Roles and Permissions
Every member of an organization is assigned one of three roles: Owner, Admin, or Member.
Role overview
Section titled “Role overview”| Action | Member | Admin | Owner |
|---|---|---|---|
| View products, audits, issues, risks | ✓ | ✓ | ✓ |
| Create and update audits, issues, risks | ✓ | ✓ | ✓ |
| Bulk-update issues and risks | ✓ | ✓ | ✓ |
| Pin / unpin products | ✓ | ✓ | ✓ |
| Create and manage saved views (own) | ✓ | ✓ | ✓ |
| Create products and areas | ✓ | ✓ | |
| Archive / unarchive products and areas | ✓ | ✓ | |
| Delete products and areas | ✓ | ✓ | |
| Delete issues and risks (bulk or single) | ✓ | ✓ | |
| Delete audits | ✓ | ✓ | |
| Invite and remove members | ✓ | ✓ | |
| Manage teams | ✓ | ✓ | |
| Manage organization settings (name, slug, logo, conformance) | ✓ | ✓ | |
| Enable / disable optional modules | ✓ | ✓ | |
| Create, edit, delete custom standards | ✓ | ✓ | |
| Upload and remove organization logo | ✓ | ✓ | |
| Delete the organization | ✓ |
- Owners have all admin capabilities plus the ability to delete the organization.
- There must always be at least one owner in an organization. Transferring ownership requires promoting another member to owner first.
- Saved views can only be edited or deleted by the member who created them, regardless of role.
- All members manage their own account settings (profile, preferences, password) regardless of role.