User Roles and Permissions

Learn about the user roles and associated permissions.

Depending on your role, you may have access to an organization, specific pentests, or both.

	Roles and Key Permissions
User Roles	Pentest level: Pentest Team Member: Collaborates on a specific pentest. Has no access to organization users and settings, unless the user is also an Organization Owner or Member. Organization level: Organization Owner: Can create assets and pentests. Manages organization users and settings. Can’t collaborate on specific pentests, unless the user is also a Pentest Team Member on these pentests. Organization Member: Can create assets and pentests. Can view organization users and settings. Can’t collaborate on specific pentests, unless the user is also a Pentest Team Member on these pentests. Pentest + organization level: Organization Owner + Pentest Team Member (on specific pentests) Organization Member + Pentest Team Member (on specific pentests)
Pentester Roles	Cobalt pentesters: Pentester: Completes pentests for Cobalt customers. Pentest Lead: Leads a group of Cobalt Pentesters to complete a pentest. Customer pentesters: In-House Pentester: Performs pentests for their organization on the Cobalt Pentest Management Platform.
Administrative Role	Cobalt Staff: Has administrative access to your pentests and organization.

Roles and Key Permissions

User Roles

Pentest level:

Pentest Team Member:
- Collaborates on a specific pentest.
- Has no access to organization users and settings, unless the user is also an Organization Owner or Member.

Organization level:

Organization Owner:
- Can create assets and pentests.
- Manages organization users and settings.
- Can’t collaborate on specific pentests, unless the user is also a Pentest Team Member on these pentests.
Organization Member:
- Can create assets and pentests.
- Can view organization users and settings.
- Can’t collaborate on specific pentests, unless the user is also a Pentest Team Member on these pentests.

Pentest + organization level:

Organization Owner + Pentest Team Member (on specific pentests)
Organization Member + Pentest Team Member (on specific pentests)

Pentester Roles

Cobalt pentesters:

Pentester: Completes pentests for Cobalt customers.
Pentest Lead: Leads a group of Cobalt Pentesters to complete a pentest.

Customer pentesters:

In-House Pentester: Performs pentests for their organization on the Cobalt Pentest Management Platform.

Administrative Role

Cobalt Staff: Has administrative access to your pentests and organization.

Pentest Team Member

A Pentest Team Member is a customer (organization) representative during a specific pentest. In the UI, you see this role as “Team Member.”

A Pentest Team Member does not have to be an Organization Owner or an Organization Member.
When an Organization Owner invites a user to an organization, the user also becomes a Pentest Team Member on all pentests of the organization.
- An Organization Owner can remove a Pentest Team Member from all pentests they collaborate on.
- Any Pentest Team Member can add users to a specific pentest or remove them.

A Pentest Team Member has access to a specific pentest with the following permissions:

View and edit pentest details.
Collaborate on a pentest in the Cobalt app and in Slack.
Manage users for a pentest.
View pentest activity updates and pentester updates.
Manage integrations for a pentest: Jira and GitHub.

A Pentest Team Member has no access to any information related to the organization, unless they’re also an Organization Owner or Member.

Learn more.

Organization Roles

When a customer starts their journey with Cobalt, we add an Organization Owner who then invites other users. Here is an overview of organization roles and permissions.

Permission	Organization Member	Organization Owner
Create assets and pentests, edit assets	✓	✓
View organization users and pentest collaborators on the People page	✓	✓
Manage integrations for an organization	✓	✓
Edit the organization profile	✓	✓
View the credits ledger	✓	✓
View the Insights page	✓	✓
Manage users for an organization	—	✓
Manage security settings for an organization: two-factor authentication and SAML	—	✓
Enable co-branded reports (for Cobalt partners)	—	✓

Organization Owner

An Organization Owner is the administrator for a customer organization within the Cobalt app. In the UI, you see this role as “Owner.”

An Organization Owner has the following permissions:

Create assets and pentests, edit assets.
Manage users for an organization on the People page:
- Invite and remove users.
- Switch user roles.
- View users’ email addresses.
- Remove Pentest Team Members from all pentests they collaborate on.
Manage security settings for an organization: two-factor authentication and SAML.
Enable co-branded reports (for Cobalt partners).
Manage integrations for an organization.
Edit the organization profile.
View the credits ledger.
View the Insights page.

An Organization Owner may also be a Pentest Team Member.

Organization Member

An Organization Member is a customer representative who manages pentests and assets for their organization on the Cobalt platform but has less permissions compared to an Organization Owner. In the UI, you see this role as “Member.”

An Organization Member has the following permissions:

Create assets and pentests, edit assets.
View users and pentest collaborators on the People page.
Manage integrations for an organization.
Edit the organization profile.
View the credits ledger.
View the Insights page.

An Organization Member may also be a Pentest Team Member.

Cobalt Pentesters

When you run pentests using the Cobalt Pentest as a Service (PtaaS) platform, Cobalt pentesters participate in the process.

Pentester

A Pentester is a Cobalt pentester who completes pentests for Cobalt customers.

The responsibilities of a Pentester include:

Thoroughly test an asset for vulnerabilities based on the pentest scope and requirements.
Submit vulnerabilities (findings) and provide remediation tips.
Retest findings that the customer has remediated within a pentest.
Collaborate with the customer throughout a pentest.

Some Cobalt pentesters may be a Lead in one test, a Pentester in a second test, and possibly no role and no involvement in your other pentests.

Pentest Lead

A Pentest Lead is a Cobalt pentester who leads other Cobalt pentesters in their efforts to complete a Comprehensive Pentest. A Pentest Lead also drafts the pentest report (for Comprehensive Pentests).

We don’t assign a Pentest Lead to Agile Pentests.

In-House Pentester

A pentester invited by a customer (organization) to perform In-House Pentests on the Cobalt Pentest Management Platform (PMP). An In-House Pentester role has the same privileges as a Pentest Team Member, with additional access to pentester functionality.

Learn how to complete an In-House Pentest.

Cobalt Staff

Select Cobalt Staff members have administrative access to your organization and pentests. If needed, they can help you:

Manage users in your organization.
Manage work on your pentests.

Was this page helpful?

Yes No Create an Issue

Last modified April.04.2023