What Are Roles In Edgescan?

Version Number: v1.0.0

Published Date: 9 Dec 2025

____________________________________________________________________________

Purpose

This article introduces Role-Based Access Control (RBAC) in Edgescan, explains why roles exist, and how they simplify managing user access compared to direct permissions.

What is RBAC?

Role-Based Access Control (RBAC) is a security model that assigns permissions to roles, rather than directly to individual users. Users are then assigned one or more roles, which determine what actions they can perform in the platform.

Why Roles?

Simplifies Administration: Instead of managing dozens of individual permissions per user, you assign a role that bundles relevant permissions.
Consistency: Ensures users with similar responsibilities have the same access.
Security: Supports the principle of least privilege, reducing risk by granting only what’s necessary.

Roles vs Direct Permissions

Edgescan supports both:

Roles: Predefined sets of permissions for common responsibilities.
Direct Permissions: Granular controls for advanced scenarios where fine-tuning is required.

Roles are recommended for most cases because they are easier to manage and maintain.

Default Roles in Edgescan

Edgescan provides a set of predefined roles to cover common operational needs. Roles can be combined, meaning a user can hold multiple roles if necessary.

Organization Roles

Org Administrator: Can configure organization-level settings and has the same administrative controls as an Asset and Scan Administrator.
Org Viewer: Can view organization-level, Asset level and Scan level details but cannot make changes.

Asset Roles

Asset Administrator: Can add, edit, and configure assets.

Scan Roles

Scan Administrator: Full control over scanning operations.

Important Notes

Roles can be combined for flexibility.
The Superuser role is deprecated.
For guidance on migrating from Superuser to role-based access, see:
Migration from Superuser to Roles.