Vault 7: Projects

This publication series is about specific projects related to the Vault 7 main publication.
SECRET//20350112
• RO means the User can view Missions, Target Decks, and resulting data (Alert
Sessions, Harvest Data, Copy Data) associated with a Operation.
• RW means the User, in addition to viewing data, can also plan/edit Missions,
plan/edit Target Decks, and assign Missions to Flytraps.
(U) By default, a User with a “cwadmin” Role (see 8.1.2) has RW access to all data
independent of the Operation(s) with which that data is associated.
(U) Note that when a User with a “cwuser” Role is created, they are given “Read-only”
permission to the DEFAULT Operation, and “No Access” to all other Operations (see
8.1.6). Note that if User with a “cwuser” Role is given “No Access” to the DEFAULT
Operation, then that User may not be able to plan a Mission, because access is needed to
at least one Mission to use as a starter Mission.
8.1.9 (U) Permissions Management
(U) To perform Permissions Management, login to CW (see 9.2) as a User with
“cwadmin” privileges. On the CW left menu pane, click the Administer -> Permissions
link.
(U) In the “Non-admin User” combo box, select the User whose permissions you wish to
change (note that Users with “cwadmin” privileges have RW access to the entire system,
so permissions are not available to edit). The current permissions for each Operation of
the selected User will display in the list. Select the appropriate permission for the
appropriate Operation.
8.1.10 (U) Sharing Flytrap Resources Between Operations
(U) It is possible (though unlikely) to assign ownership of a Mission to multiple
Operations. A Flytrap could then execute this Mission in support of more than one
Operation. By default, any Operation owning a Mission has access to all Mission data,
including global (Harvest, Copy All, Flytrap Status and Security) and Target-related
(Alert Sessions, Copy Data) data. Thus, if Operation A and B are both owners of Mission
M1, then both Operations A and B would have access to all of M1’s Mission data.
(U) Assigning multiple Operation ownership to a Mission can be accomplished via two
methods:
• The first is during the creation or editing of a Mission. The Mission workflow
includes a step to add/remove owning Operations (see 9.11.8 and 9.13). If all
owning Operations are removed, then the Mission is owned by the "DEFAULT"
Operation (see 8.1.6).
• The second is via adding a Target Deck to a Mission – i.e., by default, any
Operation owning a Target Deck in a particular Mission will have access to all of
that Mission’s data, both global and Target-related. To add Operation A's Target
Deck to Operation B's Mission, either Operation A must already be a Mission
owner (i.e., via the preceding method), or a User must have RW access to both
Operation A and B.
41
SECRET//20350112