Roles

Default roles

This document is for:

Invicti Platform

Invicti is a multi-user system that utilizes role-based access control (RBAC) to effectively manage user permissions. This allows you to control and restrict access by assigning specific roles to users based on their responsibilities.

The first account created is the Owner, who has the authority to add new users, assign roles, and configure which scan targets can be accessed for scanning or reporting. For more information about adding users and configuring custom roles, refer to Edit, delete, or disable users and Create and manage roles documents.

This document provides an overview of default roles in Invicti Platform.

Default roles

A role is a set of permissions that administrators assign to users or user groups. When adding a new user, you must select an appropriate role. The Invicti Platform offers five default roles.

Only a user with the Owner role can create users.

The table below outlines the default roles and their respective responsibilities.

	Default Roles
Permission	Administrator	Viewer	Security Analyst	Owner	Security Manager
System	None	None	None	Full	None
Excluded Hour	Full	Read	Read	Full	Read
API Security	None	None	None	Full	None
API Discovery	Full	None	Full	Full	Full
Integrations	Full	Read	Read	Full	Full
Orchestrator	None	None	Read	Full	Read
Orchestrator Bulk	None	None	None	Full	None
Orchestrator Assets	None	None	None	Full	None
Report	Full	Full	Full	Full	Full
Scan	Full	None	Full	Full	Full
Scanning Profile	Full	Read	Read	Full	Read
Target	Full	Read	Read	Full	Full
Vulnerability	Full	Read	Full	Full	Full
WAF Uploader	Full	Read	Full	Full	Full
Workflows	Full	Read	Read	Full	Read
Assets	Full	Read	Full	Full	Full
Assets Owner Verification	Full	None	Full	Full	Full
Organizations	Full	None	Full	Full	Full
Teams	Full	Read	Full	Full	Full
APIs	Full	Read	Full	Full	Full
Clients	Full	Read	Full	Full	Full
Applications	Full	Read	Full	Full	Full
Team Members	Full	Read	Full	Full	Full
Users	None	None	None	Full	None
Users Impersonation	None	None	None	Full	None
Collections	Full	Read	Read	Full	Read
Client Credentials	Full	None	Full	Full	Full
Permissions	Full	None	Full	Full	Full
Roles	Full	Read	Full	Full	Full
Authenticators	None	None	Read	Read	Read
Password Policy	Full	None	Full	Full	Full
Licenses	Full	None	Full	Full	Full
User Credentials	None	None	None	Full	None
Applications Access Control	Full	None	Full	Full	Full
MFA Providers	None	Read	Read	Read	Read
Worker Management	Full	Read	Full	Full	Full
Audit	None	None	Read	Read	Read