User and group management

Every Spectra Assure Portal instance is associated with exactly one organization. An organization will typically have one or more groups.

All user accounts created in an organization are listed on the Members page in the Portal and assigned one of the organization roles (Administrator, Member, Security). There is no limit to the number of users per Portal instance.

Additionally, a user can be added to one or more groups and assigned a group role (Owner, Member, Observer) in each group.

To be able to use the Portal, every user has to belong to an organization. The organization may or may not have a default group. While creating a new user account, the organization administrator should add the user to one or more groups.

User and group management with Single Sign-On (SSO)

User and group management processes described on this page apply to Portal instances that use the local login.

For Portal instances using SSO, most of the user management (like assigning users to SSO groups) is done in the administrator dashboard of your identity provider.

Actions like removing users from an organization are handled directly through the Portal, regardless of the used login method.

Members and groups

The Members page on the Portal shows all users within the organization. On this page, organization administrators can invite new members to the organization, remove current members from the organization, and change the group membership and organization role for every member by selecting Actions > Edit Member.

The Members > Groups page on the Portal shows all groups created in the current organization. On this page, organization administrators can create new groups, edit and remove existing groups, and mark a group as the default.

The primary purpose of groups in the Portal is for organizations to be able to configure monthly limits for different teams according to their needs and use-cases. Groups also make it easier to control which organization members can access which projects in the Portal.

info

To see how to invite new members, manage users and groups, and add new users to groups, you can check the Members page.

Roles and permissions

Access to different parts and features of the Portal is controlled by various user roles. There are two types of user roles:

Organization roles - Organization Administrator, Organization Member, Organization Security
Group roles - Group Owner, Maintainer, Group Member, Group Observer

Users with the "Organization Administrator" role have a higher level of control and can manage settings for the whole organization and all groups within it.

The "Organization Security" role is intended for your company security team as it offers only those permissions needed to effectively manage the security of your organization.

By default, users have the "Organization Member" role. Organization administrators can change the organization role for every user on the Members page.

Each user can have only one organization role, but be a member and/or owner of multiple groups. A group can have multiple users with the "Group Owner" role.

Users with group roles can access the projects owned by their respective groups, but cannot change anything on the organization level. When users are added to a group, the "Group Member" role is automatically assigned to them. Organization administrators can change this at any time.

For more granular control within Portal groups, there's also a possibility to choose a "Maintainer" role. It falls somewhere between a "Group Owner" and "Group Member", as users with this role can manage projects but are not allowed to configure policies on any level.

In addition to the user roles mentioned above, there is also a Group Observer role. Users with this read-only role can explore the Portal without any risk of making unwanted changes.

The following sections provide a detailed overview of permissions for each user role in the Portal.

Access management permissions
File management permissions
Portal configuration permissions

Access management permissions

Permission	Organization Administrator	Organization Member	Organization Security	Group Owner	Maintainer	Group Member	Group Observer
Create organization	✖	✖	✖	✖	✖	✖	✖
Create group	✓	✖	✖	✖	✖	✖	✖
Delete group	✓	✖	✖	✖	✖	✖	✖
Add members to organization	✓	✖	✖	✖	✖	✖	✖
Remove members from organization	✓	✖	✖	✖	✖	✖	✖
Edit other member info	✓	✖	✖	✖	✖	✖	✖
Invite members to organization	✓	✖	✖	✖	✖	✖	✖
Trigger password reset	✓	✖	✓	✖	✖	✖	✖
Add organization members to a group	✓	✖	✖	✓	✖	✖	✖
Remove member from a group	✓	✖	✖	✓	✖	✖	✖
Modify member group role	✓	✖	✖	✓	✖	✖	✖
Modify member organization role	✓	✖	✖	✖	✖	✖	✖
Set group as default	✓	✖	✖	✖	✖	✖	✖
View group	✓	✓	✓	✓	✓	✓	✓
View all groups	✓	✓	✓	✓	✓	✓	✖
View all organization members	✓	✓	✓	✓	✓	✓	✓
View group members	✓	✖	✓	✓	✓	✓	✓

