Roles and permissions

Roles in your organization are divided into two levels: organization-level roles and application-level roles. This page describes all the roles, and what each role can do.

Organization-level roles

  • Organization Admin: Sets up your organization's account and manages users and groups within it. Each organization has at least one Organization Admin.
  • Organization Application Manager: Has full access to all applications within the organization.
Note: You can assign organization-level roles to users or groups. Most users don't have organization-level permissions, but receive application-level permissions from an Application Admin. No Global Role refers to users who don't have organization-level permissions.

Application-level roles

  • Application Admin: The owner of one or more applications.
  • Contributor: A user with access to an application who can create and manage projects, run test, and triage issues.
  • Member: A user with access to an application who can do everything a contributor can do, except create, update, or delete projects.
  • Observer: A user with access to an application who can view projects, test results, and issues, but cannot run tests or triage issues.
Note: After you add a user or group to an application, you can set the user or group's application-level role.

Roles and permissions tables

Table 1. Roles and permissions
Organization-Level Roles Application-Level Roles
Organization Admin Organization Application Manager Application Admin Application Contributor Application Member Application Observer
Entitlements (controlled at the Application level)
View entitlements
Allocate entitlements to the application
Application
Create applications
View applications
Update applications
Delete applications
Project
Create projects
View projects
Update projects
Delete projects
Branch
Create branch
View branch
Update branch
Delete branch
Assign policies to branch
Tags
Create tags
View tags
Update tags
User Management
Add users
Assign users to specific applications
Reset two-factor authentication for user
View users assigned to application-level roles
Assign/unassign other users to application-level roles
View list of application roles
Group Management
Create groups
View a list of all groups
View groups you belong to
View a group's members
View a group's organization-level role
View a group's application-level role
Update a group's name
Update a group's organization-level role
Update a group's application-level role
Add or remove group members
Delete groups
Scanning/Test Management
Start scan
View scan
Pause scan (update)
Cancel scan (delete)
Issue Remediation
Update issue (not triaged/to be fixed)
Delete issue (dismiss)
View issue history
Enable/disable
Use
Jira Integration
Create organization-level configuration
View organization-level configuration
Update organization-level configuration
Delete organization-level configuration
Create project-level configuration
View project-level configuration
Update project-level configuration
Create Jira Export
View Jira Export
Update Jira Export
Delete Jira Export
Comment Jira Export
Secure Code Warrior Integration
Enable/disable integration
Dashboard
View dashboard
Manage default filters
Reporting
Create report
Audit
View audit log
Download audit log
Policy
Create policy
Assign/unassign policy to project
Update policy
Delete policy
View policy applied to project
Receive policy notifications
Notifications
Manage global notification settings
SCM Repository Configuration
Create SCM repository connection
Bulk onboard applications and projects
Integrate individual repositories/bulk onboarding projects into application
View SCM repository connection
Update SCM repository connection
Test SCM repository connection
Cancel bulk onboarding of applications and projects
Cancel bulk onboarding of projects into applications
Component
View component
Update component triage status
Export SBOM (report)
License
View license
Update License (Pick license)