Roles and permissions
Roles in your organization are divided into two levels: organization-level roles and application-level roles. This page describes all the roles, and what each role can do.
Organization-level roles
- Organization Admin: Sets up your organization's account and manages users and groups within it. Each organization has at least one Organization Admin.
- Organization Application Manager: Has full access to all applications within the organization.
Note: You can assign organization-level roles to users or groups. Most users don't have organization-level permissions, but receive application-level permissions from an Application Admin. No Global Role refers to users who don't have organization-level permissions.
Application-level roles
- Application Admin: The owner of one or more applications.
- Contributor: A user with access to an application who can create and manage projects, run test, and triage issues.
- Member: A user with access to an application who can do everything a contributor can do, except create, update, or delete projects.
- Observer: A user with access to an application who can view projects, test results, and issues, but cannot run tests or triage issues.
Note: After you add a user or group to an application, you can set the user or group's application-level role.
Roles and permissions tables
Organization-Level Roles | Application-Level Roles | |||||
---|---|---|---|---|---|---|
Organization Admin | Organization Application Manager | Application Admin | Application Contributor | Application Member | Application Observer | |
Entitlements (controlled at the Application level) | ||||||
View entitlements | ||||||
Allocate entitlements to the application | ||||||
Application | ||||||
Create applications | ||||||
View applications | ||||||
Update applications | ||||||
Delete applications | ||||||
Project | ||||||
Create projects | ||||||
View projects | ||||||
Update projects | ||||||
Delete projects | ||||||
Branch | ||||||
Create branch | ||||||
View branch | ||||||
Update branch | ||||||
Delete branch | ||||||
Assign policies to branch | ||||||
Tags | ||||||
Create tags | ||||||
View tags | ||||||
Update tags | ||||||
User Management | ||||||
Add users | ||||||
Assign users to specific applications | ||||||
Reset two-factor authentication for user | ||||||
View users assigned to application-level roles | ||||||
Assign/unassign other users to application-level roles | ||||||
View list of application roles | ||||||
Group Management | ||||||
Create groups | ||||||
View a list of all groups | ||||||
View groups you belong to | ||||||
View a group's members | ||||||
View a group's organization-level role | ||||||
View a group's application-level role | ||||||
Update a group's name | ||||||
Update a group's organization-level role | ||||||
Update a group's application-level role | ||||||
Add or remove group members | ||||||
Delete groups | ||||||
Scanning/Test Management | ||||||
Start scan | ||||||
View scan | ||||||
Pause scan (update) | ||||||
Cancel scan (delete) | ||||||
Issue Remediation | ||||||
Update issue (not triaged/to be fixed) | ||||||
Delete issue (dismiss) | ||||||
View issue history | ||||||
Enable/disable | ||||||
Use | ||||||
Jira Integration | ||||||
Create organization-level configuration | ||||||
View organization-level configuration | ||||||
Update organization-level configuration | ||||||
Delete organization-level configuration | ||||||
Create project-level configuration | ||||||
View project-level configuration | ||||||
Update project-level configuration | ||||||
Create Jira Export | ||||||
View Jira Export | ||||||
Update Jira Export | ||||||
Delete Jira Export | ||||||
Comment Jira Export | ||||||
Secure Code Warrior Integration | ||||||
Enable/disable integration | ||||||
Dashboard | ||||||
View dashboard | ||||||
Manage default filters | ||||||
Reporting | ||||||
Create report | ||||||
Audit | ||||||
View audit log | ||||||
Download audit log | ||||||
Policy | ||||||
Create policy | ||||||
Assign/unassign policy to project | ||||||
Update policy | ||||||
Delete policy | ||||||
View policy applied to project | ||||||
Receive policy notifications | ||||||
Notifications | ||||||
Manage global notification settings | ||||||
SCM Repository Configuration | ||||||
Create SCM repository connection | ||||||
Bulk onboard applications and projects | ||||||
Integrate individual repositories/bulk onboarding projects into application | ||||||
View SCM repository connection | ||||||
Update SCM repository connection | ||||||
Test SCM repository connection | ||||||
Cancel bulk onboarding of applications and projects | ||||||
Cancel bulk onboarding of projects into applications | ||||||
Component | ||||||
View component | ||||||
Update component triage status | ||||||
Export SBOM (report) | ||||||
License | ||||||
View license | ||||||
Update License (Pick license) |