File management permissions

File stream

Permission	Organization Administrator	Organization Member	Organization Security	Group Owner	Maintainer	Group Member	Group Observer
Upload file	✓	✖	✖	✓	✓	✓	✖
Renalyze file	✓	✖	✖	✓	✓	✓	✖
Delete file	✓	✖	✖	✓	✓	✓	✖
Edit software info on a file	✓	✖	✓	✓	✓	✓	✖
View all filestream files	✓	✖	✓	✓	✓	✓	✓
Diff two files	✓	✖	✖	✓	✓	✓	✖
Modify file approval status	✓	✖	✓	✓	✖	✖	✖
Download approved file	✓	✓	✓	✓	✓	✓	✓
Export reports (CycloneDX, Sarif, SPDX, RL-CVE, RL-URI) from UI	✓	✖	✓	✓	✓	✓	✓

Projects

Permission	Organization Administrator	Organization Member	Organization Security	Group Owner	Maintainer	Group Member	Group Observer
Create project	✓	✖	✖	✓	✓	✖	✖
Delete project	✓	✖	✖	✓	✓	✖	✖
Create package	✓	✖	✖	✓	✓	✖	✖
Delete package	✓	✖	✖	✓	✓	✖	✖
Upload artifact	✓	✖	✖	✓	✓	✖	✖
Delete artifact	✓	✖	✖	✓	✓	✖	✖
Reanalyze package	✓	✖	✖	✓	✓	✖	✖
Reanalyze artifact	✓	✖	✖	✓	✓	✖	✖
Edit software info for an artifact	✓	✖	✖	✓	✓	✖	✖
Modify artifact approval status	✓	✖	✓	✓	✖	✖	✖
Download approved artifact	✓	✓	✓	✓	✓	✓	✓
View projects	✓	✖	✓	✓	✓	✓	✓
View packages	✓	✖	✓	✓	✓	✓	✓
View artifacts	✓	✖	✓	✓	✓	✓	✓
View list of shared reports	✓	✖	✓	✓	✓	✓	✓
Edit shared reports	✓	✖	✓	✓	✓	✖	✖
Export reports (CycloneDX, Sarif, SPDX, RL-CVE, RL-URI, RL-SAFE) from UI	✓	✖	✓	✓	✓	✓	✓

Portal configuration permissions

Permission	Organization Administrator	Organization Member	Organization Security	Group Owner	Maintainer	Group Member	Group Observer
Configure organization policy profile	✓	✖	✓	✖	✖	✖	✖
View organization policy profile	✓	✖	✓	✓	✓	✓	✓
Configure group policy profile	✓	✖	✓	✓	✖	✖	✖
View group policy profile	✓	✖	✓	✓	✓	✓	✓
Assign monthly processing capacity to organization	✓	✖	✖	✖	✖	✖	✖
Assign promotional capacity to organization	✓	✖	✖	✖	✖	✖	✖
View organization monthly capacity and usage	✓	✓	✓	✓	✓	✓	✓
Add capacity reservation for a group	✓	✖	✖	✖	✖	✖	✖
View monthly usage summary per group	✓	✓	✓	✓	✓	✓	✓
View monthly usage details per group	✓	✖	✓	✓	✓	✓	✓
Setup SSO for organization	✓	✖	✖	✖	✖	✖	✖
Generate personal access token for a user	✖	✖	✖	---	---	---	---
List personal access tokens for a user	✓	✖	✓	---	---	---	---
Revoke user's personal access token	✓	✖	✓	---	---	---	---
Revoke all personal access tokens for a user	✓	✖	✓	---	---	---	---
Revoke all personal access tokens for all users	✓	✖	✓	---	---	---	---

NOTE

The --- symbol indicates that the permission is not applicable to that user role.

Members and groups​

Roles and permissions​

Access management permissions​

File management permissions​

File stream​

Projects​

Portal configuration permissions​