Default roles
Invicti is a multi-user system that utilizes role-based access control (RBAC) to effectively manage user permissions. This allows you to control and restrict access by assigning specific roles to users based on their responsibilities.
The first account created is the Owner, who has the authority to add new users, assign roles, and configure which scan targets can be accessed for scanning or reporting. For more information about adding users and configuring custom roles, refer to Edit, delete, or disable users and Create and manage roles documents.
This document provides an overview of default roles in Invicti Platform.
Default roles
A role is a set of permissions that administrators assign to users or user groups. When adding a new user, you must select an appropriate role. The Invicti Platform offers five default roles.
New users can be added by Owners and Admins. |
The table below outlines the default roles and their respective responsibilities.
Permission | Description | Owner | Administrator | Security Manager | Security Analyst | Viewer |
Root | System + extra super permission such as global password policy, creation of APIs, organizations | ☑️ | ||||
System | Organization & licensing details, read/configure SSO & system settings | ✅ | ||||
Subscription | Read licensing information | ✅ | ||||
Users | Manage RBAC (users, teams, roles, memberships, permissions) | ✅ | ✅ | |||
Audit Logs | Read audit logs | ✔️ | ✔️ | |||
Excluded Hours | Excluded hours | ✅ | ✅ | ✔️ | ✔️ | ✔️ |
Scan Profiles | Scanning profiles | ✅ | ✅ | ✔️ | ✔️ | ✔️ |
Collections* | Inventory Collections | ✅ | ✅ | ✅ | ✔️ | ✔️ |
Integrations | All integrations | ✅ | ✅ | ✅ | ✔️ | ✔️ |
Automations | All automations | ✅ | ✅ | ✅ | ✔️ | ✔️ |
Agents | DAST Worker management | ✅ | ✅ | ✅ | ✅ | ✔️ |
Scans* | Scans and headless scans (MegaDAST) | ✅ | ✅ | ✅ | ✅ | ✔️ |
Applications* | Inventory Applications | ✅ | ✅ | ✅ | ✅ | ✔️ |
Assets* | Inventory assets, targets and external targets | ✅ | ✅ | ✅ | ✅ | ✔️ |
Vulnerabilities* | Vulnerabilities | ✅ | ✅ | ✅ | ✅ | ✔️ |
Website Discovery* | Website discovery feature | ✅ | ✅ | ✅ | ✅ | ✔️ |
API Security* | API Security | ✅ | ✅ | ✅ | ✅ | ✔️ |
Reports* | Report generation and management | ✅ | ✅ | ✅ | ✅ | ✅ |
Each permission exists as:
- ✅Full
- ✔️View only
- ☑️Root Organization Only
* Permissions are affected by Collections (if restricted)