Projects 101

Team and permissions

Activity feed and revision history

The Project Scheduler

Comments, Notifications, & Subscriptions

Using Nodes to structure the project

Node properties

Working with Notes

The Report Content page

Adding issues and evidence

Liquid Dynamic Content

Combine multiple Issues

Bulk-update Issues

CVSSv3 and DREAD calculators

Add attachments

Tagging issues

Using methodologies

Project templates

Upload and work with tool output

Upload and work with CSV files

Search your project

Restore deleted content with the Trash feature

Quality Assurance View

Generate your report

Importing and exporting projects

Customizations and Configurations

Automatically unlock your LUKS-encrypted drive

Change your LUKs-encrypted drive's passphrase

Change default CIC password

Set up SSL certificates so that upgrades won't override them

Set up SSL certificates with Let's Encrypt

Increase the number of unicorn threads

Increase the number of export worker processes

Set maximum login attempts

Increase session timeout period

Usage analytics sharing

Configure the mail server

Configure the Burp-Dradis Extension

Connecting Dradis to MediaWiki

Enable extra import add-ons

API basics

Teams endpoint

Users endpoint

Projects endpoint

Nodes endpoint

Issues endpoint

Evidence endpoint

Content Blocks endpoint

Notes endpoint

Attachments endpoint

Document Properties endpoint

IssueLibrary endpoint

Intro to the Command Line Interface

User's guide to the Dradis Console

Upload tool output from the command line

[scripting] Find projects with XSS issues

[scripting] Find Issues added in the past 24 hours

[scripting] Statistics on Issues and Projects

[scripting] From Nessus output to custom report

[scripting] Update your IssueLibrary entries

Intro to the BI Dashboard

Custom Team Properties

Custom Project Properties

From Properties to Metrics

Trend Analysis

Intro to Liquid Gateway Themes

Creating Liquid Gateway Themes

Using Liquid Gateway Themes

  1. Support Home
  2. Collaborate
  3. Administration manual
  4. Managing Users

Managing Users

This page contains:

You must be signed in as Administrator to manage users. To manage users, navigate to Projects Dashboard > Users.

Are you working with on multiple projects or for multiple teams? Create and manage Testers to grant a specific user permission to just the projects that they are working on.

Add New Tester

  1. Sign in as Administrator.
  2. Navigate to Projects Dashboard > Users.
  3. Click on the + New Tester link in the right-hand sidebar.

  4. Enter in the email, password, and password confirmation for the new user you want to create.

  5. Confirm whether you want to assign an Author or Administrator role to the new Tester.
  6. Click Create User.

The new Tester will now appear on the Users page.

If you have a new subscription and you try to add more users than your subscription allows, you may see a notification that unlimited testers have been enabled, in order for your whole team to try out Dradis. Note that these additional seats beyond your subscription are temporary, and at the end of the temporary trial period, users beyond your subscriptions seat count will be disabled unless you increase the license seats on your subscription.

Existing Testers

Edit a Tester

Edit the email, password, or role of any existing user.

  1. Sign in as Administrator.
  2. Navigate to Projects Dashboard > Users.
  3. Select the yellow Edit button below the picture of the correct user.
  4. Edit the email address, password, or the role of the user.
  5. Click Update User to save the changes

Unlock a Tester

If the tester exceeds the allowed number of maximum login attempts, their account will be locked.

To unlock the account, the account password will need to be reset. This can be done by the user themselves using the Forgot my Password! option on the Dradis login page.

This approach assumes that you have configured the mail server for Dradis. If you have not done so, an Admin can navigate to Users in the header of the Dradis app and click Unlock to unlock that tester's account.

You can reset the user's count of login attempts through the command line.

First, find the correct user ID from the URL like: /pro/admin/users/123/edit. You can see this when logged in as your other Admin user, browsing to the Users tab, and hovering over the Edit button for your locked user. Then run:

  $ cd /opt/dradispro/dradispro/current/
  $ RAILS_ENV=production bundle exec rails console
  irb> u = User.find(123)
  irb> u.preferences.failed_auth_count = 0
  irb> u.save
  irb> exit

Make sure to sub in the correct user ID for 123 in the example above!

Disable a Tester

When a user is disabled it will not allow them to log in or access any of the app's data. Any data created by the user will remain in the instance. Disabled users do not count toward the number of seats used by your Dradis instance.

  1. Sign in as Administrator.
  2. Navigate to Projects Dashboard > Users.
  3. Select the yellow Edit button below the picture of the correct user.
  4. Select the radio option for disabled
  5. Click Update User to save the changes

Tester Permissions

Authors can be given access to just the projects and tools that they need. An Author's access to any project on the instance can be granted or revoked. Only Authors assigned to a project can view it and work on it.

For tools like the IssueLibrary, the Rules Engine, or the Remediation Tracker, Authors can be given action-based permissions. Do you only want Author #1 to be able to Read IssueLibrary entries but not create, update, or destroy them? You can do that! Do you want Author #2 to have full control over the Rules Engine? You can do that too!

  1. Sign in as Administrator.
  2. Navigate to Projects Dashboard > Users.
  3. Select the purple Permissions button to the right of the correct user.
  4. Select the correct tab (e.g. Projects, IssueLibrary, Rules Engine, Remediation Tracker, etc)
  5. Toggle the switch to green next to the correct Project name or tool action to provide access.
    • Optional: Click Select all or Deselect all to quickly grant or revoke access across all projects or for all actions within a tool.
  6. Click Save changes to save the changes before moving on or switching tabs

Next help article: Enabling / disabling sign ups →

Streamline InfoSec Project Delivery

Learn practical tips to reduce the overhead that drags down security assessment delivery with this 5-day course. These proven, innovative, and straightforward techniques will optimize all areas of your next engagement including:

  • Scoping
  • Scheduling
  • Project Planning
  • Delivery
  • Intra-team Collaboration
  • Reporting and much more...

Your email is kept private. We don't do the spam thing.