Roles
Admin
Team owners. Full control of settings, members, roles, identity (SSO/SCIM),
repositories, scans, findings, integrations, and API keys.
Manager
Runs the security program day to day: members, repositories, scans, findings,
schedules, workflows, rules, and integrations, without owning identity.
Member
Does the work: runs scans and triages findings, but doesn’t manage team
configuration, roles, SSO, or integrations.
Read Only
Visibility without mutation, for stakeholders who need to see results and
settings but not change them.
Permission matrix
Manage = read and write · View = read only · None = no access.| Resource | Admin | Manager | Member | Read Only |
|---|---|---|---|---|
| Team settings | Manage | View | None | None |
| Members | Manage | Manage | None | None |
| Roles | Manage | View | None | None |
| SSO / SCIM | Manage | View | None | None |
| Repositories | Manage | Manage | View | View |
| Scans | Manage | Manage | Manage | View |
| Vulnerabilities | Manage | Manage | Manage | View |
| Rules | Manage | Manage | View | View |
| Schedules | Manage | Manage | Manage | View |
| Workflows | Manage | Manage | None | None |
| Integrations | Manage | Manage | None | None |
| API keys | Manage | View | View | View |
| Audit log | None | View | None | None |