Available Roles & Permissions
Service Roles
Risk Overview
Centralized view of overall organizational risk posture, trends, and top vulnerabilities.
| Role | Permission Key | Description |
|---|
| View | risk.view | Allows user to view dashboards, lists, and read-only data. |
| Export | risk.export | Allows exporting of scan data, reports, vulnerabilities, and analytics. |
Network Perimeter
Visibility into attack surface, exposed ports, services, and network vulnerabilities.
| Role | Permission Key | Description |
|---|
| View | network.view | Allows user to view dashboards, lists, and read-only data. |
| Create | network.create | Allows creation of scans, assets, users, or resources depending on service. |
| Manage | network.manage | Allows modification, updates, and administrative control within a service. |
| Create & Manage | network.create_manage | Combined role offering both create and manage permissions. |
| Comments | comments | — |
| Full Access | network.full_access | Complete control including create, manage, import/export, and administrative privileges. |
| Export | network.export | Allows exporting of scan data, reports, vulnerabilities, and analytics. |
| Import | network.import | Allows importing assets, scan data, configurations, and external resources. |
| Allow AI Use | network.ai_use | Grants ability to query and interact with AI Agent for analysis, RCA, and security automation. |
Cloud Workload Risks
Identification and analysis of cloud misconfigurations, IAM issues, and cloud security risks.
| Role | Permission Key | Description |
|---|
| View | cloud.view | Allows user to view dashboards, lists, and read-only data. |
| Create | cloud.create | Allows creation of scans, assets, users, or resources depending on service. |
| Manage | cloud.manage | Allows modification, updates, and administrative control within a service. |
| Create & Manage | cloud.create_manage | Combined role offering both create and manage permissions. |
| Full Access | cloud.full_access | Complete control including create, manage, import/export, and administrative privileges. |
| Export | cloud.export | Allows exporting of scan data, reports, vulnerabilities, and analytics. |
| Import | cloud.import | Allows importing assets, scan data, configurations, and external resources. |
| Allow AI Use | cloud.ai_use | Grants ability to query and interact with AI Agent for analysis, RCA, and security automation. |
Code Security
Security analysis of source code, repositories, pipelines, secrets, and SCA/DAST findings.
| Role | Permission Key | Description |
|---|
| View | code.view | Allows user to view dashboards, lists, and read-only data. |
| Create | code.create | Allows creation of scans, assets, users, or resources depending on service. |
| Manage | code.manage | Allows modification, updates, and administrative control within a service. |
| Create & Manage | code.create_manage | Combined role offering both create and manage permissions. |
| Full Access | code.full_access | Complete control including create, manage, import/export, and administrative privileges. |
| Developer Access | code.developer_access | Grants developer-centric capabilities such as viewing and triaging code findings, linking fixes to repos, and CI/CD integration management. |
| Export | code.export | Allows exporting of scan data, reports, vulnerabilities, and analytics. |
| Import | code.import | Allows importing assets, scan data, configurations, and external resources. |
| Allow AI Use | code.ai_use | Grants ability to query and interact with AI Agent for analysis, RCA, and security automation. |
Cloud Security Posture Management (CSPM)
Continuous assessment of cloud infrastructure to identify misconfigurations, compliance gaps, and security risks across AWS, Azure, and GCP.
| Role | Permission Key | Description |
|---|
| View | cspm.view | Allows user to view dashboards, lists, and read-only data. |
| Create | cspm.create | Allows creation of scans, assets, users, or resources depending on service. |
| Manage | cspm.manage | Allows modification, updates, and administrative control within a service. |
| Create & Manage | cspm.create_manage | Combined role offering both create and manage permissions. |
| Full Access | cspm.full_access | Complete control including create, manage, import/export, and administrative privileges. |
| Cloud Engineer Access | cloud_engineer_access | — |
| Export | cspm.export | Allows exporting of scan data, reports, vulnerabilities, and analytics. |
| Import | cspm.import | Allows importing assets, scan data, configurations, and external resources. |
| Allow AI Use | cspm.ai_use | Grants ability to query and interact with AI Agent for analysis, RCA, and security automation. |
Web Application & API Security Testing
Automated and manual security testing of web applications and APIs, including DAST, API fuzzing, authentication testing, and vulnerability discovery.
