

Operating system: CentOS 8
Kernel: 4.18.0-193.19.1.el8_2.x86_64
Installation method / source: Atomic rpm

2

AFAIK a normal Admin role is not able to see scans from another admin on default … only the “Super Admin” role is able to see “everything” … See here for roles …
You can define "Super Admin"s in the GOS …

gos
gos1292×708 56.4 KB

Alternatively you can add permissions to your tasks/scans etc. and can define read/write rights to any other existing user …

Bildschirmfoto 2020-09-28 um 15.42.35
Bildschirmfoto 2020-09-28 um 15.42.35820×301 17.1 KB

See here for more details

1 Like
3

Thanks @y0urself,

Not sure if I can and how I would access GOS when installing GVM-20 from Atomic’s rpm on a CentOS server?

4

You can use gvmd to create a super user, I think.
Maybe this helps you: GSA 9.0 user access permissions

1 Like
5

Thanks a lot, managed to add a ‘global admin’ user with:

gvmd --create-user=mysusername -v --role="Super Admin"

2 Likes
6

Is it possible to create a user that cannot edit the scans but who can see scans from all other people?

7

@robinopletal Please create a new topic for this new question. This topic has been already answered and marked as “solved”.

8

Alright :slight_smile:

1 Like
9

@cfi can you point the thread talking about it ? I found threads mentioning the special group; but this allows read/write permissions and is mutual. It’s different from having a global user (not admin) able to see only (eg; read access, not write) all tasks & objects created by other users.

1 Like
10

@tatooin that would be a question to @robinopletal and not me :slightly_smiling_face:.

But i guess the created follow-up post was Global read-only user (something like super admin, but read-only)

1 Like