User Roles and Permissions

Learn about the user roles and associated permissions.

Depending on their role, a user can collaborate at the pentest or organization level.

Pentest Level Organization Level
A Pentest Team Member:
  • Can collaborate on a specific pentest
  • Has no access to users or settings of an organization
An Organization Owner has the highest level of access and can:
  • Manage users and settings
  • Create and edit assets and pentests
An Organization Member can:
  • View users and settings
  • Create and edit assets and pentests

Refer to the table below for a detailed list of permissions and privileges for each role. Some permissions depend on the PtaaS tier of your organization.

Permission Pentest Team Member Organization Member Organization Owner
View and edit pentest details ✔️ ✔️ ✔️
View pentest activity updates and pentester updates ✔️ ✔️ ✔️
View and manage pentest findings ✔️ ✔️ ✔️
Invite Pentest Team Members to a specific pentest and remove them ✔️ ✔️ ✔️
Create and manage Cobalt API tokens ✔️ ✔️ ✔️
Manage integrations for a specific pentest: Jira one-way and GitHub ✔️ ✔️ ✔️
Access the following pages in the Cobalt app: Assets, Insights, People, Credits, Integrations, and Settings ✔️ ✔️
Create assets and pentests ✔️ ✔️
View all users and pentest collaborators within an organization ✔️ ✔️
Manage integrations for an organization, including webhooks ✔️ ✔️
View and edit general organization settings (logo, name) ✔️ ✔️
Manage users for an organization ✔️
View the email addresses of users on the People page ✔️
Manage identity and access settings for an organization: two-factor authentication and SAML SSO ✔️
Enable co-branded reports (for partners) ✔️

Was this page helpful?

Yes No Create an Issue

Last modified January.01.2023