Groups and Permissions

You can have customized groups with different access rights on your program. HackerOne program administrators can set these access rights for groups on your team. All security programs start with Admin and Standard default groups with set permissions that you can't edit, but you can still add or remove users to these groups.

Adding a New Group

To add a new group and set access rights:

  1. Go to your program's Program Settings > General > Group Management.
  2. Click Add Group.
  3. Write the name of the group in the Name field.
  4. Select the permissions you want to enable for the group. You can select from these options:
Option Details
Report Users in the group can:
  • Post comments
  • Change report states
  • Edit report titles and vulnerability types
  • Suggest bounties
  • Add/Remove external participants from reports
  • Edit common responses
  • Edit triggers
  • Request public disclosure
  • Agree to public disclosure request
  • Create CVE ID Requests
  • Transfer reports
Program Users in the group can:
  • Edit profile, program and bounty settings
  • Invite hackers
  • View billing information
  • Edit inbox views
Reward Users in the group can:
  • Grant rewards
  • Post comments
  • Suggest bounties
Admin Users in the group can:
  • Add/Remove users
  • Edit user permissions

Note: All groups have the ability to view reports and post internal comments by default.

  1. Click Create.

user group

To edit your group name and permissions, click Edit next to the group you want to edit in Settings > General > Group Management.

Adding or Removing Users

To add or remove users:

  1. Click Add/Remove users.
  2. Select the checkbox of the users you want to add to the group.
  3. Deselect the checkboxes of the users you want to remove from the group.
  4. Click Update.

Tutorial Video