Organization, Group
About Organizations and Groups
Please also refer to the User help. For details on how to manage organizations, groups, and users, please refer to User Management.
Organization
FutureVuls’ organizations are used as “billing recipients”. In many cases, they will be the organization name.
Group
All vulnerability information and server information belong to a “group”. It is recommended to create a group as a unit to manage vulnerability information and server information. It is like dividing them by department or team.
There is no limit to the number of groups, and the number of groups does not affect the calculation of fees.
Group Sets
The CSIRT plan includes a group set function that allows you to manage multiple groups across the organization. For details, please refer to CSIRT Plan>Group Sets.
User Authorization Settings
Users can be assigned one of three types of authorization based on their purpose.
| Role name | Authority | Setting location |
|---|---|---|
| Owner | Organization settings | Organization |
| CSIRT (CSIRT plan only) | CSIRT authority | Organization |
| Group Admin | Group settings | Group |
| Member | General user | - |
In short, users can be set to have “the ability to configure organizations” or “the ability to configure groups” for each user.
For example, billing staff only belong to the organization and have owner privileges, while server administrators who do not require billing settings are set as group administrators.
The following table shows the various permissions and operations that can be performed with each type of authorization.
| Change | Authority type | CSIRT plan only | Authority description |
|---|---|---|---|
| ✓ | Owner | - | Can view and modify everything |
| ✓ | CSIRT | ✓ | Can view and modify everything except billing-related items and organization member management |
| ✓ | Group Set Administrator | ✓ | Can view and modify the settings and basic screens for the relevant group set and the groups included in it |
| ✓ | Group Set Member | ✓ | Can view and modify the basic screen for the relevant group set and the groups included in it |
| - | Group Administrator | - | Can view and modify the settings and basic screens for the relevant group |
| - | Group Member | - | Can view and modify the basic screen for the relevant group |
| - | Group Inviter | - | Can invite users who have not signed up to the group or users who belong to other organizations invited to the group… |
Organization Permissions
Only users with owner permissions can configure organization settings.
You can set organization permissions (owner permissions) from the organization settings screen.
All users who belong to the organization are displayed on the Members page.
You can set permissions by clicking on the gear icon next to a user’s name.
Owner Permissions
Users with owner permissions can change all settings within the organization, including display settings and changing the billing information. With this permission, you can view, edit, and configure all groups within the organization and all group sets. The difference between owner and CSIRT permissions is that you can perform all organization settings, including payment settings.
CSIRT Permissions
CSIRT permissions are a feature exclusive to organizations that have subscribed to the CSIRT plan.
CSIRT permissions can be thought of as owner permissions without billing permissions. Like an owner, you can change user permissions, confirm group memberships, and view data across all group sets and groups. With this permission, you can view, edit, and configure all groups within the organization and all group sets. The difference between owner and CSIRT permissions is that you cannot perform certain organization settings, such as payment settings.
Group Set Permissions
Group sets are a feature exclusive to organizations that have subscribed to the CSIRT plan.
You can set group set permissions (group set administrator permissions) from the group set settings screen.
All users who belong to the group set are displayed on the Members page.
You can set permissions by clicking on the gear icon next to a user’s name.
With this permission, you can view and edit all groups within the group set and all group sets. Administrative permissions also enable you to configure group set settings and group settings. If you want to add multiple users to multiple groups, you can create a group set and add the users to it to grant permissions all at once.
Group Permissions
You can set group permissions (group administrator permissions) from the group settings screen.
All users who belong to the group are displayed on the Members page.
You can set permissions by clicking on the gear icon next to a user’s name.
With this permission, you can view and edit all data within the group. Administrative permissions also enable you to configure group settings, including adding and removing members.
Members
In the members section, you can view the users in your organization. You can see whether a user is an owner or invited, and you can also switch ownership here.
There is no limit to the number of users, and the number of users does not affect pricing.
Group List
In the group list, you can view the groups in your organization. You can also see whether you are a member of the group and what role you have. You can create a new group by clicking the Create Group button.
Owners can join a group without an invitation. By clicking the Join button, they will be registered as Group Administrators.
Group Set Configuration
Group set is a feature limited to organizations that have a CSIRT plan. Only users with group set administrator privileges can access group set configuration.
You can set up configurations of group, members, group set tokens for Group set.
For changing group set names or other group settings, it accepts changes by pressing edit button.
Group Settings > Members
On the Members screen, you can check the users in the group set. You can also check their permissions. As mentioned above, you can also set group set administrators.
Adding Users
You can add users from the “Add User” button. There are two options for adding users:
- Add from this organization
- Select from the pull-down menu of users who are already members of the organization to add them.
- Select from the organization owner
- The organization owner can operate the group set even without granting permissions. This can be used to grant permissions to individual group sets in advance when removing owner permissions.
Group Settings
Only users with group administrator privileges can view group settings.
In Group Settings, you can confirm members, scanners, scan history, and external linkage settings.
Changing Group Settings
- Change the group name
- You can change the group name as long as it is unique within the organization.
- Sharing CVE topics
- You can set whether to share CVE topics within the organization. Details will be explained on a separate page.
- Changing the default server role
- Every server must have a server role assigned. You can set the role to be automatically registered when creating a new server.
Group Settings > Members
On the Members page, you can check the users in the group, including their permissions, invitation status, and two-factor authentication settings. As stated above, group administrators can also be set.
Adding Users
You can add users using the Add User button. There are two options for adding users:
- Add from this organization
- Select from users who are already members of the organization using a pull-down menu
- Invite external people
- Send an invitation email to users who are not yet registered with the organization and add them
You can also set permissions for invited users.
Invited users will be able to approve invitations on the User Settings Profile page.
Scanner
Shows how to install and uninstall the scanner program.
Scan History
On the Scan History page, you can check the history of scans.
You can see the scanner information for each server, whether the scan was successful or not, and the error message when it fails.
Token
On the Token page, you can manage the tokens used for scans and the developer REST API.
External Integration
On the External Integration page, you can configure settings for integrating with various external services.
For more information, see External Integration.