What Permissions Are Available To Users Via A Permissions Matrix?
This article explains what permissions are available to assign to users as part of Roles or as direct permissions in the form of a permissions matrix.
Version Number: v1.0.0
Published Date: 25 May 2026
____________________________________________________________________________
| User | Scope available: All, User, Organization |
|
Permission
|
User
|
| View | View Users in current users organization |
| View Users' Role Assignments | |
| Edit | Create User alerts |
| Update User alerts | |
| Delete User alerts | |
| Update User | |
| Lock User | |
| Unlock User | |
| Reset Password | |
| Reset Email | |
| Set OTP secrey | |
| Delete | Delete User |
| Assign Role | Assign roles to User |
| Remove roles from User | |
| Organization | Scope available: All, Organization |
|
Permission
|
User
|
| View | View Organizations |
| Edit | Edit Organizations |
| Licence oversight | View licence utilization summary on organization |
| Edit options | Global settings feature |
| Edit SLAs | Create SLAs |
| Edit SLAs | |
| Delete SLAs | |
| Bulk replace SLAs | |
| Tag oversight | Check oversight permissions |
| Permission | Scope available: All, User, Organization |
|
Permission
|
User
|
| Edit | Grant permissions on target user |
| Deny permissions on target user | |
| View | View permissions on target user |
| Resolve permissions on target user | |
| Delete | Delete permission on target user |
| Location Specifier | Scope available: All, Location Specifier, Asset, Organization |
|
Permission
|
User
|
| View | View location specifiers on an asset |
| Edit | Edit location specifiers on an asset |
| Delete | Delete location specifiers on a asset |
| Licence | Scope available: All, Licence, Organization |
|
Permission
|
User
|
| View | View Licences |
| Edit | Assign Licences |
| Unassign Licences | |
| Upgrade | Upgrade a consumed active licence to another licence |
| Order | Scope available: All, Order, Organization |
|
Permission
|
User
|
| View | View Orders |
| Pause Schedule | Scope available: All, Organization, Scanning Schedule |
|
Permission
|
User
|
| View | View pause schedules |
| View pause windows | |
| Create | Create Pause Schedule |
| Edit | Edit Pause Schedule |
| Delete | Delete Pause Schedule |
| EASM/Investigation | Scope available: All, EASM/Investigation, Organization |
|
Permission
|
User
|
| View | View Easm Investigations |
| Create | Create EASM Investigations on an Organization |
| Create EASM Investigation schedules | |
| Edit | Edit EASM Investigations |
| Edit EASM Investigation schedules | |
| Delete | Delete EASM investigations |
| Browser Recording | Scope: All, Organization |
|
Permission
|
User
|
| View | View the details of browser recording and their scanner interaction steps. |
| Create | Create new browser recording by uploading chrome recording files. |
| Edit | Edit existing browser recording and their scanner interaction steps. |
| Delete | Delete browser recording. |
| Credential Vault | Scope: All, Credential Vault, Organization |
|
Permission
|
User
|
| View | View credentials and their details |
| View credential types, scopes, and roles | |
| View associated assets and authentication workflows | |
| Create | Create new credentials |
| Define credential information (SSH, SMB, NTLM, ESXi, OAuth, Dynamic Form, Basic Auth) | |
| Edit | Edit existing vault credentials |
| Update credential information, descriptions, scopes, and roles | |
| Change organization assignment if user also has create permission on target organization and no authentication workflows are assigned | |
| Delete | Delete shared credentials not assigned to authentication workflows |
| Role | Scope: All, Organization |
|
Permission
|
User
|
| View | View Roles |
| View Role Permissions | |
| Create | Create New Roles |
| Edit | Edit Roles |
| Add Role Permissions | |
| Update Role Permissions | |
| Delete Role Permissions | |
| Bulk Create Role Permissions | |
| Bulk Delete Role Permissions | |
| Delete | Delete Role |
| Scan Config | Scope: All, Organization |
|
Permission
|
User
|
| View | View scan configurations for assets |
| including config type and scan-config detail fields exposed by the API (for example web target selection strategy and per-config info such as scanner-enabled/credential-limits views). | |
| Create | Create a new scan configuration |
| Edit | Edit scan configuration settings |
| Delete | Delete existing scan config |
| Manage Authentication | Manage authentication setup on a scan config, e.g. |
| show/create/delete authentication workflows | |
| manage credential field mappings | |
| create/delete scanner automation assignments linking browser recordings to workflows. | |
| Note: This permission replaces the Authentication Workflow View, Create, Edit, and Delete permissions. To access authentication workflows, users need view on Scan Config (to list them) and manage_authentication on Scan Config (for all other operations). The Authentication Workflow CRUD permissions are not enforced at runtime. | |
| Manage Session Verification | Manage session verification resources on a scan config: |
| request macros | |
| request macro steps | |
| verification indicators | |
| (view/create/edit/delete operations on those resources). | |
| Manage Token Mappings | Manage token mapping resources on a scan config: |
| token sets | |
| token mappings | |
| (view/create/edit/delete), including extraction/injection and token transformation configuration. | |
| Insight | Scope: All, Organization |
|
Permission
|
User
|
| View | View Insight |
| Edit | Update Insight |
| set the expiry_date, which causes a new insight to be generated asynchronously | |
| OptIn | Scope: All, Organization |
|
Permission
|
User
|
| View | View OptIn |
| Create | Create OptIn |
| Edit | Update OptIn |
| to revoke an OptIn |