Our service gives users Role-Based Access Control. Users are granted access to WAS features and functions based on Roles. These Roles are a consolidation of fine grained Permissions. Managers have full rights and can configure roles and permissions using the Administration utility.
Within the Administration utility, you'll find roles and their related permissions in the Role Management section. For example the WAS Scanner role defines permissions for a Scanner user with permissions to the WAS module.
Several permissions groups are available for the WAS module including one group for WAS Authentication Record Permissions.
Authentication Record - Create, Update, Delete. These permissions specifically determine whether users are permitted to create, modify, or delete authentication records.
Enabling or disabling the View Password in Authentication Record permission decides if the password should be visible or masked when the user fetches the authentication record details. You need to disable the "View Password in Authentication Record" and "View/download Selenium Script sensitive contents" (Web Asset) permissions to mask the password in the API response.
How do I see a user's assigned roles and permissions? Go to the Administration utility and view/edit the user of interest.
Do you have Express Lite? If yes, you and other users in your subscription have full permissions. You will not need to customize permissions.