Groups and Permissions

You can have customized groups with different access rights on your program. HackerOne Organization administrators can set these access rights for groups on your program. All security programs start with Admin and Standard default groups with set permissions that you can't edit, but you can still add or remove users to these groups.

Adding a New Group

To add a new group and set access rights:

  1. Go to Organization Settings > User Management > Groups.
  2. Click Create Group.
  3. Write the name of the group in the Name field.
  4. Select the program to which this group applies
  5. Select the permissions you want to enable for the group. You can select from these options:
Option Details
Report Users in the group can:
  • Post comments
  • Change report states
  • Edit report titles and vulnerability types
  • Suggest bounties
  • Add/Remove external participants from reports
  • Edit common responses
  • Edit triggers
  • Request public disclosure
  • Agree to public disclosure request
  • Create CVE ID Requests
  • Transfer reports
Program Users in the group can:
  • Edit profile, program and bounty settings
  • Invite hackers
  • View billing information
  • Edit inbox views
Reward Users in the group can:
  • Grant rewards
  • Post comments
  • Suggest bounties
Admin Users in the group can:
  • Add/Remove users
  • Edit user permissions

Note: All groups have the ability to view reports and post internal comments by default.

  1. Click Add group.

user group

To edit your group name and permissions, click Edit next to the group you want to edit in Organization Settings > User Management > Groups.

Adding or Removing Users

To add or remove users from a group. See Updating access for existing users for more information.