Skip to main content

Roles & Permissions

Configure role-based access control for your organization

rolespermissionsRBACaccess control

Roles & Permissions

Securtea uses role-based access control (RBAC) to manage what users can do within your organization. Configure roles to match your security requirements.

Understanding RBAC

How It Works

  1. Permissions define specific actions users can take
  2. Roles group permissions together
  3. Assignments give roles to users
  4. Access is checked when users perform actions

Permission Model

Permissions follow a pattern:

{resource}:{action}

Examples:

  • organization:update - Modify organization settings
  • user:manage - Manage organization members
  • assessment:run - Execute compliance assessments

Default Roles

Securtea provides pre-configured roles:

Organization Owner

Full control over the organization:

  • All permissions granted
  • Cannot be removed
  • Can transfer ownership
  • Only one owner per organization

Organization Admin

Administrative access:

  • Manage users and roles
  • Configure settings
  • Run assessments
  • View all data

Organization Member

Standard user access:

  • View dashboard
  • Run assessments
  • Generate reports
  • View compliance data

SSO User

Read-only access for SSO-provisioned users:

  • View dashboard
  • View compliance data
  • Cannot modify configurations

Billing Admin

Billing-focused access:

  • Manage subscription
  • View invoices
  • Update payment methods
  • Cannot access security data

Billing Reader

View-only billing access:

  • View subscription status
  • View invoices
  • No modification rights

Viewing Roles

Role List

Navigate to Settings > Organization > Roles to see:

ColumnDescription
Role NameDisplay name
MembersUsers with this role
PermissionsNumber of permissions
TypeDefault or custom

Role Details

Click a role to view:

  • Full permission list
  • Assigned members
  • Role description
  • Creation/modification dates

Managing Role Assignments

Assigning Roles

To assign a role to a user:

  1. Go to Settings > Organization > Members
  2. Find the user
  3. Click role dropdown
  4. Select new role
  5. Change takes effect immediately

Multiple Roles

Users can have multiple roles:

  • Permissions are combined (union)
  • Most permissive access applies
  • Useful for specialized access needs

Time-Bound Assignments

Assign roles with expiration:

  1. Click Add Role on user
  2. Select role
  3. Enable Expires
  4. Set expiration date
  5. Add justification (optional)

Use for:

  • Temporary elevated access
  • Contractor access
  • Audit periods

Permission Categories

Organization Permissions

PermissionDescription
organization:readView organization info
organization:updateModify settings
organization:deleteDelete organization

User Permissions

PermissionDescription
user:readView member list
user:manageInvite/remove members
user:roleAssign roles

Assessment Permissions

PermissionDescription
assessment:readView assessments
assessment:runExecute assessments
assessment:manageConfigure frameworks

Report Permissions

PermissionDescription
report:readView reports
report:generateCreate reports
report:manageConfigure reporting

Integration Permissions

PermissionDescription
integration:readView integrations
integration:manageConfigure connections

Billing Permissions

PermissionDescription
billing:readView subscription
billing:manageModify billing

Custom Roles

Creating Custom Roles

  1. Click Create Role
  2. Enter role name and description
  3. Select permissions
  4. Save role

Editing Custom Roles

  1. Click role name
  2. Click Edit
  3. Modify permissions
  4. Save changes

Deleting Custom Roles

  1. Select role
  2. Click Delete
  3. Reassign affected users
  4. Confirm deletion

Default roles cannot be deleted.

Permission Checking

How Permissions Are Checked

When a user attempts an action:

  1. System identifies required permission
  2. User's roles are retrieved
  3. Permissions from all roles are combined
  4. If required permission exists, action allowed
  5. If missing, action denied

ANY vs ALL Logic

Some actions require multiple permissions:

  • ANY - User needs at least one
  • ALL - User needs every permission

Configure this in custom role settings.

Audit Trail

Role Change Logging

All role changes are logged:

  • Who made the change
  • What changed
  • When it occurred
  • Previous and new state

Viewing Audit Log

  1. Go to Settings > Organization > Roles
  2. Click Audit Log
  3. Filter by date, user, or action

Best Practices

Principle of Least Privilege

Assign minimum necessary permissions:

  • Start with basic access
  • Add permissions as needed
  • Review regularly

Role Design

Design roles around job functions:

  • Security Analyst → Assessment + Report permissions
  • Compliance Officer → Read + Report permissions
  • IT Admin → Full technical access

Regular Review

Periodically audit role assignments:

  • Check for over-privileged users
  • Remove unnecessary access
  • Update roles as needs change

What's Next?

Global Search

Search for pages, settings, and documentation