Team Administrator capabilities and assigning the role
In Invicti, you have access to both the built-in Team Administrator role and the option to create custom Team Administrator roles. This document focuses on detailing the functionalities and capabilities of the built-in Team Administrator role.
For information on configuring more restricted roles tailored to your specific needs, refer to the Custom Team Administrator roles with setup examples document.
Built-in Team Administrator role and its capabilities
The Team Administrator Role is a Role-Based Access Control (RBAC) feature that can manage access to Invicti through the assignment of roles to team members. This is useful for customers who want to stop users in one group from seeing vulnerability data in another group under the same account.
As a System Administrator, you can give the Team Administrator role to any of your users. This lets them choose which roles and website groups are given to any team they're part of. Team Administrators can also assign roles and website groups to specific members within their teams.
IMPORTANT: Team Administrators can assign roles to team members only if they already hold those roles themselves. |
Here is a breakdown of what Team Administrators can and cannot do.
Team Administrators can:
- Assign Roles and Website Groups to a Team. These permissions then apply to all its members.
- Assign Roles and Website Groups to specific Team members to grant them additional permissions.
Team Administrators cannot:
- Rename a Team
- Add or remove members from a Team
- Modify direct roles for other Team Administrators
The table below provides an example of how you can exert different levels of control using the Team Administrator role.
User Scope | Roles | Member Of Teams | Website Group |
John Smith | Team Administrator | DevOps WebDevs | Group1 Group2 Group3 Group4 |
Jane Doe | Manage Issues Start Scans | WebDevs | Group1 Group3 |
Jane Doe | Start Scans | DevOps | Group2 Group4 |
Joe Bloggs | Manage Issues Start Scans View Reports | DevOps WebDevs | Group2 Group3 |
Team Scope | Role | Members | Website Group |
DevOps | Manage Issues Account Owner Account Administrator View Reports Start Scans Manage Websites | Group1 Group2 Group3 Group4 | |
WebDevs | Manage Issues View Reports Start Scans Manage Websites | Group1 Group2 Group3 |
How to assign the Team Administrator role
- Log in to Invicti Enterprise as a System Administrator.
- Navigate to Team > Manage Members in the side menu.
- Locate the Member you want to modify and click Edit.
- Scroll down to the Direct Roles section and click +Assign Role.
- In the Role Assignments dialog, select the Team Administrator role in the Limiting Permission Roles section. Specify the Website Groups for which your user will serve as the Team Administrator, then click Assign Role.
IMPORTANT: Without the Team Administrator role for a specific Website Group, you won't have the ability to:
|
- Scroll down to the Teams section and click +Assign Team.
- In the Teams dialog, select the Teams that your Team Administrator will manage, then click Assign to Team.
- Click Save.
The selected member has now been assigned the Team Administrator role.