Skip to content

Roles and permissions

Roles

Each user has a role that defines their permissions and affects the interface. The user roles are listed in the table below.

User role Identifier Description
Unknown unknown User is not activated
Read only readOnly Limited functionality. Reading, downloading and clicking links within their organization are available.
Analyst analyst Limited functionality. All features of the “Read only” role as well as PDF scan report generation within their organization are available.
User user Basic functionality. The user can create scans and targets
Administator admin Advanced functionality. The administrator has access to all available functionality within their organization.
Super administrator superAdmin Maximum available functionality. It can only belong to users from the default organization (e.g. the default user)

Permissions

The following tables indicate the correspondence between roles and permissions.

Scans

Action Organization Super administrator Administrator User Analyst Read only
View the list of scans Own
Other
View scan details Own
Other
Create a new scan Own
Other
Create a direct scan1 Own
Other
Repeat a scan Own
Other
Pause a scan Own
Other
Resume a scan Own
Other
Abort a scan Own
Other
Delete a scan Own
Other
Move scans between organizations

Issues

Action Organization Super administrator Administrator User Analyst Read only
Mark Own
Other

Targets

Action Organization Super administrator Administrator User Analyst Read only
View a list of targets Own
Other
View target details Own
Other
Create a new target2 Own
Other
Edit a target Own
Other
Delete a target Own
Other

HTTP Endpoints

Action Organization Super administrator Administrator User Analyst Read only
View Own
Other

Raw scan report

Action Organization Super administrator Administrator User Analyst Read only
View Own
Other
Download the report file in JSON format Own
Other

PDF reports

Action Organization Super administrator Administrator User Analyst Read only
View the list of reports Own
Other
Generate a report Own
Other
Delete a report Own
Other
Download a report Own
Other

Settings

Action Super administrator Administrator User Analyst Read only
View settings
Edit user data
Change an e-mail
Change a user name
Change the name of an organization
Change a position
Change a password

Access tokens

Action Super administrator Administrator User Analyst Read only
View the list of access tokens
Create a new access token
Revoke an access token
Link Super administrator Administrator User Analyst Read only
Documentation
API Specification
Contact Us

Organizations

Action Organization Super administrator Administrator User Analyst Read only
Create a new organization
Change an organization Own
Other
Delete an organization Own
Other
Add domain restrictions Own
Other
Delete domain restrictions Own
Other

Users

Action Organization Target user role Super administrator Administrator
Create a new user Own Unknown
Other
Assign a user to an organization Own Unknown
Other
Activate a user and assign a role Own Super administrator
Other
Own Administrator
Other
Own Other
Other
Change an own e-mail Own
Change an e-mail for other users Own Super administrator
Other
Own Administrator
Other
Own Other
Other
Change an own password Own
Change a password for other users Own Super administrator
Other
Own Administrator
Other
Own Other
Other
Change own other data Own
Change other data for other users Own Super administrator
Other
Own Administrator
Other
Own Other
Other

  1. A scan is classified as “direct” when created via a POST /api/scans request with the raw parameter specified. No target creation is needed for this type of scan; its parameters are set in accordance with the scanner's supported schema. 

  2. If domain restrictions are configured within an organization, all users except the super administrator can only add targets and launch scans for them in accordance with those restrictions.