Users can belong to a company or not. A user that doesn’t belong to a company will have Legit access and limited CEWL access - they can view 24 entries of the NSA Chinese State Actors CVE Exploit list. Non-company users will have the “web” role.

Users in the system have one role for now. Actually, the back-end API system supports multiple roles. However, the UI today doesn’t support this. In most cases, you should be able to find the role that does what you are after.

Some important considerations

When logging into the Portal, if you have a Nickname, this is displayed. Make your Nickname awesome! Let your inner Bobby Tables shine through.


Some useful links:

  • API documentation, please see below.

Users API

Please refer to for more details.

Users within the CTCI Portal

Select the menu option, Users.

Figure 1, Users Menu Option

Figure 1, Users Menu Option

The Users icon is two people overlapped.

A User can be created by clicking the icon with the plus sign. It should look like something below.

Figure 3, Create a new User

Figure 3, Create a new User.

The Id value is an internal reference value to its location in the store. The Save button is self-explanatory. The back button goes back to the list of API tokens.

Field Name


Field Name



Internal value - you can ignore

Company Name

You can leave this empty, and it will take your current company. If you are managing many Partner companies, you can set it to one of these companies.

Token Name

This is the name you would like to call your token. It is required


This is a note for the token, and it is always handy to have a note to jog your memory, why this was created, and what systems/processes use this token.


This is what role the token will impersonate. No privilege escalation is allowed. You cannot create tokens for which you don’t have that role already.


Whether the token is enabled or not

Filter Conditions

Future - to support the API token only allowing a certain search filter

Resource Permissions

Future - This will allow more granular access to columns and entities

Token Expiry

Future - This would allow you to expire a token after a certain amount of time.

How to Edit a User

Go to the list of Users by clicking on the User Button, as mentioned in Figure 1.

Click on one of the entries.

Figure 4, Select a User to Show or Edit.

The next page shown will be the show page. It shows all the details. To Edit, you must select the edit page. The reason we do this is to stop accidental changes in the data. Most of the time, you will set and forget.

Figure 5, Edit an API Token entry.

User email address, first name, and last name are required.

Delete a User

Two ways to do it. On the edit page, see the icon above in Figure 5, Choosing a User, and in the list view, select the checkbox and scroll all the way right, and you will see a Delete icon. See Figure 6 below. With the user table, due to the long number of columns, you will need to scroll to the right until you see the delete button.


Figure 6, Deleting a User