| Role | Permission Key | Description |
|---|
| View | web.view | Allows user to view dashboards, lists, and read-only data. |
| Create | web.create | Allows creation of scans, assets, users, or resources depending on service. |
| Manage | web.manage | Allows modification, updates, and administrative control within a service. |
| Create & Manage | web.create_manage | Combined role offering both create and manage permissions. |
| Full Access | web.full_access | Complete control including create, manage, import/export, and administrative privileges. |
| Tester Access | tester_access | — |
| Export | web.export | Allows exporting of scan data, reports, vulnerabilities, and analytics. |
| Import | web.import | Allows importing assets, scan data, configurations, and external resources. |
| Allow AI Use | web.ai_use | Grants ability to query and interact with AI Agent for analysis, RCA, and security automation. |
AI Agent
AI-powered security assistant for RCA, patch scripts, analysis, and Q&A across the platform.
| Role | Permission Key | Description |
|---|
| View | ai_agent.view | Allows user to view dashboards, lists, and read-only data. |
| Allow AI Use | ai_agent.ai_use | Grants ability to query and interact with AI Agent for analysis, RCA, and security automation. |
| Manage | ai_agent.manage | Allows modification, updates, and administrative control within a service. |
| Full Access | ai_agent.full_access | Complete control including create, manage, import/export, and administrative privileges. |
Integrations
Connect and manage external integrations such as GitHub, Azure, AWS, Jira, ServiceNow, Slack.
| Role | Permission Key | Description |
|---|
| View | integrations.view | Allows user to view dashboards, lists, and read-only data. |
| Create | integrations.create | Allows creation of scans, assets, users, or resources depending on service. |
| Manage | integrations.manage | Allows modification, updates, and administrative control within a service. |
| Create & Manage | integrations.create_manage | Combined role offering both create and manage permissions. |
| Full Access | integrations.full_access | Complete control including create, manage, import/export, and administrative privileges. |
| Import | integrations.import | Allows importing assets, scan data, configurations, and external resources. |
| Export | integrations.export | Allows exporting of scan data, reports, vulnerabilities, and analytics. |
Billing & Subscriptions
Manage subscriptions, invoices, usage metrics, payments, and financial configuration.
| Role | Permission Key | Description |
|---|
| View | billing.view | Allows user to view dashboards, lists, and read-only data. |
| Manage | billing.manage | Allows modification, updates, and administrative control within a service. |
| Full Access | billing.full_access | Complete control including create, manage, import/export, and administrative privileges. |
Add, view, and manage comments and notes on vulnerabilities, scans, and findings across all security dashboards.
| Role | Permission Key | Description |
|---|
| View | comments.view | Allows user to view dashboards, lists, and read-only data. |
| Edit | edit | — |
Unified Findings
Consolidated view of security findings across code, cloud, web, API, and infrastructure scans with filtering, prioritization, and remediation context.
| Role | Permission Key | Description |
|---|
| View | unified.view | Allows user to view dashboards, lists, and read-only data. |
| Export | unified.export | Allows exporting of scan data, reports, vulnerabilities, and analytics. |
| Allow AI Use | unified.ai_use | Grants ability to query and interact with AI Agent for analysis, RCA, and security automation. |
Asset Inventory
Comprehensive inventory of infrastructure, cloud resources, applications, repositories, APIs, and services with ownership, exposure, and risk context.
| Role | Permission Key | Description |
|---|
| View | asset.view | Allows user to view dashboards, lists, and read-only data. |
| Manage | asset.manage | Allows modification, updates, and administrative control within a service. |
| Export | asset.export | Allows exporting of scan data, reports, vulnerabilities, and analytics. |
Quick Roles
| Role | Description | Permissions |
|---|
| Auditor | Complete read-only access across the platform for compliance, audit, and investigation. | all.read |
| Billing Manager | Full access to billing, subscriptions, invoices, and payment configurations. | billing.full_access |
| CISO/CXO | Top management role with full visibility across all dashboards but without modification rights. | all.read, all.export, all.ai_use |
| Co-Admin | Advanced admin role with high-level management access across services except billing. | all.manage_except_billing |
| Developer | Developer-focused role with access to code security, CI/CD, repos, and developer insights. | code.full_access, code.ai_usage |
| Security Analyst | Can view, triage, classify, and assign vulnerabilities but cannot modify platform settings. | risk.view, cloud.view, network.view, code.view, export |
| Security Engineer | Can remediate vulnerabilities, run scans, manage integrations, and use AI Agent. | network.manage, cloud.manage, code.manage, all.ai_use, integrations.manage |
| Viewer (Global) | Global view-only role for users needing read-only access across all modules. | all.view |
| Read-Write Except Delete | Custom role allowing edits and creations but preventing destructive actions. | create, manage |