Get a demo
100% Signal 0% Noise Invicti Logo - The Largest Dynamic Application Security Solutions Provider In The World Get a demo
Application Security Platform
Users

Restrict user permissions

This document is for:
Invicti Platform

This document explains how user permissions are managed and restricted within the Invicti Platform. Understanding this mechanism is crucial for ensuring appropriate access control and security in your organization.

Overview of permissions

User access within Invicti Platform is governed by roles, which define specific permissions. These roles can be assigned in two main ways:

  1. Direct role assignment: A user can be explicitly assigned one or more roles.
  2. Team-based role assignment: A user can inherit roles by being a member of one or more teams. Each team may have its own roles assigned.

Role scoping

Roles can be:

  • Global: Apply to the entire platform and all collections (targets).
  • Scoped: Limited to specific collections (targets). A scoped role only affects permissions on its assigned target(s).

Permission resolution

When determining a user's effective permissions, the platform aggregates all roles from both direct assignments and team memberships. The final permission is computed using a "most permissive wins" model.

Example resolution rules

  • If a user has one role granting Read permission and another granting Full Access, then Full Access applies.
  • If a role is scoped to a specific target, it only applies when the user is accessing that target.
  • Multiple scoped roles may apply to different targets. Each is evaluated independently per target.

Key points

  • A user may have multiple roles, both directly assigned and inherited from one or more teams.
  • Roles are cumulative: permissions from all relevant roles are evaluated together.
  • The highest level of permission from all applicable roles is granted.
  • Scoped roles apply only to their designated targets and are not evaluated outside of that context.

Practical Tips

  • To restrict access, avoid assigning broad roles directly. Instead, rely on scoped roles tied to specific targets.
  • Use teams to group users and manage permissions more efficiently across departments or projects.
  • Regularly audit roles and team memberships to ensure permission creep is avoided.

Top Articles

What is Invicti?

Overview of Scan Policies

Scheduling Scans

Managing Integrations

Built-In Reports

Share This Article