Managing access for Comply users

Comply integrates with Puppet Enterprise (PE) for role-based access control (RBAC). You can create or import new Comply users and assign them to roles in the PE Console. There are three default roles provided for Comply users: comply-admin, comply-operator, and comply-viewer. Users must be assigned to one of these roles in order to log into Comply.

Adding new Comply users and roles

In order to add a new local user in Comply, log into the Puppet Enterprise (PE) console associated with your Comply instance. Your user in PE must have the ability to create and edit user roles. Follow the instructions found in the PE documentation at to add a new user and assign them to one of the three provided default Comply roles.

For more information on configuring Comply with PE, visit Add your PE credentials to Comply.

Importing existing users to Comply

RBAC integrates with LDAP for easy import of existing remote users. You can find instructions on how to connect to LDAP, import users, and assign them to roles at

Note: Importing SAML users from Microsoft ADFS and Okta is not currently supported in Comply.

Default Comply roles

There are three default roles provided for Comply users. Each role is assigned different permissions and has a different view of the Comply console, meaning that some options in Comply are greyed out or unavailable for users with certain roles.

The following table explains the permissions included by default for each role:

Category Action Puppet Comply Role
comply-admin comply-operator comply-viewer
Dashboard View compliance dashboard
Node Results View node results list
Export node results data to CSV
View node detail
Rule Detail View rule detail
Create an exception
Scan Reports View scans list
View scan report
View scan report: rule performance
View scan report: node performance
Run an ad hoc scan
Generated Reports View the list of exported data
Download exported data
Inventory View inventory list
Update desired compliance (in bulk and individually)
Scan Schedules View scan schedules list
Create a scan schedule
View a scan schedule detail
Edit a scan schedule
Manage the nodes linked to a scan schedule
Pause, end, restart a scan schedule
Delete a scan schedule
Custom Profiles Create a custom profile
View custom profiles list
View custom profile details
Create a custom profile
Edit a custom profile
Delete a custom profile
Export custom profiles to csv
Exceptions View exceptions list
View exceptions detail
Create an exception
Edit an exception
Resolve an exception (one, many, all nodes)
Delete an exception
Activity Feed View activity feed scans tab
View activity feed assessor upgrade tab
View activity feed assessor upgrade summary page
License View license page
Sync license
Settings View settings page
Edit settings page (refresh data, remove/add PE)
Upgrade See alert advising there is an upgrade available