User Permissions
Organization Administrator
When adding or editing a user or API token, they can be selected as an organization administrator.
Resource | Permission |
Organization profile | Edit |
Audit log | View |
Users | Edit |
Groups | Edit |
Authentication | Edit |
API Tokens | Edit |
Organization integrations | Edit |
Inbox settings * | Edit |
Asset inventory | Edit |
Organization analytics | View |
Engagement settings ** | - |
Engagement dashboard ** | - |
Engagement policy page ** | - |
Engagement inbox (reports) ** | - |
Custom inbox (reports) ** | - |
* Inbox settings refer to setting up additional custom inboxes and managing access in organization settings. Engagement inbox settings are managed under engagement settings.
** These can be granted to the user by adding them to groups with access and permissions.
Group Permissions
Groups allow you to set up your teams and grant the right team permissions to the various areas on the platform.
Organization Permissions
Resource | User Manager | Groups manager | Assets manager | Assets viewer |
Organization profile | - | - | - | - |
Audit log | - | - | - | - |
Users | Edit | Edit | - | - |
Groups | Edit | Edit | - | - |
Authentication | - | - | - | - |
API Tokens | Edit | Edit | - | - |
Organization integrations | - | - | - | - |
Inbox settings * | - | - | - | - |
Asset inventory Assets managers can also manage scope for all programs | - | - | Edit | View |
Organization analytics | - | - | - | - |
Engagement settings | - | - | - | - |
Engagement dashboard ** | - | - | - | - |
Engagement policy page ** | - | - | - | - |
Engagement inbox (reports) | - | - | - | - |
Custom inbox (reports) | - | - | - | - |
*Inbox settings refer to setting up additional custom inboxes and managing access in organization settings. Engagement inbox settings are managed under engagement settings.
Engagement and Report Permissions
Engagement Settings
Resource | Read only | Program admin | Report | Reward |
Engagement profile | ✅ | ✅ | - | - |
Engagement product edition | ✅ | ✅ | - | - |
Credential management | ✅ | ✅ | - | - |
Audit log | ✅ | Export | - | - |
Billing overview | ✅ | ✅ | - | - |
Billing credit card | ✅ | ✅ | - | - |
Billing prepayment | ✅ | ✅ | - | - |
Policy settings | ✅ | ✅ | - | - |
Scope management Grants access to Asset inventory | ✅ | ✅ | - | - |
Submission form settings | ✅ | ✅ | - | - |
Response targets & metrics | ✅ | ✅ | - | - |
Email notifications | ✅ | ✅ | - | - |
Inbox views | ✅ | ✅ | - | - |
Custom fields settings | ✅ | ✅ | - | - |
Hacker invitations | ✅ | ✅ | - | - |
Hacker submission requirements | ✅ | ✅ | - | - |
Embedded submission form | ✅ | ✅ | - | - |
Bounty settings | ✅ | ✅ | - | - |
Swag settings | ✅ | ✅ | - | - |
Common responses | ✅ | ✅ | - | - |
Triggers | ✅ | ✅ | - | - |
Integrations | ✅ | ✅ | - | - |
Webhooks | ✅ | ✅ | - | - |
Hackbot | ✅ | ✅ | - | - |
Export reports | - | - | ✅ | - |
Proof of compliance | ✅ | ✅ | - | - |
Report Permissions
Resource | Read only | Report | Reward |
View reports | ✅ | ✅ | ✅ |
Internal comments | ✅ | ✅ | ✅ |
Public comments | ✅ | ✅ | - |
Reports state (assign, triage, close) | ✅ | ✅ | - |
Retest requests | ✅ | ✅ | - |
Edit report titles and vulnerability types | ✅ | ✅ | - |
Suggest bounty | ✅ | ✅ | ✅ |
Award bounty | ✅ | - | ✅ |
Participants on reports | ✅ | ✅ | - |
Common responses | ✅ | ✅ | - |
Triggers | ✅ | ✅ | - |
Request disclosure | ✅ | ✅ | - |
Agree to disclosure request | ✅ | ✅ | - |
Custom field input on report | ✅ | ✅ | - |