Default roles
Invicti is a multi-user system that utilizes role-based access control (RBAC) to effectively manage user permissions. This allows you to control and restrict access by assigning specific roles to users based on their responsibilities.
The first account created is the Owner, who has the authority to add new users, assign roles, and configure which scan targets can be accessed for scanning or reporting. For more information about adding users and configuring custom roles, refer to Edit, delete, or disable users and Create and manage roles documents.
This document provides an overview of default roles in Invicti Platform.
Default roles
A role is a set of permissions that administrators assign to users or user groups. When adding a new user, you must select an appropriate role. The Invicti Platform offers five default roles.
Only a user with the Owner role can create users. |
The table below outlines the default roles and their respective responsibilities.
Default Roles | |||||
Permission | Administrator | Viewer | Security Analyst | Owner | Security Manager |
System | None | None | None | Full | None |
Excluded Hour | Full | Read | Read | Full | Read |
API Security | None | None | None | Full | None |
API Discovery | Full | None | Full | Full | Full |
Integrations | Full | Read | Read | Full | Full |
Orchestrator | None | None | Read | Full | Read |
Orchestrator Bulk | None | None | None | Full | None |
Orchestrator Assets | None | None | None | Full | None |
Report | Full | Full | Full | Full | Full |
Scan | Full | None | Full | Full | Full |
Scanning Profile | Full | Read | Read | Full | Read |
Target | Full | Read | Read | Full | Full |
Vulnerability | Full | Read | Full | Full | Full |
WAF Uploader | Full | Read | Full | Full | Full |
Workflows | Full | Read | Read | Full | Read |
Assets | Full | Read | Full | Full | Full |
Assets Owner Verification | Full | None | Full | Full | Full |
Organizations | Full | None | Full | Full | Full |
Teams | Full | Read | Full | Full | Full |
APIs | Full | Read | Full | Full | Full |
Clients | Full | Read | Full | Full | Full |
Applications | Full | Read | Full | Full | Full |
Team Members | Full | Read | Full | Full | Full |
Users | None | None | None | Full | None |
Users Impersonation | None | None | None | Full | None |
Collections | Full | Read | Read | Full | Read |
Client Credentials | Full | None | Full | Full | Full |
Permissions | Full | None | Full | Full | Full |
Roles | Full | Read | Full | Full | Full |
Authenticators | None | None | Read | Read | Read |
Password Policy | Full | None | Full | Full | Full |
Licenses | Full | None | Full | Full | Full |
User Credentials | None | None | None | Full | None |
Applications Access Control | Full | None | Full | Full | Full |
MFA Providers | None | Read | Read | Read | Read |
Worker Management | Full | Read | Full | Full | Full |
Audit | None | None | Read | Read | Read |