User Roles and Permissions
Learn about the user roles and associated permissions.
Depending on their role, a user can collaborate at the pentest or organization level.
| Pentest Level | Organization Level |
|---|---|
A Pentest Team Member:
|
An Organization Owner has the highest level of access and can:
|
Refer to the table below for a detailed list of permissions and privileges for each role. Some permissions depend on the PtaaS tier of your organization.
| Permission | Pentest Team Member | Organization Member | Organization Owner |
|---|---|---|---|
| View and edit pentest details | ✔️ | ✔️ | ✔️ |
| View pentest activity updates and pentester updates | ✔️ | ✔️ | ✔️ |
| View and manage pentest findings | ✔️ | ✔️ | ✔️ |
| Invite Pentest Team Members to a specific pentest and remove them | ✔️ | ✔️ | ✔️ |
| Create and manage Cobalt API tokens | ✔️ | ✔️ | ✔️ |
| Manage integrations for a specific pentest: Jira one-way and GitHub | ✔️ | ✔️ | ✔️ |
| Access the following pages in the Cobalt app: Assets, Insights, People, Credits, Integrations, and Settings | ➖ | ✔️ | ✔️ |
| Create assets and pentests | ➖ | ✔️ | ✔️ |
| View all users and pentest collaborators within an organization | ➖ | ✔️ | ✔️ |
| Manage integrations for an organization, including webhooks | ➖ | ✔️ | ✔️ |
| View and edit general organization settings (logo, name) | ➖ | ✔️ | ✔️ |
| Manage users for an organization | ➖ | ➖ | ✔️ |
| View the email addresses of users on the People page | ➖ | ➖ | ✔️ |
| Manage identity and access settings for an organization: two-factor authentication and SAML SSO | ➖ | ➖ | ✔️ |
| Enable co-branded reports (for partners) | ➖ | ➖ | ✔️ |
Last modified January.01.2023