Roles

Overview

User roles define what actions a member can perform within a project. Roles control access to project configuration, vulnerability triage, integrations, and administrative operations.

Permissions are enforced both in the web application and the API.

Tip

Currently, each organization contains a single project. Roles, therefore, apply to the entire organization.

Available Roles

You can configure the following user roles per project:

Role	Description
Admin	`Full access to the project, including user management, billing, and configuration.`
Analyst	`Can triage CVEs, manage monitored software, and configure integrations.`
Viewer	`Read-only access to project data, including alerts and monitored software.`

API Access

All API endpoints are available under the following base path:

/api/v1/*

Health endpoints:

Permission Legend

Icon	Meaning
	Read access
	Create or update resources
	Destructive operation

Role Permissions

The following table describes which roles are allowed to access specific API operations.

Endpoint	Method	Allowed Roles	Description
`/project`	`PUT`	Admin, Analyst	Rename project
`/project/billing`	`GET`	Admin	Access project billing portal
`/project/users/invite`	`POST`	Admin	Invite user to project
	`DELETE`	Admin	Delete project invitation
`/project/users/remove`	`POST`	Admin	Remove user from project
`/project/users/role`	`POST`	Admin	Update project user role
`/alerts/status`	`PATCH`	Admin, Analyst	Update alert status
`/software/monitoring`	`POST`	Admin, Analyst	Add software to monitoring
`/software/monitoring/{uuid}`	`PATCH`	Admin, Analyst	Update monitoring entry
	`DELETE`	Admin, Analyst	Delete monitoring entry
`/webhooks`	`POST`	Admin, Analyst	Create or update webhook
	`DELETE`	Admin, Analyst	Delete existing webhook

Notes and Limitations

Tip

Use the Viewer role for dashboards, auditing, or stakeholders who only need visibility into vulnerabilities.

Warning

Privileged actions such as inviting users, changing roles, and accessing billing are restricted to the Admin.