Uleska User Roles
Uleska has three different types of users roles depending on the needs you have. The three role names are:
- Customer Administrator
- This is the overall administrator user with permission to perform all tasks. The Customer Administrator can add/remove users, manage configuration, manage teams, manage applications in any team, run security tests and manage results, add security tools, configure toolkits, and view metrics and insights.
- Application Manager
- This role is for the day-to-day user who wants to run security tests and manage results. This role cannot edit the wider configuration but can add applications, run security tests/toolkits, triage results, and generate reports. Often a user in this role will be assigned to a specific team so they can only view, and run security tests, against application projects in their team. Access Tokens for this role are then safe to use in CI/CD as they will not affect the testing of projects outside of the user's team.
- Executive
- This role is specific to allow users to view the higher-level statistics and metrics across all teams, but cannot run any tests, view or triage results, or modify any configuration.
The permissions of each role are shown in the following table.
| Customer Administrator | Application Manager | Executive | |
| Add/Edit Applications | Yes (all projects) | Yes (team projects) | No |
| Run Tests, View Results, Triage, Reports | Yes (all projects) | Yes (team projects) | No |
| Edit Risk Configuration | Yes | No | No |
| Set/Edit Advisories | Yes | No | No |
| Set/Edit Tool Connections | Yes | No | No |
| Set/Edit Ecosystem Authentications | Yes | No | No |
| Bulk Import | Yes | No | No |
| Set/Edit Toolkit Patterns | Yes | No | No |
| Add Custom Tools | Yes | Yes | No |
| View Analytics/Metrics | Yes | No | Yes |
| Set/Edit Team Permissions | Yes | No | No |
| Invite Teammates | Yes | No | No |
Initial Sign-up
When you first sign-up to Uleska you can use your social account (e.g. GitHub, Google, etc) or your e-mail address. Doing so creates a new ‘Customer’ in Uleska and you can give it a corresponding name in the ‘Welcome to Uleska’ screen.
This new ‘Customer’ entity can now be used to automate security tools for your company teams and collaborate. The first user is automatically a Customer Administrator role user and has permission to do everything within the Customer entity.
Within your Customer entity, you can add application projects (see adding applications) to test and report on, invite colleagues to do the same (see below), and organize everything into teams (see managing teams).
Inviting Teammates
You can invite as many users as needed to your Customer entity (there is no cost per user) to collaborate on your security automation. You can invite a user to join as any role type, however be aware that you cannot modify the user role once they are added (you can delete the user and re-add them if needed).
To invite a user to join:
- Go to ‘Permissions’ on the left-hand menu option
- Click the ‘Invite User’ button
- You will be presented with the following form to invite the user:
- Enter the following:
- User’s name
- E-mail to receive the sign-up link and for login
- Role
- Team to associate them with (if you have teams configured, this can be changed later)
- Click the ‘Send Invite’ button to create the user and send an invite e-mail to the e-mail address configured.
At this point, the e-mail address invited will receive an e-mail from Uleska with a link to verify their e-mail and complete their sign-up. Clicking on that link will take them to the platform and ask them to set a password for their account.
Entering a valid password will then take you into Uleska. Note that currently, you cannot invite users based on their social logins (e.g. GitHub, Atlassian, etc).
Note that the inviting of users can be automated via the Uleska API, for integration with your user management systems.
Modifying a User
You can modify your own user details by clicking ‘Account’ on the left-hand menu. Currently, you can modify your e-mail address, and cannot modify your name, or role values.
Changing Password
A user can change their password by:
- Going to the ‘Account’ option on the left-hand menu
- Scrolling to the ‘Change Password’ portion
Entering a valid password will cause their password to be updated on Uleska.
Deleting a User
There are some rules around deleting users:
- You cannot delete your own user account.
- Customer Administrator roles cannot delete other Customer Administration users (contact Uleska support if you wish to delete users on this role).
- Application Manager and Executive user accounts can be deleted by the Customer Administrator role.
- A user who is deleted can be re-added at a later time.
Once a user is deleted, they will be unable to access the Uleska UI, and their API tokens will no longer be active.
To delete a user:
- Go to ‘Permissions’ on the left-hand menu
- View the ‘Users’ table
For users that you can delete, you will be given a bin icon.
Select the bin icon beside the user you wish to delete. You will receive a pop-up confirming you wish to delete the user.
Deletion of users can be performed via the Uleska API for integration into other user management systems.
Managing API Tokens
Each user can generate and use an API token for integration with other platforms. Each user has one API token at a time, which can be used to interact with the Uleska system using the API, or the command-line interface (CLI).
API Tokens generated by a user will have the same permissions as the role and team association of the user who generated the token. For example, this means API Tokens for Application Manager roles with access to the Belfast team will be able to perform Application Manager tasks (add applications, run Toolkit test, view issues, etc) on application projects in the ‘Belfast’ team, but not other Customer Admin actions, or interact with application projects in other teams.
To create your first API token:
- Go to ‘Account’ on the left-hand menu
- Scroll down to the ‘Api Token’ section
- Initially, you will not have an API token, to generate one click on the ‘Generate API Token’ button
When you generate this API Token, Uleska will display the new token. This must be copied and stored securely, as Uleska will not display this token again to the UI (it will be hashed internally).
You can use the copy icon at the right of the generated API token to record it. The next time you go to the ‘Account’ page the API token will not be displayed.
You can revoke the API Token at any time, which will delete the current API token forever and allow you to generate a new API token associated with this user.